dialog
initDialog
show
Overview
overview
10Static
static
5Raid_Recovery.exe
windows7-x64
7Raid_Recovery.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3Alligator.exe
windows7-x64
5Alligator.exe
windows10-2004-x64
5MIG_29.dll
windows7-x64
3MIG_29.dll
windows10-2004-x64
3PascalStreams.dll
windows7-x64
3PascalStreams.dll
windows10-2004-x64
3StarBurn.dll
windows7-x64
3StarBurn.dll
windows10-2004-x64
3Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3bs_load.dll
windows7-x64
3bs_load.dll
windows10-2004-x64
3bs_wm.dll
windows7-x64
3bs_wm.dll
windows10-2004-x64
3i386/CbFsMntNtf3.dll
windows7-x64
10i386/CbFsMntNtf3.dll
windows10-2004-x64
10i386/CbFsNetRdr3.dll
windows7-x64
3i386/CbFsNetRdr3.dll
windows10-2004-x64
3i386/cbfs3.sys
windows7-x64
1i386/cbfs3.sys
windows10-2004-x64
1ia64/CbFsMntNtf3.dll
windows7-x64
1ia64/CbFsMntNtf3.dll
windows10-2004-x64
1ia64/CbFsNetRdr3.dll
windows7-x64
1ia64/CbFsNetRdr3.dll
windows10-2004-x64
1wow64sup.exe
windows7-x64
1wow64sup.exe
windows10-2004-x64
1Behavioral task
behavioral1
Sample
Raid_Recovery.exe
Resource
win7-20241023-en
windows7-x64
14 signatures
150 seconds
Behavioral task
behavioral2
Sample
Raid_Recovery.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
13 signatures
150 seconds
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20241023-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral5
Sample
Alligator.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral6
Sample
Alligator.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral7
Sample
MIG_29.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral8
Sample
MIG_29.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral9
Sample
PascalStreams.dll
Resource
win7-20241010-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral10
Sample
PascalStreams.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral11
Sample
StarBurn.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral12
Sample
StarBurn.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral13
Sample
Uninstall.exe
Resource
win7-20240903-en
windows7-x64
12 signatures
150 seconds
Behavioral task
behavioral14
Sample
Uninstall.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
15 signatures
150 seconds
Behavioral task
behavioral15
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral16
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral17
Sample
bs_load.dll
Resource
win7-20240729-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral18
Sample
bs_load.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral19
Sample
bs_wm.dll
Resource
win7-20240903-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral20
Sample
bs_wm.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
i386/CbFsMntNtf3.dll
Resource
win7-20240708-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral22
Sample
i386/CbFsMntNtf3.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral23
Sample
i386/CbFsNetRdr3.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral24
Sample
i386/CbFsNetRdr3.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral25
Sample
i386/cbfs3.sys
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral26
Sample
i386/cbfs3.sys
Resource
win10v2004-20241007-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral27
Sample
ia64/CbFsMntNtf3.dll
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral28
Sample
ia64/CbFsMntNtf3.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral29
Sample
ia64/CbFsNetRdr3.dll
Resource
win7-20240729-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral30
Sample
ia64/CbFsNetRdr3.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral31
Sample
wow64sup.exe
Resource
win7-20240903-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral32
Sample
wow64sup.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
Raid_Recovery.exe
-
Size
7.6MB
-
MD5
2535e906ec2e36ef9fb2c94ce851ca8d
-
SHA1
31518d602483f06560010effaa12e99f6610d726
-
SHA256
ae0ba7ecf43d1ee0a4cb8784d3730d56b773b95e7518bd9842d8defed69e83e8
-
SHA512
cf86f3a70a377eee31e8fbab4b2b71cd96e71f81ea04c7475f92ad8d9022b283f7e21eb61c17f52b6c28b4cdafee8f1c914cc3a43063aab6cbcf64f1c55a3dc1
-
SSDEEP
196608:9nrp/d1H8ERh5xMYkegR8M4r2lFQKekvuGrilmtAonBdrLLEAq:rPzd+5v+M6mtuG/dx/2
Score
5/10
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Alligator.k52 upx -
Unsigned PE 11 IoCs
Checks for missing Authenticode signature.
resource Raid_Recovery.exe unpack001/$PLUGINSDIR/InstallOptions.dll unpack001/Alligator.k52 unpack001/MIG_29.dll unpack001/PascalStreams.dll unpack001/StarBurn.dll unpack001/Uninstall.exe unpack003/$PLUGINSDIR/InstallOptions.dll unpack001/bs_load.di unpack001/bs_wm.di unpack001/raid_recovery.exe -
NSIS installer 4 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2 static1/unpack001/Uninstall.exe nsis_installer_1 static1/unpack001/Uninstall.exe nsis_installer_2
Files
-
Raid_Recovery.exe.exe windows:4 windows x86 arch:x86
7fa974366048f9c551ef45714595665e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
b1cd0d78f652ce5fc63f0879371af012
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
user32
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
gdi32
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
shell32
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/modern-wizard.bmp
-
Alligator.k52.exe windows:5 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
UPX0 Size: - Virtual size: 5.4MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 2.2MB - Virtual size: 2.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 38KB - Virtual size: 40KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
IO.VXD
-
License.txt
-
MIG_29.dll.dll windows:4 windows x86 arch:x86
745b7fc2acd48c5d0673b81423c0ae43
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GetTickCount
SetEnvironmentVariableA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetLastError
GetFileType
WriteFile
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
GetTimeZoneInformation
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
MultiByteToWideChar
VirtualProtect
GetSystemInfo
VirtualQuery
RtlUnwind
InterlockedExchange
SetFilePointer
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetCPInfo
GetLocaleInfoA
GetACP
GetOEMCP
RaiseException
LoadLibraryA
FlushFileBuffers
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
HeapSize
CloseHandle
CompareStringA
CompareStringW
SetEnvironmentVariableW
ws2_32
htonl
htons
ntohs
ntohl
Exports
Exports
Decode
Init
Sections
.text Size: 204KB - Virtual size: 202KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 52KB - Virtual size: 48KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 315KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 728B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 20KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PascalStreams.dll.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Exports
Exports
PascalStreamFree
PascalStreamGetSize
PascalStreamRead
PascalStreamSeekToBegin
Sections
CODE Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 2KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 176B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
StarBurn.dll.dll windows:6 windows x86 arch:x86
0ae4bcf48ec5f9a4b3d594e1baace18b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\starburn\Bin\Dynamic\Debug\i386\StarBurn.pdb
Imports
msvcrt
??1type_info@@UAE@XZ
_adjust_fdiv
_amsg_exit
_initterm
_XcptFilter
__CxxFrameHandler
_strnicmp
fwrite
fread
ferror
feof
_iob
vfprintf
_strerror
fseek
ftell
_stricmp
calloc
_wcsicmp
_purecall
printf
ctime
swprintf
memcpy
free
malloc
srand
rand
time
localtime
toupper
_splitpath
_CxxThrowException
_snprintf
wcsncpy
??2@YAPAXI@Z
sprintf
memmove
fopen
fprintf
fflush
fclose
strncmp
strncpy
_strupr
strstr
_errno
wcsstr
??3@YAXPAX@Z
memset
vsprintf
kernel32
IsBadWritePtr
IsBadReadPtr
InterlockedDecrement
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetFileAttributesA
CreateThread
VirtualAlloc
GetTickCount
FlushFileBuffers
InterlockedIncrement
VirtualFree
ResetEvent
WaitForSingleObject
CreateEventA
FindFirstFileA
FindClose
FindNextFileA
GetCurrentProcess
DuplicateHandle
SetEvent
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetProcAddress
GetLogicalDrives
DeviceIoControl
QueryDosDeviceA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeZoneInformation
DeleteFileA
WriteFile
GetModuleHandleA
GetModuleFileNameA
GetFullPathNameA
ReadFile
SetFilePointer
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
WideCharToMultiByte
FreeLibrary
Sleep
GetVersionExA
CreateFileA
GetLastError
GetFileSize
CloseHandle
OutputDebugStringA
IsBadCodePtr
advapi32
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
user32
GetUserObjectInformationA
MessageBoxA
GetProcessWindowStation
ole32
CoUninitialize
CoInitialize
Exports
Exports
A0DB34FC6FE35D429A28ADDE5467D4D7
StarBurn_CdvdBurnerGrabber_AuthorizeDVD
StarBurn_CdvdBurnerGrabber_Blank
StarBurn_CdvdBurnerGrabber_Cancel
StarBurn_CdvdBurnerGrabber_CloseSession
StarBurn_CdvdBurnerGrabber_Create
StarBurn_CdvdBurnerGrabber_CreateEx
StarBurn_CdvdBurnerGrabber_CreateExEx
StarBurn_CdvdBurnerGrabber_DisableHardwareErrorCorrection
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOncePQFromTree
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromFile
StarBurn_CdvdBurnerGrabber_DiscAtOnceRawPWFromTree
StarBurn_CdvdBurnerGrabber_DiscBasicInformation_Create
StarBurn_CdvdBurnerGrabber_DiscBasicInformation_Destroy
StarBurn_CdvdBurnerGrabber_Eject
StarBurn_CdvdBurnerGrabber_ExecuteGeneric
StarBurn_CdvdBurnerGrabber_GetAdvancedSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetBUP
StarBurn_CdvdBurnerGrabber_GetDVDProtectionSystem
StarBurn_CdvdBurnerGrabber_GetDVDRegionMask
StarBurn_CdvdBurnerGrabber_GetDeviceInformation
StarBurn_CdvdBurnerGrabber_GetDiscFileSystem
StarBurn_CdvdBurnerGrabber_GetDiscFreeSpace
StarBurn_CdvdBurnerGrabber_GetDiscInformation
StarBurn_CdvdBurnerGrabber_GetDiscUsedSpace
StarBurn_CdvdBurnerGrabber_GetInsertedDiscType
StarBurn_CdvdBurnerGrabber_GetLastTrack
StarBurn_CdvdBurnerGrabber_GetMechanicalOptions
StarBurn_CdvdBurnerGrabber_GetMediaTrayStatus
StarBurn_CdvdBurnerGrabber_GetNumberOfSystemDescriptors
StarBurn_CdvdBurnerGrabber_GetRPC
StarBurn_CdvdBurnerGrabber_GetSpeeds
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormats
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsEx
StarBurn_CdvdBurnerGrabber_GetSupportedMediaFormatsExEx
StarBurn_CdvdBurnerGrabber_GetTOCInformation
StarBurn_CdvdBurnerGrabber_GetTrackInformation
StarBurn_CdvdBurnerGrabber_GrabCD
StarBurn_CdvdBurnerGrabber_GrabDVD
StarBurn_CdvdBurnerGrabber_GrabRange
StarBurn_CdvdBurnerGrabber_GrabTrack
StarBurn_CdvdBurnerGrabber_IsDiscBlank
StarBurn_CdvdBurnerGrabber_Load
StarBurn_CdvdBurnerGrabber_LoadEx
StarBurn_CdvdBurnerGrabber_Lock
StarBurn_CdvdBurnerGrabber_MSFToLBA
StarBurn_CdvdBurnerGrabber_ProbeSupportedReadModes
StarBurn_CdvdBurnerGrabber_ProbeSupportedWriteModes
StarBurn_CdvdBurnerGrabber_Read
StarBurn_CdvdBurnerGrabber_Read10
StarBurn_CdvdBurnerGrabber_ReadATIP
StarBurn_CdvdBurnerGrabber_ReadCD
StarBurn_CdvdBurnerGrabber_ReadCooked
StarBurn_CdvdBurnerGrabber_ReadEx
StarBurn_CdvdBurnerGrabber_ReadLB
StarBurn_CdvdBurnerGrabber_ReadRaw
StarBurn_CdvdBurnerGrabber_Release
StarBurn_CdvdBurnerGrabber_RestoreReadErrorRecovery
StarBurn_CdvdBurnerGrabber_SendOPC
StarBurn_CdvdBurnerGrabber_SessionAtOnce
StarBurn_CdvdBurnerGrabber_SessionAtOnceRawRawPW
StarBurn_CdvdBurnerGrabber_SessionAtOnceRawRawPWEx
StarBurn_CdvdBurnerGrabber_SetBUP
StarBurn_CdvdBurnerGrabber_SetCDTextItem
StarBurn_CdvdBurnerGrabber_SetReadSpeed
StarBurn_CdvdBurnerGrabber_SetSpeeds
StarBurn_CdvdBurnerGrabber_StopPlayScan
StarBurn_CdvdBurnerGrabber_SuperVideoCD
StarBurn_CdvdBurnerGrabber_SuperVideoCDEx
StarBurn_CdvdBurnerGrabber_SuperVideoCDExEx
StarBurn_CdvdBurnerGrabber_TestUnitReady
StarBurn_CdvdBurnerGrabber_TestUnitReadyEx
StarBurn_CdvdBurnerGrabber_TestUnitReadyExEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromFile
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromMemory
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromPipe
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromPipeEx
StarBurn_CdvdBurnerGrabber_TrackAtOnceFromTree
StarBurn_CdvdBurnerGrabber_VerifyFile
StarBurn_CdvdBurnerGrabber_VerifyTree
StarBurn_CdvdBurnerGrabber_VerifyTreeEx
StarBurn_CdvdBurnerGrabber_VideoCD
StarBurn_CdvdBurnerGrabber_VideoCDEx
StarBurn_CdvdBurnerGrabber_VideoCDExEx
StarBurn_CorrectISO9660Name_Default
StarBurn_CorrectJolietName_Default
StarBurn_DVDVideo_Create
StarBurn_DVDVideo_Destroy
StarBurn_DVDVideo_GetSizeInUCHARs
StarBurn_DVDVideo_GetTreePointer
StarBurn_DVDVideo_Read
StarBurn_DVDVideo_SeekToBegin
StarBurn_Destroy
StarBurn_DownShut
StarBurn_ExpandCookedWithRawRawPW
StarBurn_ExpandRawPQWithRawRawPW
StarBurn_ExpandRawWithRawRawPW
StarBurn_FindDevice
StarBurn_GetAudioFileStreamSizeInUCHARs
StarBurn_GetBufferUnderrunTimeOutInMs
StarBurn_GetDVDPLUSRDLCompatibleMode
StarBurn_GetDVDPadding
StarBurn_GetDeviceLetter
StarBurn_GetDeviceNameByDeviceAddress
StarBurn_GetDeviceTimeOutByDeviceAddress
StarBurn_GetEjectAfterFail
StarBurn_GetFastReadTOC
StarBurn_GetFastReadTOCLastTrack
StarBurn_GetId
StarBurn_GetIsCollisionDetectionDisabled
StarBurn_GetIsSafeGrabbingEnabled
StarBurn_GetVersion
StarBurn_GetVolumeIDs
StarBurn_ISO9660JolietFileTree_Add
StarBurn_ISO9660JolietFileTree_AddEx
StarBurn_ISO9660JolietFileTree_AddMemory
StarBurn_ISO9660JolietFileTree_AddPascalStream
StarBurn_ISO9660JolietFileTree_AddW
StarBurn_ISO9660JolietFileTree_BuildImage
StarBurn_ISO9660JolietFileTree_BuildImageEx
StarBurn_ISO9660JolietFileTree_Cancel
StarBurn_ISO9660JolietFileTree_Create
StarBurn_ISO9660JolietFileTree_GetAttributes
StarBurn_ISO9660JolietFileTree_GetFileSizeInUCHARs
StarBurn_ISO9660JolietFileTree_GetFirstKid
StarBurn_ISO9660JolietFileTree_GetFullPath
StarBurn_ISO9660JolietFileTree_GetLevel
StarBurn_ISO9660JolietFileTree_GetNames
StarBurn_ISO9660JolietFileTree_GetNamesEx
StarBurn_ISO9660JolietFileTree_GetNamesW
StarBurn_ISO9660JolietFileTree_GetNextKid
StarBurn_ISO9660JolietFileTree_GetNodeISO9660DateTime
StarBurn_ISO9660JolietFileTree_GetNodePowerInUCHARs
StarBurn_ISO9660JolietFileTree_GetNodeStartingLBA
StarBurn_ISO9660JolietFileTree_GetNodeSystemTime
StarBurn_ISO9660JolietFileTree_GetParent
StarBurn_ISO9660JolietFileTree_GetRoot
StarBurn_ISO9660JolietFileTree_GetSizeInUCHARs
StarBurn_ISO9660JolietFileTree_ImportFile
StarBurn_ISO9660JolietFileTree_ImportTrack
StarBurn_ISO9660JolietFileTree_Read
StarBurn_ISO9660JolietFileTree_Remove
StarBurn_ISO9660JolietFileTree_SeekToBegin
StarBurn_ISO9660JolietFileTree_SetAttributes
StarBurn_ISO9660JolietFileTree_SetBootImage
StarBurn_ISO9660JolietFileTree_SetBootImageEx
StarBurn_ISO9660JolietFileTree_SetCallbackContext
StarBurn_ISO9660JolietFileTree_SetNames
StarBurn_IsAudioFileSupported
StarBurn_Memory_Allocate
StarBurn_Memory_Free
StarBurn_MutilateExceptionNumber
StarBurn_SetBufferUnderrunTimeOutInMs
StarBurn_SetDVDPLUSRDLCompatibleMode
StarBurn_SetDVDPadding
StarBurn_SetDeviceTimeOutByDeviceAddress
StarBurn_SetEjectAfterFail
StarBurn_SetFastReadTOC
StarBurn_SetFastReadTOCLastTrack
StarBurn_SetIsCollisionDetectionDisabled
StarBurn_SetIsSafeGrabbingEnabled
StarBurn_StarPort_DeviceAddLocal
StarBurn_StarPort_DeviceAddRemote
StarBurn_StarPort_DeviceListQueryLocal
StarBurn_StarPort_DeviceListQueryRemote
StarBurn_StarPort_DeviceRemove
StarBurn_StarPort_GetDeviceInformation
StarBurn_StarPort_GetDeviceLetter
StarBurn_StarPort_GetDeviceSCSIAddress
StarBurn_StarPort_GetVersion
StarBurn_StarWave2_EncodeMP3OGGFromWAV
StarBurn_StarWave_CompressedFileReaderObjectBeginSeek
StarBurn_StarWave_CompressedFileReaderObjectCreate
StarBurn_StarWave_CompressedFileReaderObjectDestroy
StarBurn_StarWave_CompressedFileReaderObjectRead
StarBurn_StarWave_CompressedFileReaderObjectUncompressedSizeGet
StarBurn_StarWave_CompressedFileRecompress
StarBurn_StarWave_CompressedFileSupportedIs
StarBurn_StarWave_CompressedFileUncompress
StarBurn_StarWave_CompressedFileWriterObjectCreate
StarBurn_StarWave_CompressedFileWriterObjectDestroy
StarBurn_StarWave_CompressedFileWriterObjectWrite
StarBurn_StarWave_UncompressedFileCompress
StarBurn_StarWave_UncompressedFileSupportedIs
StarBurn_StarWave_VersionGet
StarBurn_UDF_Add
StarBurn_UDF_CleanUp
StarBurn_UDF_Create
StarBurn_UDF_CreateEx
StarBurn_UDF_Destroy
StarBurn_UDF_DestroyNodeAndKids
StarBurn_UDF_FormatTreeItemAsDirectory
StarBurn_UDF_FormatTreeItemAsFile
StarBurn_UDF_GetFirstChild
StarBurn_UDF_GetNextSibling
StarBurn_UDF_GetNodeObject
StarBurn_UDF_GetParent
StarBurn_UpStart
StarBurn_UpStartEx
Sections
.text Size: 596KB - Virtual size: 595KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Uninstall.exe.exe windows:4 windows x86 arch:x86
7fa974366048f9c551ef45714595665e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/InstallOptions.dll.dll windows:4 windows x86 arch:x86
b1cd0d78f652ce5fc63f0879371af012
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc
user32
MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect
gdi32
SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject
shell32
SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA
comdlg32
GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError
ole32
CoTaskMemFree
Exports
Exports
dialog
initDialog
show
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 512B - Virtual size: 152B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PLUGINSDIR/ioSpecial.ini
-
$PLUGINSDIR/modern-wizard.bmp
-
bs_load.di.dll regsvr32 windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
CODE Size: 400KB - Virtual size: 399KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 3KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 163B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 20KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
bs_wm.di.dll regsvr32 windows:4 windows x86 arch:x86
f509ef338c2c3db8e554df0615b43244
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\Source\GDCL\Tools\WMFDemux\Release\WMFDemux.pdb
Imports
wmvcore
WMCreateReader
msvcr71
??3@YAXPAX@Z
??2@YAPAXI@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??_V@YAXPAX@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??_U@YAPAXI@Z
_purecall
__security_error_handler
_except_handler3
??1type_info@@UAE@XZ
free
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
malloc
kernel32
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
DisableThreadLibraryCalls
GetModuleFileNameA
lstrlenA
GetVersionExA
GetTickCount
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
ResetEvent
InterlockedDecrement
InterlockedIncrement
CloseHandle
CreateEventA
GetCurrentThreadId
CreateThread
ReleaseSemaphore
CreateSemaphoreA
FreeLibrary
SetThreadPriority
user32
wsprintfA
advapi32
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyA
ole32
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
msvcp71
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 692B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 888B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cbfs.cab.cab
-
cbfs.cat
-
cbfs.inf
-
i386/CbFsMntNtf3.dll.dll regsvr32 windows:4 windows x86 arch:x86
81e956fc0bc56bb67feaa1ccca64ec14
Code Sign
47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before10-05-2010 00:00Not After10-05-2015 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
e9:23:ae:e6:80:0b:cb:df:f2:a3:7f:ee:ed:01:96:b6Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before19-06-2008 00:00Not After19-06-2011 23:59SubjectCN=EldoS Corporation,O=EldoS Corporation,POSTALCODE=00000,STREET=Wickhams Cay 1+STREET=Akara Bldg.\, 24\, De Castro Street,L=Road Town,ST=Torola,C=VGExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
1d:1f:a7:d2:0e:5a:38:6d:ed:2c:7b:c9:4d:57:98:1a:26:39:d9:c4Signer
Actual PE Digest1d:1f:a7:d2:0e:5a:38:6d:ed:2c:7b:c9:4d:57:98:1a:26:39:d9:c4Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\Projects\CallbackFS\umode\MntNtf\Release\CbFsMntNtf3.pdb
Imports
kernel32
GetCurrentProcess
CreateMailslotW
GetOverlappedResult
WaitForMultipleObjects
ResetEvent
CreateEventW
DisableThreadLibraryCalls
Sleep
GetCurrentThread
CopyFileW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
SetEvent
GetVersionExW
DeviceIoControl
GetCurrentThreadId
InterlockedExchange
CreateThread
TlsAlloc
VirtualFree
TlsSetValue
TlsGetValue
VirtualAlloc
GetThreadLocale
SetThreadLocale
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
GetSystemDirectoryW
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
GetSystemWow64DirectoryW
WaitForSingleObject
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
DeleteFileW
CreateFileW
GetTempPathW
GetTempFileNameW
ReadFile
WriteFile
CloseHandle
GetSystemWindowsDirectoryW
SetLastError
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenW
SizeofResource
FindResourceExW
FindResourceW
LoadResource
LockResource
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
TlsFree
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
GetCommandLineA
ExitThread
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetLocaleInfoA
GetACP
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetVersionExA
HeapDestroy
user32
CharNextW
UnregisterClassA
advapi32
LsaNtStatusToWinError
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumValueW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
shell32
ord192
SHGetIconOverlayIndexW
ole32
StringFromCLSID
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
oleaut32
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
shlwapi
StrStrIW
SHDeleteKeyW
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
wtsapi32
WTSWaitSystemEvent
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
InstallIcon
ResetIcon
SetIcon
UninstallIcon
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
i386/CbFsNetRdr3.dll.dll windows:4 windows x86 arch:x86
e4f4593c3b33ed7405da60cf6bdf50af
Code Sign
47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before10-05-2010 00:00Not After10-05-2015 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
e9:23:ae:e6:80:0b:cb:df:f2:a3:7f:ee:ed:01:96:b6Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before19-06-2008 00:00Not After19-06-2011 23:59SubjectCN=EldoS Corporation,O=EldoS Corporation,POSTALCODE=00000,STREET=Wickhams Cay 1+STREET=Akara Bldg.\, 24\, De Castro Street,L=Road Town,ST=Torola,C=VGExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
15:e3:7c:2c:95:09:a8:4a:b6:14:81:5c:10:36:d4:0d:74:90:e0:18Signer
Actual PE Digest15:e3:7c:2c:95:09:a8:4a:b6:14:81:5c:10:36:d4:0d:74:90:e0:18Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
c:\Projects\CallbackFS\umode\NetRdr\Release\VSNetRdr.pdb
Imports
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetVersionExW
InitializeCriticalSection
InterlockedExchange
WaitForMultipleObjects
DeleteFileW
EnterCriticalSection
SetEvent
DeviceIoControl
GetLogicalDrives
LocalFree
CreateThread
CreateEventW
GetComputerNameW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
CopyFileW
GetCurrentThread
lstrlenW
lstrcpyW
lstrcatW
Sleep
GetCurrentProcess
GetModuleFileNameW
FindFirstFileW
CreateFileW
WriteFile
MultiByteToWideChar
CreateMailslotW
WaitForSingleObject
ReadFile
GetExitCodeProcess
CloseHandle
GetModuleHandleW
CreateDirectoryW
GetTempPathW
GetWindowsDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetFullPathNameW
GetLastError
SetLastError
GetSystemDirectoryW
CreateFileA
CompareStringA
CompareStringW
LeaveCriticalSection
SetEnvironmentVariableA
GetTimeZoneInformation
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
HeapAlloc
WriteConsoleW
GetFileType
GetStdHandle
HeapFree
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
GetModuleFileNameA
SetConsoleCtrlHandler
WideCharToMultiByte
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
SetFilePointer
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LsaNtStatusToWinError
CreateServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupPrivilegeNameW
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenThreadToken
OpenProcessToken
QueryServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
DeleteService
CloseServiceHandle
RegEnumValueW
RegDeleteValueW
RegOpenKeyW
RegDeleteKeyA
RegQueryInfoKeyW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
SetEntriesInAclW
shell32
SHFileOperationW
ole32
StringFromGUID2
setupapi
SetupDiGetINFClassW
SetupIterateCabinetW
SetupCopyOEMInfW
SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupGetIntField
SetupDiGetActualSectionToInstallW
SetupOpenInfFileW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextLine
SetupCloseInfFile
SetupDiSetDeviceRegistryPropertyW
netapi32
NetShareAdd
NetShareDel
Exports
Exports
DllInstall
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetConnectionPerformance
NPGetDirectoryType
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPOpenEnum
Sections
.text Size: 164KB - Virtual size: 162KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 8KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
i386/cbfs3.sys.sys windows:6 windows x86 arch:x86
0b175337397a6367f17f4e32b4133244
Code Sign
01:00:00:00:00:01:26:1d:ec:28:f7Certificate
IssuerCN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BENot Before11-01-2010 14:19Not After11-01-2013 14:19SubjectCN=EldoS Corporation,O=EldoS Corporation,C=VG,1.2.840.113549.1.9.1=#0c0e696e666f40656c646f732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:00:00:00:00:01:23:9e:0f:ac:b3Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before28-01-1999 13:00Not After27-01-2017 12:00SubjectCN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:20:19:c1:90:66Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before18-03-2009 11:00Not After28-01-2028 12:00SubjectCN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
01:00:00:00:00:01:25:b0:b4:cc:01Certificate
IssuerCN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSignNot Before21-12-2009 09:32Not After22-12-2020 09:32SubjectCN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
04:00:00:00:00:01:23:9e:0f:af:24Certificate
IssuerCN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BENot Before22-01-2004 10:00Not After27-01-2017 10:00SubjectCN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:00Not After23-05-2016 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
58:b7:50:04:66:09:47:a8:22:7b:38:e4:1b:0c:7b:b9:62:35:ee:07Signer
Actual PE Digest58:b7:50:04:66:09:47:a8:22:7b:38:e4:1b:0c:7b:b9:62:35:ee:07Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\projects\callbackfs\bin\wxp\fre\i386\cbfs3.pdb
Imports
ntoskrnl.exe
ZwClose
KeDelayExecutionThread
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
memset
ExFreePoolWithTag
PsGetCurrentProcessId
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
IoQueueWorkItem
ObfReferenceObject
IoAllocateWorkItem
IoFreeIrp
KeWaitForSingleObject
IoGetCurrentProcess
_alldiv
ZwQueryValueKey
RtlInitUnicodeString
ZwOpenKey
MmGetSystemRoutineAddress
ExDeletePagedLookasideList
ExDeleteNPagedLookasideList
ExDeleteResourceLite
IoDeleteDevice
IoDeleteSymbolicLink
IoRegisterFileSystem
IoCreateSymbolicLink
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
ExInitializeResourceLite
KeBugCheck
MmQuerySystemSize
KeInitializeTimer
KeInitializeDpc
IoCreateDevice
PsGetVersion
IoUnregisterFileSystem
KeSetTimer
KeCancelTimer
IofCompleteRequest
KeBugCheckEx
FsRtlIsNtstatusExpected
KeSetEvent
FsRtlNotifyFullReportChange
IoRaiseInformationalHardError
IoIsSystemThread
FsRtlIsTotalDeviceFailure
IoRaiseHardError
IoSetDeviceToVerify
IoGetDeviceToVerify
IoGetTopLevelIrp
IoSetTopLevelIrp
IoFreeMdl
MmProbeAndLockPages
ExRaiseStatus
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ExAcquireResourceSharedLite
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ExFreeToPagedLookasideList
ExAllocateFromPagedLookasideList
CcSetFileSizes
memcpy
FsRtlTeardownPerStreamContexts
FsRtlUninitializeFileLock
FsRtlUninitializeOplock
FsRtlInitializeOplock
FsRtlInitializeFileLock
RtlCompareUnicodeString
ExQueueWorkItem
PsGetProcessId
FsRtlNotifyInitializeSync
IoCreateStreamFileObject
FsRtlNotifyUninitializeSync
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
FsRtlNormalizeNtstatus
IoSetHardErrorOrVerifyDevice
IoVerifyVolume
IoFreeWorkItem
ExfInterlockedAddUlong
ExGetExclusiveWaiterCount
ExGetSharedWaiterCount
SeSinglePrivilegeCheck
KeQuerySystemTime
IoRemoveShareAccess
IoSetShareAccess
IoCheckShareAccess
CcIsThereDirtyData
CcPurgeCacheSection
MmCanFileBeTruncated
IoUpdateShareAccess
CcFlushCache
MmFlushImageSection
FsRtlCheckOplock
FsRtlCurrentBatchOplock
FsRtlDoesNameContainWildCards
memmove
FsRtlNotifyVolumeEvent
CcUninitializeCacheMap
MmForceSectionClosed
ExReleaseResourceForThreadLite
FsRtlFastUnlockAll
IoGetRequestorProcess
FsRtlNotifyFullChangeDirectory
FsRtlNotifyCleanup
MmUnlockPages
CcWaitForCurrentLazyWriterActivity
ObReferenceObjectByHandle
IoFileObjectType
RtlCompareMemory
IofCallDriver
IoBuildAsynchronousFsdRequest
FsRtlOplockFsctrl
ExIsResourceAcquiredExclusiveLite
IoIsOperationSynchronous
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
RtlDelete
RtlSplay
ExLocalTimeToSystemTime
RtlCopyUnicodeString
CcInitializeCacheMap
ExIsResourceAcquiredSharedLite
FsRtlAreNamesEqual
CcMdlReadComplete
CcMdlWriteComplete
IoGetStackLimits
CcMdlRead
CcCopyRead
CcSetReadAheadGranularity
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
RtlAppendUnicodeStringToString
ObQueryNameString
CcPrepareMdlWrite
CcCopyWrite
ExConvertExclusiveToSharedLite
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
CcDeferWrite
CcCanIWrite
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
FsRtlCopyRead
FsRtlCopyWrite
FsRtlPrivateLock
FsRtlFastUnlockSingle
FsRtlFastUnlockAllByKey
FsRtlProcessFileLock
IoBuildSynchronousFsdRequest
RtlLengthSecurityDescriptor
RtlValidRelativeSecurityDescriptor
MmSystemRangeStart
IoAttachDeviceToDeviceStack
IoDetachDevice
PsGetCurrentThreadId
IoRegisterFsRegistrationChange
KeTickCount
ObfDereferenceObject
ExAllocatePoolWithTag
swprintf
KeGetCurrentThread
FsRtlOplockIsFastIoPossible
KeInitializeEvent
RtlUnwind
_vsnwprintf
DbgPrint
IoGetDeviceObjectPointer
ZwSetValueKey
ZwDeleteValueKey
ZwEnumerateValueKey
RtlInsertElementGenericTable
PsLookupProcessByProcessId
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlNumberGenericTableElements
ZwOpenFile
RtlLookupElementGenericTable
ZwQueryInformationProcess
ObOpenObjectByPointer
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
RtlAppendUnicodeToString
FsRtlDissectName
KeUnstackDetachProcess
KeStackAttachProcess
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
RtlInitializeGenericTable
FsRtlRegisterUncProvider
FsRtlDeregisterUncProvider
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
IoAllocateIrp
SeReleaseSubjectContext
SeQueryAuthenticationIdToken
SeCaptureSubjectContext
RtlSetBits
RtlClearAllBits
RtlInitializeBitMap
PoSetPowerState
KeClearEvent
PoCallDriver
PoStartNextPowerIrp
RtlFindClearBitsAndSet
RtlClearBit
IoInvalidateDeviceRelations
ZwCreateKey
IoOpenDeviceRegistryKey
_allmul
_aullshr
FsRtlLegalAnsiCharacterArray
ExEventObjectType
IoThreadToProcess
IoGetRelatedDeviceObject
PsTerminateSystemThread
PsCreateSystemThread
ZwCreateEvent
ZwOpenDirectoryObject
ZwWriteFile
ZwFsControlFile
ProbeForRead
ZwMapViewOfSection
ZwCreateSection
ZwUnmapViewOfSection
_snwprintf
KeWaitForMultipleObjects
KeReleaseSemaphore
KeResetEvent
KeInitializeSemaphore
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
hal
KfReleaseSpinLock
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 56KB - Virtual size: 56KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 136KB - Virtual size: 136KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ia64/CbFsMntNtf3.dll
-
ia64/CbFsNetRdr3.dll
-
ia64/cbfs3.sys
-
wow64sup.exe.exe windows:4 windows x64 arch:x64
7beb311aefe371b6335019ed82b993b1
Code Sign
47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before10-05-2010 00:00Not After10-05-2015 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
e9:23:ae:e6:80:0b:cb:df:f2:a3:7f:ee:ed:01:96:b6Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before19-06-2008 00:00Not After19-06-2011 23:59SubjectCN=EldoS Corporation,O=EldoS Corporation,POSTALCODE=00000,STREET=Wickhams Cay 1+STREET=Akara Bldg.\, 24\, De Castro Street,L=Road Town,ST=Torola,C=VGExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
c6:2f:23:c6:4d:6d:df:8e:67:2d:30:07:e7:6b:f8:f2:70:16:9b:e3Signer
Actual PE Digestc6:2f:23:c6:4d:6d:df:8e:67:2d:30:07:e7:6b:f8:f2:70:16:9b:e3Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\Projects\CallbackFS\umode\wow64sup\x64\Release\wow64sup.pdb
Imports
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
kernel32
GetSystemDirectoryW
LoadLibraryW
GetFullPathNameW
FindFirstFileW
FreeLibrary
MoveFileExW
GetCurrentProcess
lstrcatW
lstrcpyW
SetFileAttributesW
CopyFileW
GetVersionExW
GetFileAttributesW
GetProcAddress
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleHandleW
CreateMailslotW
MultiByteToWideChar
GetWindowsDirectoryW
GetCurrentThreadId
GetExitCodeProcess
Sleep
CreatePipe
WriteFile
DeviceIoControl
GetCurrentThread
WaitForSingleObject
SetHandleInformation
CreateDirectoryW
SetLastError
GetLastError
CreateProcessW
GetTempPathW
DeleteFileW
GetTempFileNameW
CloseHandle
CreateFileW
ReadFile
lstrlenW
HeapReAlloc
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
WideCharToMultiByte
LCMapStringA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
HeapSetInformation
HeapCreate
GetModuleHandleA
ExitProcess
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsSetValue
TlsFree
FlsFree
FlsAlloc
RtlUnwindEx
GetModuleFileNameW
FreeEnvironmentStringsA
advapi32
CreateServiceW
QueryServiceConfigW
EqualSid
GetTokenInformation
ControlService
OpenServiceW
FreeSid
OpenSCManagerW
OpenThreadToken
DeleteService
OpenProcessToken
AllocateAndInitializeSid
CloseServiceHandle
QueryServiceStatus
StartServiceW
RegCreateKeyExA
RegDeleteKeyW
RegOpenKeyExW
RegDeleteKeyA
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExA
shell32
SHFileOperationW
setupapi
SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupFindFirstLineW
SetupDiGetActualSectionToInstallW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupIterateCabinetW
SetupCopyOEMInfW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetINFClassW
SetupGetStringFieldW
SetupCloseInfFile
SetupDiCreateDeviceInfoW
SetupGetSourceFileLocationW
SetupGetSourceInfoW
SetupFindNextLine
SetupDiCreateDeviceInfoList
SetupGetIntField
SetupDiCallClassInstaller
SetupOpenInfFileW
SetupDiGetDeviceInstallParamsW
Sections
.text Size: 60KB - Virtual size: 60KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 17KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 492B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
x64/CbFsMntNtf3.dll.dll regsvr32 windows:4 windows x64 arch:x64
9ba5aa9967622fd24e7759fe44eae8c8
Code Sign
47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before10-05-2010 00:00Not After10-05-2015 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
e9:23:ae:e6:80:0b:cb:df:f2:a3:7f:ee:ed:01:96:b6Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before19-06-2008 00:00Not After19-06-2011 23:59SubjectCN=EldoS Corporation,O=EldoS Corporation,POSTALCODE=00000,STREET=Wickhams Cay 1+STREET=Akara Bldg.\, 24\, De Castro Street,L=Road Town,ST=Torola,C=VGExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
a5:37:2b:2d:25:26:33:fe:27:74:fd:60:e5:72:63:6c:fe:73:6b:d3Signer
Actual PE Digesta5:37:2b:2d:25:26:33:fe:27:74:fd:60:e5:72:63:6c:fe:73:6b:d3Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
CreateMailslotW
GetOverlappedResult
WaitForMultipleObjects
ResetEvent
CreateEventW
DisableThreadLibraryCalls
Sleep
GetCurrentThread
CopyFileW
SetFileAttributesW
GetFileAttributesW
MoveFileExW
GetCurrentProcess
GetVersionExW
DeviceIoControl
GetCurrentThreadId
CreateThread
TlsSetValue
SetEvent
GetThreadLocale
SetThreadLocale
GetModuleHandleW
LoadLibraryExW
MultiByteToWideChar
GetSystemDirectoryW
GetModuleFileNameW
GetSystemWow64DirectoryW
WaitForSingleObject
lstrcmpiW
DeleteCriticalSection
InitializeCriticalSection
__C_specific_handler
LeaveCriticalSection
EnterCriticalSection
RaiseException
WideCharToMultiByte
DeleteFileW
CreateFileW
GetTempPathW
GetTempFileNameW
ReadFile
WriteFile
CloseHandle
GetSystemWindowsDirectoryW
SetLastError
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
lstrlenW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
FlsAlloc
FlsFree
TlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
RtlVirtualUnwind
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
HeapSetInformation
GetCommandLineA
FlsSetValue
ExitThread
RtlUnwindEx
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetLocaleInfoA
RtlPcToFileHeader
TerminateProcess
user32
CharNextW
UnregisterClassA
advapi32
LsaNtStatusToWinError
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumValueW
OpenThreadToken
OpenProcessToken
GetTokenInformation
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegEnumKeyW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
shell32
ord192
SHGetIconOverlayIndexW
ole32
StringFromCLSID
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
StringFromGUID2
oleaut32
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
SysFreeString
shlwapi
StrStrIW
SHDeleteKeyW
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
wtsapi32
WTSWaitSystemEvent
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
InstallIcon
ResetIcon
SetIcon
UninstallIcon
Sections
.text Size: 120KB - Virtual size: 119KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/CbFsNetRdr3.dll.dll windows:4 windows x64 arch:x64
49869718584eebc374f85f715dae88ee
Code Sign
47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before10-05-2010 00:00Not After10-05-2015 23:59SubjectCN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
e9:23:ae:e6:80:0b:cb:df:f2:a3:7f:ee:ed:01:96:b6Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before19-06-2008 00:00Not After19-06-2011 23:59SubjectCN=EldoS Corporation,O=EldoS Corporation,POSTALCODE=00000,STREET=Wickhams Cay 1+STREET=Akara Bldg.\, 24\, De Castro Street,L=Road Town,ST=Torola,C=VGExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
e9:5c:02:dd:fa:8d:b2:c8:6e:ff:a5:ed:07:0d:de:bf:e3:2e:52:faSigner
Actual PE Digeste9:5c:02:dd:fa:8d:b2:c8:6e:ff:a5:ed:07:0d:de:bf:e3:2e:52:faDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
kernel32
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
GetVersionExW
InitializeCriticalSection
LeaveCriticalSection
DeviceIoControl
LocalFree
GetComputerNameW
MoveFileExW
GetFileAttributesW
SetFileAttributesW
CopyFileW
GetCurrentProcess
lstrlenW
lstrcpyW
lstrcatW
Sleep
GetModuleFileNameW
CreateFileW
WriteFile
MultiByteToWideChar
CloseHandle
GetWindowsDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetLastError
SetLastError
GetSystemDirectoryW
CreateFileA
EnterCriticalSection
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
RtlUnwindEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapAlloc
WriteConsoleW
GetFileType
GetStdHandle
DebugBreak
HeapFree
HeapReAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
ExitProcess
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
HeapSize
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LsaNtStatusToWinError
GetTokenInformation
AllocateAndInitializeSid
FreeSid
OpenThreadToken
OpenProcessToken
QueryServiceConfigW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegEnumValueW
RegOpenKeyW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
SetEntriesInAclW
ole32
StringFromGUID2
netapi32
NetShareAdd
NetShareDel
Exports
Exports
DllInstall
NPAddConnection
NPAddConnection3
NPCancelConnection
NPCloseEnum
NPEnumResource
NPFormatNetworkName
NPGetCaps
NPGetConnection
NPGetConnectionPerformance
NPGetDirectoryType
NPGetResourceInformation
NPGetResourceParent
NPGetUniversalName
NPOpenEnum
Sections
.text Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 838B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
x64/cbfs3.sys.sys windows:6 windows x64 arch:x64
d998b0d59ebfb871ca907e1089b33d34
Code Sign
01:00:00:00:00:01:26:1d:ec:28:f7Certificate
IssuerCN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BENot Before11-01-2010 14:19Not After11-01-2013 14:19SubjectCN=EldoS Corporation,O=EldoS Corporation,C=VG,1.2.840.113549.1.9.1=#0c0e696e666f40656c646f732e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
04:00:00:00:00:01:23:9e:0f:ac:b3Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before28-01-1999 13:00Not After27-01-2017 12:00SubjectCN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
04:00:00:00:00:01:20:19:c1:90:66Certificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before18-03-2009 11:00Not After28-01-2028 12:00SubjectCN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
01:00:00:00:00:01:25:b0:b4:cc:01Certificate
IssuerCN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSignNot Before21-12-2009 09:32Not After22-12-2020 09:32SubjectCN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
04:00:00:00:00:01:23:9e:0f:af:24Certificate
IssuerCN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BENot Before22-01-2004 10:00Not After27-01-2017 10:00SubjectCN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
61:0b:7f:6b:00:00:00:00:00:19Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before23-05-2006 17:00Not After23-05-2016 17:10SubjectCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
fe:fa:5e:f4:62:07:23:88:eb:71:21:34:e7:27:e6:f4:c2:ff:b9:4aSigner
Actual PE Digestfe:fa:5e:f4:62:07:23:88:eb:71:21:34:e7:27:e6:f4:c2:ff:b9:4aDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
c:\projects\callbackfs\bin\wnet\fre\amd64\cbfs3.pdb
Imports
ntoskrnl.exe
ExAcquireResourceExclusiveLite
ExAllocatePoolWithTag
ExReleaseFastMutexUnsafe
ExFreePoolWithTag
ExReleaseFastMutex
KeLeaveCriticalRegion
ExAcquireFastMutex
swprintf
IoFreeWorkItem
KeInitializeEvent
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
KeDelayExecutionThread
IoGetCurrentProcess
IoAllocateWorkItem
ExReleaseResourceLite
ZwClose
KeWaitForSingleObject
IoFreeIrp
ObfReferenceObject
PsGetCurrentProcessId
ObfDereferenceObject
IoQueueWorkItem
IoUnregisterFileSystem
IoDeleteSymbolicLink
ExInitializeNPagedLookasideList
InitializeSListHead
IoRegisterFileSystem
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
KeInitializeDpc
KeInitializeTimer
ExDeletePagedLookasideList
ZwQueryValueKey
MmQuerySystemSize
KeBugCheck
KeSetTimer
PsGetVersion
ExDeleteResourceLite
IoCreateSymbolicLink
ExInitializePagedLookasideList
IoCreateDevice
ExInitializeResourceLite
KeCancelTimer
ExDeleteNPagedLookasideList
ZwOpenKey
ExRaiseStatus
IoSetDeviceToVerify
KeSetEvent
IoRaiseInformationalHardError
IoFreeMdl
MmMapLockedPagesSpecifyCache
IoGetDeviceToVerify
IofCompleteRequest
FsRtlIsTotalDeviceFailure
IoSetTopLevelIrp
KeBugCheckEx
IoRaiseHardError
MmProbeAndLockPages
IoGetTopLevelIrp
FsRtlIsNtstatusExpected
FsRtlNotifyFullReportChange
IoIsSystemThread
IoAllocateMdl
ExAcquireResourceSharedLite
CcSetFileSizes
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExQueueWorkItem
IoAcquireVpbSpinLock
FsRtlNotifyUninitializeSync
IoCreateStreamFileObject
FsRtlTeardownPerStreamContexts
FsRtlInitializeFileLock
FsRtlInitializeOplock
RtlCompareUnicodeString
PsGetProcessId
FsRtlNotifyInitializeSync
FsRtlUninitializeFileLock
IoReleaseVpbSpinLock
FsRtlUninitializeOplock
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoSetHardErrorOrVerifyDevice
FsRtlNormalizeNtstatus
IoVerifyVolume
FsRtlOplockIsFastIoPossible
ExInterlockedAddUlong
ExGetSharedWaiterCount
ExGetExclusiveWaiterCount
SeSinglePrivilegeCheck
IoUpdateShareAccess
MmFlushImageSection
IoRemoveShareAccess
CcPurgeCacheSection
CcFlushCache
FsRtlCheckOplock
CcIsThereDirtyData
IoCheckShareAccess
MmCanFileBeTruncated
FsRtlDoesNameContainWildCards
IoSetShareAccess
FsRtlCurrentBatchOplock
FsRtlNotifyCleanup
IoGetRequestorProcess
ExReleaseResourceForThreadLite
CcUninitializeCacheMap
FsRtlNotifyVolumeEvent
FsRtlNotifyFullChangeDirectory
FsRtlFastUnlockAll
MmForceSectionClosed
FsRtlOplockFsctrl
CcWaitForCurrentLazyWriterActivity
IoIsOperationSynchronous
IoIs32bitProcess
ExIsResourceAcquiredExclusiveLite
IoFileObjectType
IoBuildAsynchronousFsdRequest
ObReferenceObjectByHandle
RtlCompareMemory
MmUnlockPages
IofCallDriver
IoBuildDeviceIoControlRequest
RtlEqualUnicodeString
RtlDelete
RtlSplay
ExIsResourceAcquiredSharedLite
ExLocalTimeToSystemTime
RtlCopyUnicodeString
CcInitializeCacheMap
FsRtlAreNamesEqual
CcMdlWriteComplete
CcMdlReadComplete
IoGetStackLimits
CcMdlRead
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcCopyRead
CcSetReadAheadGranularity
CcPrepareMdlWrite
CcDeferWrite
CcCopyWrite
ExConvertExclusiveToSharedLite
CcCanIWrite
ObQueryNameString
RtlAppendUnicodeStringToString
FsRtlCheckLockForWriteAccess
ExAcquireSharedStarveExclusive
FsRtlFastUnlockSingle
FsRtlCopyRead
FsRtlFastCheckLockForRead
FsRtlCopyWrite
FsRtlFastCheckLockForWrite
FsRtlFastUnlockAllByKey
FsRtlPrivateLock
FsRtlProcessFileLock
IoBuildSynchronousFsdRequest
MmSystemRangeStart
RtlValidRelativeSecurityDescriptor
RtlLengthSecurityDescriptor
IoDetachDevice
IoAttachDeviceToDeviceStack
PsGetCurrentThreadId
IoRegisterFsRegistrationChange
ZwDeleteValueKey
ZwSetValueKey
IoGetDeviceObjectPointer
_vsnwprintf
ZwEnumerateValueKey
DbgPrint
RtlNumberGenericTableElements
RtlGetElementGenericTable
PsSetLoadImageNotifyRoutine
PsLookupProcessByProcessId
ZwQuerySymbolicLinkObject
RtlAppendUnicodeToString
RtlDeleteElementGenericTable
PsSetCreateProcessNotifyRoutine
ZwOpenSymbolicLinkObject
KeUnstackDetachProcess
RtlLookupElementGenericTable
FsRtlDissectName
ZwQueryInformationProcess
ZwOpenFile
ObOpenObjectByPointer
KeStackAttachProcess
RtlInitializeGenericTable
RtlInsertElementGenericTable
IoThreadToProcess
KeClearEvent
ZwCreateEvent
ZwCreateKey
FsRtlLegalAnsiCharacterArray
IoGetRelatedDeviceObject
PoSetPowerState
PsCreateSystemThread
PsTerminateSystemThread
ExEventObjectType
PoStartNextPowerIrp
IoAllocateIrp
IoOpenDeviceRegistryKey
FsRtlDeregisterUncProvider
FsRtlRegisterUncProvider
FsRtlInsertPerStreamContext
FsRtlLookupPerStreamContextInternal
IoInvalidateDeviceRelations
RtlSetBits
RtlInitializeBitMap
RtlClearAllBits
RtlFindClearBitsAndSet
PoCallDriver
RtlClearBit
SeReleaseSubjectContext
SeCaptureSubjectContext
SeQueryAuthenticationIdToken
ZwFsControlFile
ZwOpenDirectoryObject
ZwWriteFile
ProbeForRead
KeResetEvent
_snwprintf
RtlSetDaclSecurityDescriptor
ZwMapViewOfSection
ZwUnmapViewOfSection
KeInitializeSemaphore
KeReleaseSemaphore
ZwCreateSection
KeWaitForMultipleObjects
RtlCreateSecurityDescriptor
__C_specific_handler
_local_unwind
Sections
.text Size: 40KB - Virtual size: 39KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 180KB - Virtual size: 179KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 912B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 48B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
click.wav
-
fsm.ini
-
raid_recovery.exe.exe windows:5 windows x86 arch:x86
f433e7fcc51e68080022754836705744
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Imports
kernel32
GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree
user32
MessageBoxA
Sections
.text Size: - Virtual size: 4.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.itext Size: - Virtual size: 144KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 320KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
o8rd0smq Size: - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
uxenevan Size: - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
za3s3mzs Size: - Virtual size: 364KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 36KB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
zstmbfkd Size: - Virtual size: 276KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
jiyl0qid Size: 3.8MB - Virtual size: 3.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6bcybt2j Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ