woot[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

woot.zip
Size

7.9MB
MD5

716f46b7b89b10113b6a66719a87b529
SHA1

dd98adfc0b11c5a5a238891ef09f421dc4ff6cf0
SHA256

479d68213f9848ae8a478ba7cdd0454e382763efaa985d770111135224adff37
SHA512

18a8cef807fd601b0cd775043e187c3e084f9393078c1574241e5282b01f6d129c685f06d55babef08bf3c6109b735d41e131cf239d56d9f16466f97c3ea6e09
SSDEEP

196608:XN+xjec4tvJgtfYKxPEy/ux+ShvfHtkcVwyohvxzUkNbx95WMbhwIQigyJkUjxGA:XNzbvJmgKxP/Q+EdZVSNSkNbB9wIeqky

Score

3^/10

Malware Config

Signatures

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KBDTAM99.DLL
unpack001/PCICL32.DLL
unpack001/Storm.dll
unpack001/TsUsbRedirectionGroupPolicyExtension.dll
unpack001/WiaExtensionHost64.dll
unpack001/comcat.dll
unpack001/getuname.dll
unpack001/ifsutilx.dll
unpack001/libssp-0.dll
unpack001/libwinpthread-1.dll
unpack001/mprext.dll
unpack001/msidle.dll
unpack001/msidntld.dll
unpack001/neth.dll
unpack001/netmsg.dll
unpack001/panmap.dll
unpack001/prflbmsg.dll
unpack001/provdiagnostics.dll
unpack001/wiatrace.dll

Files

woot.zip
.zip
AudioCapture.dll
.dll windows:5 windows x86 arch:x86

b8a1db56beebf8e839dde8e0df72f492

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:af
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09/09/2021, 00:00

Not After

08/09/2024, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:af
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09/09/2021, 00:00

Not After

08/09/2024, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:e1:81:f3:38:7b:08:1c:26:8a:38:cf:5a:5c:37:c6:71:3a:51:1c:80:bd:de:31:76:ad:67:b2:6c:d1:1a:f5
Signer

Actual PE Digest

dc:e1:81:f3:38:7b:08:1c:26:8a:38:cf:5a:5c:37:c6:71:3a:51:1c:80:bd:de:31:76:ad:67:b2:6c:d1:1a:f5

Digest Algorithm

sha256

PE Digest Matches

true

59:5a:26:d4:2a:01:38:38:e7:97:cc:93:42:13:93:47:93:f4:f1:70
Signer

Actual PE Digest

59:5a:26:d4:2a:01:38:38:e7:97:cc:93:42:13:93:47:93:f4:f1:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\nsmsrc\nsm\1280\1280f12\AudioCapture\Release\AudioCapture.pdb

Imports

kernel32

WaitForSingleObject
GetCurrentThread
TerminateThread
Sleep
SetThreadPriority
CloseHandle
LocalFree
CreateThread
GetTickCount
GetLastError
GetStringTypeW
MultiByteToWideChar
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LoadLibraryW
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
RaiseException
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
IsProcessorFeaturePresent
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
HeapReAlloc

user32

UnregisterDeviceNotification
RegisterDeviceNotificationW
DestroyWindow
PostMessageW

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize

Exports

Exports

AddAudioCaptureEventListener
DeviceChange
Initialise
IsCapturing
RegisterWindow
RemoveAudioCaptureEventListener
StartCapturing
StopCapturing
UnInitialise

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HTCTL32.DLL
.dll windows:5 windows x86 arch:x86

a6ab0ac73d733ac12db0454e9a7326f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

02/08/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:87:b3:98:71:ea:55:e9:2e:60:a8:a6:31:92:dd:60:f0
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/09/2015, 15:59

Not After

22/11/2018, 15:54

Subject

CN=CrossTec Corporation,O=CrossTec Corporation,L=Boca Raton,ST=Florida,C=US,1.2.840.113549.1.9.1=#0c196a6566664063726f7373746563736f6674776172652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\nsmsrc\NSN\300\CVA_300F1\Ctl32\release\htctl32.pdb

Imports

wsock32

getpeername
ntohs
socket
setsockopt
bind
htons
WSASetBlockingHook
WSAUnhookBlockingHook
send
getsockname
gethostname
connect
__WSAFDIsSet
recv
WSASetLastError
ioctlsocket
gethostbyname
closesocket
WSACancelBlockingCall
inet_ntoa
select
WSAGetLastError
WSAStartup
WSACleanup
inet_addr

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetLocaleInfoW
LoadLibraryW
SetConsoleCtrlHandler
FatalAppExitA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
ReadFile
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsDBCSLeadByte
CompareStringA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
OutputDebugStringA
LoadLibraryA
FreeLibrary
SetLastError
WritePrivateProfileStringA
CloseHandle
FlushFileBuffers
SetFilePointer
GetFileSize
GetPrivateProfileIntA
CreateFileA
GetLastError
WriteFile
GetLocalTime
GetDateFormatA
CopyFileA
InterlockedExchange
Sleep
SetStdHandle
EnterCriticalSection
SetEvent
GetVersionExA
GetTickCount
SystemTimeToFileTime
GetSystemTime
OpenProcess
GetCurrentProcessId
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
GetTempPathA
ReleaseMutex
WaitForSingleObject
DeleteCriticalSection
TerminateThread
lstrlenA
CreateMutexA
SetThreadPriority
CreateThread
CreateEventA
InitializeCriticalSection
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
PulseEvent
GlobalFree
CreateFileW
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEndOfFile
GetProcessHeap
LeaveCriticalSection
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
RaiseException
EncodePointer
DecodePointer
GetCommandLineA
GetModuleHandleW
GetStdHandle
GetModuleFileNameW
HeapCreate
HeapDestroy
IsProcessorFeaturePresent
GetCPInfo

user32

PostThreadMessageA
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
KillTimer
PeekMessageA
PostQuitMessage
GetDesktopWindow
MessageBoxA
wvsprintfA
wsprintfA

advapi32

GetTokenInformation
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
OpenProcessToken

Exports

Exports

ctl_adddomain
ctl_addoperator
ctl_bridgename
ctl_broadcast
ctl_broadcastdata
ctl_call
ctl_callremote
ctl_clearpin
ctl_clientpinrequest
ctl_clientstatus
ctl_close
ctl_closeremote
ctl_connected
ctl_controlpinrequest
ctl_controlsendpin
ctl_findslaves
ctl_findslaves2
ctl_findslavesex
ctl_getconnectivityinfo
ctl_getfailedreason
ctl_getfileinfo
ctl_getsession
ctl_hangup
ctl_helpreq
ctl_installed
ctl_licenseinfo
ctl_maxpacket
ctl_messageacknowledged
ctl_messagereceived
ctl_myaddr
ctl_netname
ctl_networks
ctl_nsessions
ctl_open
ctl_openremote
ctl_pause
ctl_pingnet
ctl_pittmanfunc
ctl_publishservice
ctl_publishserviceex
ctl_putfile
ctl_putfilelink
ctl_remotename
ctl_removedomain
ctl_removeoperator
ctl_send
ctl_sendif
ctl_sendto
ctl_subset
ctl_userstatus
ctl_version

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KBDTAM99.DLL
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

kbdtam99.pdb

Exports

Exports

KbdLayerDescriptor

Sections

.text
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NSM.LIC
NSM.ini
PCICHEK.DLL
.dll windows:5 windows x86 arch:x86

e05a5a3d0a2f8611baa7485a20209a99

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:af
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09/09/2021, 00:00

Not After

08/09/2024, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:af
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

09/09/2021, 00:00

Not After

08/09/2024, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:c6:41:a5:39:2a:06:44:f8:a6:47:af:8c:fc:9c:9f:16:08:c2:fa:70:e3:6f:a9:f7:31:4f:e1:a5:79:0a:06
Signer

Actual PE Digest

aa:c6:41:a5:39:2a:06:44:f8:a6:47:af:8c:fc:9c:9f:16:08:c2:fa:70:e3:6f:a9:f7:31:4f:e1:a5:79:0a:06

Digest Algorithm

sha256

PE Digest Matches

true

b4:cd:b6:c8:71:1f:ab:d1:4a:7a:c3:f8:8f:5b:ac:26:23:2e:31:2a
Signer

Actual PE Digest

b4:cd:b6:c8:71:1f:ab:d1:4a:7a:c3:f8:8f:5b:ac:26:23:2e:31:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\nsmsrc\nsm\1280\1280\ctl32\release_unicode\pcichek.pdb

Imports

kernel32

GetVersionExW
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
ExitProcess

user32

LoadStringW
wsprintfW
MessageBoxW

msvcr100

_except_handler4_common
_crt_debugger_hook
memset

Exports

Exports

CheckLicenseString
IsILS
IsJPIK

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 498B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PCICL32.DLL
.dll windows:5 windows x86 arch:x86

65cee6e8444a20647b800e009130d04c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\nsmsrc\nsm\1200\1200\client32\Release\PCICL32.pdb

Imports

shfolder

SHGetFolderPathA

pcichek

IsILS
CheckLicenseString

pcicapi

CapiListen
CapiOpen
CapiClose
CapiHangup

mpr

WNetAddConnection2A
WNetCancelConnection2A
WNetGetConnectionA

comctl32

ImageList_Draw
ImageList_LoadImageA
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetImageCount
ord17
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Create

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

waveOutClose
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInAddBuffer
waveInPrepareHeader
waveOutSetVolume
waveOutOpen
waveInStart
waveInOpen
waveOutWrite
waveOutPrepareHeader
timeGetTime
timeEndPeriod
timeBeginPeriod
PlaySoundA
waveOutUnprepareHeader

wsock32

send
bind
listen
accept
htons
socket
connect
getpeername
gethostbyname
recv
shutdown
closesocket
WSACleanup
WSAStartup
WSAGetLastError
gethostname
htonl
ioctlsocket
inet_addr
setsockopt

kernel32

CreateDirectoryA
RemoveDirectoryA
MoveFileA
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
FileTimeToDosDateTime
FileTimeToLocalFileTime
OpenEventA
MultiByteToWideChar
OutputDebugStringA
SetCurrentDirectoryA
SizeofResource
GetTimeFormatW
GetDateFormatW
RaiseException
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
lstrlenW
lstrlenA
lstrcmpiA
FlushInstructionCache
lstrcmpA
FindResourceExA
TerminateThread
ReleaseMutex
WaitForSingleObjectEx
GlobalReAlloc
CreateNamedPipeA
ConnectNamedPipe
SetProcessShutdownParameters
SetConsoleCtrlHandler
IsDBCSLeadByteEx
DisconnectNamedPipe
WriteProfileStringA
DefineDosDeviceA
QueryDosDeviceA
ResumeThread
VirtualQueryEx
GetThreadContext
ReadProcessMemory
PulseEvent
CreateRemoteThread
SetThreadContext
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
Beep
GetSystemDefaultLangID
GetSystemInfo
GetCurrentThread
GetProcessVersion
GlobalGetAtomNameA
VirtualQuery
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
DecodePointer
EncodePointer
InterlockedCompareExchange
IsBadReadPtr
GetProcessHeap
HeapAlloc
HeapFree
FindResourceA
LoadResource
LockResource
VirtualProtectEx
WriteProcessMemory
GetExitCodeThread
CompareStringA
SetFilePointer
GetProfileStringA
GetOEMCP
GetShortPathNameA
TerminateProcess
SystemTimeToFileTime
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreatePipe
DuplicateHandle
SetHandleInformation
FormatMessageA
LocalFree
SetNamedPipeHandleState
GetPriorityClass
WinExec
ExpandEnvironmentStringsA
SearchPathA
IsValidCodePage
SetSystemTime
_lopen
_lclose
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
GetDateFormatA
GetTimeFormatA
GlobalSize
SetUnhandledExceptionFilter
OpenMutexA
CreateMutexA
GetModuleHandleA
SetErrorMode
GetACP
SetPriorityClass
GetFileAttributesA
GetTempFileNameA
CopyFileA
FileTimeToSystemTime
GetComputerNameA
ExitProcess
GetExitCodeProcess
GetCurrentProcess
LoadLibraryExA
ExitThread
GetDriveTypeA
GetWindowsDirectoryA
IsDBCSLeadByte
GetLocalTime
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
GetSystemPowerStatus
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
GetCurrentProcessId
CreateProcessA
DeleteCriticalSection
InitializeCriticalSection
GetVersion
CreateThread
SetThreadPriority
InterlockedIncrement
WaitForMultipleObjects
GetOverlappedResult
ResetEvent
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetLastError
DeviceIoControl
InterlockedExchange
SetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
CreateFileA
GetTempPathA
WriteFile
GetCurrentThreadId
CreateEventA
WaitForSingleObject
SetEvent
GlobalDeleteAtom
Sleep
GlobalAddAtomA
OpenProcess
GetVersionExA
GetTickCount
CloseHandle
GetConsoleMode
GetCommandLineA
LCMapStringW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameW
HeapSize
GetLocaleInfoW
SetHandleCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetTimeZoneInformation
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
LoadLibraryW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
InterlockedPushEntrySList
VirtualFree
InterlockedPopEntrySList
LocalAlloc

user32

ClipCursor
DrawIconEx
RemoveMenu
SetActiveWindow
AdjustWindowRectEx
TrackPopupMenuEx
SetMenuDefaultItem
InsertMenuItemA
SetClassLongA
GetScrollInfo
SetScrollInfo
TileWindows
SetScrollRange
SetScrollPos
ScrollWindow
OemToCharBuffA
HideCaret
CreateCursor
GetScrollRange
GetWindowRgn
GetAsyncKeyState
EnumThreadWindows
EnumDisplaySettingsA
wsprintfW
PostMessageW
OpenInputDesktop
GetMenuItemRect
mouse_event
MapVirtualKeyA
CharLowerBuffA
CreateDesktopA
SwitchDesktop
GetIconInfo
AttachThreadInput
GetCursor
CreateDialogIndirectParamA
DialogBoxIndirectParamA
DialogBoxParamA
CreateAcceleratorTableA
DestroyAcceleratorTable
RedrawWindow
InvalidateRgn
CharNextA
LoadAcceleratorsA
ScreenToClient
ModifyMenuA
CreateMenu
MoveWindow
SetCursorPos
DrawTextW
IsDialogMessageA
UnionRect
DrawFocusRect
EndDialog
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
MsgWaitForMultipleObjects
GetUserObjectSecurity
SetUserObjectSecurity
MessageBoxIndirectA
WinHelpA
UnhookWindowsHookEx
SetWindowsHookExA
CreateDialogParamA
GetLastActivePopup
CallNextHookEx
GetUpdateRect
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyCursor
SystemParametersInfoA
GetActiveWindow
IsZoomed
CreatePopupMenu
AppendMenuA
WindowFromPoint
CopyRect
EqualRect
ClientToScreen
DeferWindowPos
IsChild
GetWindowPlacement
TranslateAcceleratorA
SetRectEmpty
SetMenu
SetWindowPlacement
GetForegroundWindow
CharUpperBuffA
WaitForInputIdle
OpenDesktopA
EnumDesktopWindows
GetUserObjectInformationA
GetCursorPos
IntersectRect
CheckDlgButton
SetForegroundWindow
EnumChildWindows
RegisterClipboardFormatA
CountClipboardFormats
EnumClipboardFormats
GetClipboardData
IsClipboardFormatAvailable
GetClipboardFormatNameA
RegisterWindowMessageA
DestroyIcon
CharUpperA
ExitWindowsEx
UnregisterClassA
SetTimer
KillTimer
SetDlgItemTextA
SendMessageA
SendDlgItemMessageA
PostMessageA
ShowWindow
DefWindowProcA
CallWindowProcA
PostThreadMessageA
GetQueueStatus
GetDlgItem
GetDlgCtrlID
GetDC
ReleaseDC
InvalidateRect
GetDesktopWindow
MessageBoxA
keybd_event
GetThreadDesktop
SetThreadDesktop
CloseDesktop
wvsprintfA
CreateCaret
ShowCaret
DestroyCaret
GetKeyState
PeekMessageA
SetCaretPos
DrawMenuBar
GetSystemMenu
OpenClipboard
EmptyClipboard
SetClipboardData
MessageBeep
CloseClipboard
FindWindowExA
DeleteMenu
GetWindowTextLengthA
GetFocus
GetClassInfoExA
DestroyWindow
DefDlgProcA
RegisterClassExA
IsDlgButtonChecked
GetDlgItemTextA
IsIconic
GetMenu
EnumWindows
IsWindowVisible
GetWindow
GetClassNameA
SendMessageTimeoutA
GetClassLongA
CopyIcon
CopyImage
LoadImageA
GetClassInfoA
LoadIconA
RegisterClassA
BringWindowToTop
GetMessageA
TranslateMessage
DispatchMessageA
SetPropA
GetPropA
RemovePropA
GetCapture
SetCapture
ReleaseCapture
CreateWindowExA
BeginPaint
EndPaint
wsprintfA
PostQuitMessage
GetMenuItemID
CheckMenuItem
EnableMenuItem
GetMenuItemInfoA
SetMenuItemInfoA
PtInRect
GetWindowDC
LoadMenuA
GetSubMenu
GetMenuItemCount
DestroyMenu
InflateRect
GetSystemMetrics
FindWindowA
GetWindowThreadProcessId
IsWindow
SetFocus
SetWindowPos
GetParent
GetWindowTextA
SetWindowTextA
MapWindowPoints
GetClientRect
DrawTextA
OffsetRect
IsWindowEnabled
SetRect
GetWindowRect
FillRect
LoadBitmapA
GetSysColor
SetCursor
LoadCursorA
UpdateWindow
EnableWindow
SetWindowLongA
GetWindowLongA
LoadStringA

gdi32

GetNearestPaletteIndex
EndPage
StartPage
PtInRegion
ExtEscape
ExtTextOutA
GetBitmapBits
GetBkMode
GetSystemPaletteEntries
SelectPalette
RealizePalette
CreateBrushIndirect
EqualRgn
GetDCOrgEx
SetBrushOrgEx
PatBlt
CreatePatternBrush
GetTextMetricsA
StretchBlt
GetDIBits
CreateDIBSection
GdiFlush
GetRegionData
CreateRectRgnIndirect
CreateFontIndirectW
GetTextColor
GetBkColor
SetBitmapBits
UnrealizeObject
SetDIBits
AddFontResourceA
GetWindowOrgEx
SetRectRgn
CreatePenIndirect
GetClipRgn
IntersectClipRect
Arc
Chord
Pie
Polyline
RoundRect
SetPolyFillMode
SetTextJustification
SetTextCharacterExtra
CreateDIBitmap
RemoveFontResourceA
GetStockObject
CreatePen
CreateSolidBrush
GetTextExtentPointA
SetBkMode
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
CombineRgn
BitBlt
DeleteDC
RectVisible
SetWindowOrgEx
DeleteObject
RectInRegion
CreatePalette
GetPaletteEntries
GetTextExtentPoint32A
GetMapMode
SetMapMode
GetStretchBltMode
SetStretchBltMode
BeginPath
TextOutA
EndPath
PathToRegion
GetRgnBox
OffsetRgn
FillRgn
FrameRgn
CreateBitmap
CreateDCA
SelectClipRgn
LineDDA
Polygon
CreateFontIndirectA
CreateHatchBrush
GetDeviceCaps
SetBkColor
ExtFloodFill
GetPixel
SetPixel
SetPixelV
Ellipse
Rectangle
SetROP2
MoveToEx
LineTo
CreateRectRgn

winspool.drv

DeletePrinter
AddPrinterA
EnumPrintersA
ord201
ord202
EnumPrinterDriversA
ClosePrinter
EnumJobsA
SetJobA
StartPagePrinter
WritePrinter
StartDocPrinterA
EndPagePrinter
EndDocPrinter
OpenPrinterA
GetPrinterA
AbortPrinter

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseFontA
PageSetupDlgA

advapi32

RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyA
SetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherA
LogonUserA
ControlService
StartServiceA
RegQueryInfoKeyW
CryptGetProvParam
CryptReleaseContext
AllocateLocallyUniqueId
FreeSid
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
LookupPrivilegeValueA
AdjustTokenPrivileges
QueryServiceConfigA
RegQueryValueExA
LookupAccountSidA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
CreateProcessAsUserA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
IsValidSid
GetLengthSid
CopySid
GetUserNameW
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyA
RegFlushKey
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetUserNameA
GetTokenInformation
LookupPrivilegeNameA
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
EnumServicesStatusA

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
ExtractIconA
SHGetMalloc
SHGetFileInfoA
SHGetSpecialFolderPathA
ExtractIconExA
FindExecutableA
Shell_NotifyIconA
ShellExecuteA

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize
ReleaseStgMedium
OleDuplicateData
CreateDataAdviseHolder
CoTaskMemFree
CLSIDFromProgID
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
OleLockRunning
CoGetClassObject
CoInitializeSecurity
OleCreateStaticFromData
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
CLSIDFromString

oleaut32

SysStringByteLen
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetLBound
OleLoadPicture
SysFreeString
SysAllocString
VariantClear
VariantInit
SysStringLen
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
OleCreatePictureIndirect
VariantChangeType
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetUBound

wininet

InternetCrackUrlA

Exports

Exports

_GetWMIStringW@16
_IsAcerA@8
_NSMClient32@8
_NSMFindClass@12
br_close
br_open
br_poll
br_status

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hhshare
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Storm.dll
.dll windows:4 windows x86 arch:x86

9668480708dbc63b63913082d88aedcb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Drive1\temp\buildwar3x\Storm\bin\Storm.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
memset
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
ferror
_strlwr
_snprintf
strchr
isdigit
vsprintf
fopen
fclose
fseek
ftell
_fileno
_fstat64i32
fread
memmove
_fullpath
toupper
_vsnprintf
strpbrk
wcstombs
setlocale
_stat64i32
_strupr
_purecall
strncmp
_strnicmp
strstr
strtol
strtoul
_stricmp
memcpy
__CxxFrameHandler3
qsort
strncpy
strrchr
sprintf
isprint
__clean_type_info_names_internal
calloc

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

UnhandledExceptionFilter
ResumeThread
GetThreadPriority
VirtualLock
VirtualUnlock
CreateProcessA
GetSystemTime
SystemTimeToFileTime
VirtualFree
VirtualAlloc
FlushFileBuffers
WaitForMultipleObjects
QueryPerformanceCounter
GetSystemTimeAsFileTime
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
EnterCriticalSection
InitializeCriticalSection
IsBadReadPtr
GetModuleFileNameA
GetComputerNameA
GetLastError
GetCurrentProcess
GetModuleHandleA
VirtualQuery
lstrcpynA
GetCurrentThread
IsBadWritePtr
InterlockedDecrement
GetLocalTime
InterlockedIncrement
GetCurrentProcessId
CloseHandle
WaitForSingleObject
CreateThread
GetCurrentThreadId
WriteFile
CreateFileA
ReadFile
GetFileSize
GetCommandLineA
FindNextFileA
FindFirstFileA
FindClose
LockResource
LoadResource
FindResourceA
GetTickCount
MulDiv
FreeResource
SizeofResource
HeapAlloc
GetProcessHeap
GetFileAttributesA
CreateDirectoryA
FormatMessageA
ExitProcess
SetLastError
DeleteFileA
HeapFree
TerminateProcess
GetExitCodeProcess
GetVersion
SetFilePointer
OutputDebugStringA
SetUnhandledExceptionFilter
GetDiskFreeSpaceA
GetVolumeInformationA
GetDriveTypeA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEvent
SetThreadPriority
CreateEventA
InterlockedExchange
InterlockedCompareExchange
GetSystemInfo
Sleep
ResetEvent

user32

GetWindowTextLengthA
DrawEdge
BeginPaint
GetUpdateRgn
GetDlgCtrlID
DefDlgProcA
SetActiveWindow
GetActiveWindow
EnableWindow
IsWindowEnabled
SetCursor
LoadCursorA
GetClassInfoA
RegisterClassA
PostMessageA
GetDlgItem
DispatchMessageA
TranslateMessage
IsDialogMessageA
PostQuitMessage
PeekMessageA
CreateWindowExA
ShowWindow
AdjustWindowRectEx
DestroyWindow
GetSystemMetrics
DestroyCursor
GetForegroundWindow
MessageBoxA
LoadIconA
CreateCursor
GetMessageA
GetDlgItemTextA
SetDlgItemTextA
SendDlgItemMessageA
DrawTextA
DrawFocusRect
SetWindowLongA
GetFocus
SetFocus
RemovePropA
CallWindowProcA
DefWindowProcA
GetPropA
IsIconic
GetClientRect
ClientToScreen
GetParent
GetClassLongA
SetClassLongA
FindWindowExA
EndPaint
SetPropA
EndDialog
SendMessageA
IsWindow
GetClassNameA
IsWindowVisible
GetWindowLongA
ShowCursor
GetDC
ReleaseDC
GetCursorPos
GetDesktopWindow
GetWindowThreadProcessId
wsprintfA
LoadStringA
GetWindowRect
IntersectRect
ScreenToClient
InvalidateRect
GetTopWindow
GetWindow
GetWindowTextA

gdi32

SetBkColor
SetBkMode
SetTextColor
SetTextAlign
GetCurrentObject
GetCharABCWidthsA
CreateFontA
GetDeviceCaps
RealizePalette
SelectPalette
SetPaletteEntries
CreatePalette
GetSystemPaletteEntries
GetDIBits
ExtTextOutA
Rectangle
CreateDIBitmap
GetStockObject
RectInRegion
CreateRectRgn
CombineRgn
DeleteObject
GetRegionData
GdiFlush
CreateCompatibleDC
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
DeleteDC

comdlg32

GetSaveFileNameA

advapi32

RegCloseKey
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegFlushKey
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
GetUserNameA

Exports

Exports

??0CDebugSCritSect@@QAE@XZ
??0CDebugSRWLock@@QAE@XZ
??0CSRWLock@@QAE@XZ
??0SCritSect@@QAE@XZ
??0SEvent@@QAE@HH@Z
??0SSyncObject@@QAE@XZ
??1CDebugSCritSect@@QAE@XZ
??1CDebugSRWLock@@QAE@XZ
??1CSRWLock@@QAE@XZ
??1SCritSect@@QAE@XZ
??1SSyncObject@@QAE@XZ
?Close@SFile@@SGKPAV1@@Z
?Create@SThread@@SIHP6GIPAX@Z0AAV1@PAD@Z
?CreateOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?DestroyOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?EnableHash@SFile@@SGX_N@Z
?Enter@CDebugSCritSect@@QAEXPBDK@Z
?Enter@CDebugSRWLock@@QAEXHPBDK@Z
?Enter@CSRWLock@@QAEXH@Z
?Enter@SCritSect@@QAEXXZ
?FileExists@SFile@@SGHPBD@Z
?GetActualFileName@SFile@@SGHPAV1@PADK@Z
?GetBasePath@SFile@@SGHPADK@Z
?GetFileSize@SFile@@SGKPAV1@PAK@Z
?Leave@CDebugSCritSect@@QAEXPBDK@Z
?Leave@CDebugSRWLock@@QAEXHPBDK@Z
?Leave@CSRWLock@@QAEXH@Z
?Leave@SCritSect@@QAEXXZ
?Load@SFile@@SGKPAVSArchive@@PBDPAPAXPAKKKPAUSOVERLAPPED@@@Z
?LoadFile@SFile@@SGKPBDPAPAXPAKKPAUSOVERLAPPED@@@Z
?Open@SFile@@SGKPBDPAPAV1@@Z
?PollOverlapped@SFile@@SGHPAUSOVERLAPPED@@@Z
?Read@SFile@@SGKPAV1@PAXKPAKPAUSOVERLAPPED@@PAU_TASYNCPARAMBLOCK@@@Z
?Reset@SEvent@@QAEHXZ
?ResetOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z
?SCreateThread@@YIPAXP6GIPAX@Z0PAI0PAD@Z
?SGetCurrentThreadId@@YIKXZ
?SGetCurrentThreadPriority@@YIHXZ
?SInterlockedCompareExchange@@YI_JPA_JAB_J1@Z
?SInterlockedCompareExchangePointer@@YIPAXPAPAXPAX1@Z
?SInterlockedDecrement@@YIJPAJ@Z
?SInterlockedExchange@@YIJPAJJ@Z
?SInterlockedExchange@@YI_JPA_JAB_J@Z
?SInterlockedIncrement@@YIJPAJ@Z
?SInterlockedRead@@YI_JPB_J@Z
?SSetCurrentThreadPriority@@YIXH@Z
?Set@SEvent@@QAEHXZ
?SetBasePath@SFile@@SGHPBD@Z
?SetFilePointer@SFile@@SGKPAV1@JPAJK@Z
?Unload@SFile@@SGHPAX@Z
?Wait@SSyncObject@@QAEKK@Z
?WaitMultiplePtr@@YIKIQAPAVSSyncObject@@HK@Z
?WaitOverlapped@SFile@@SGXPAUSOVERLAPPED@@@Z

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TsUsbRedirectionGroupPolicyExtension.dll
.dll windows:10 windows x64 arch:x64

54be2b7c7bffa0cee4af2cdb42cf9085

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

TsUsbRedirectionGroupPolicyExtension.pdb

Imports

msvcrt

_callnewh
malloc
free
_vsnwprintf
memset

kernel32

GetWindowsDirectoryW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetLastError
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteFile
LoadResource
GetModuleHandleExA
GetProcAddress
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
CloseHandle
LockResource
CreateFileW
SizeofResource
RtlLookupFunctionEntry
FindResourceW
GetTempFileNameW
LoadLibraryW
DeleteFileW
GetTempPathW

advapi32

TraceMessage
CloseServiceHandle
RegCloseKey
RegSetValueExW
RegCreateKeyExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegOpenKeyW

setupapi

InstallHinfSectionW

Exports

Exports

ExecuteProcessGroupPolicyEx
ExecuteProcessGroupPolicyExWithError
ProcessGroupPolicyEx

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WiaExtensionHost64.dll
.dll windows:10 windows x64 arch:x64

39f7abf43a82831d6b4792c9ce9d440f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WiaExtensionHost64.pdb

Imports

msvcrt

free
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
__C_specific_handler

kernel32

GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
Sleep
TerminateProcess

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adgirl/v_ak47.mdl
adgirl/v_awp.mdl
adgirl/v_deagle.mdl
adgirl/v_m4a1.mdl
avcodec-53.dll
.dll windows:4 windows x86 arch:x86

551233820b1333b70b87efde91f004ff

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:fb:de:82:2a:ac:f8:f0:9d:15:e7:e8:bd:46:84:0c:41:f3:7f:21
Signer

Actual PE Digest

17:fb:de:82:2a:ac:f8:f0:9d:15:e7:e8:bd:46:84:0c:41:f3:7f:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetThreadContext
GetThreadPriority
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

__dllonexit
__lc_codepage
__mb_cur_max
_assert
_beginthreadex
_endthreadex
_errno
_ftime
_iob
_isctype
_pctype
_setjmp
_winmajor
abort
atan
calloc
ceil
cos
exit
exp
fflush
floor
fputc
free
fwrite
getenv
ldexp
localeconv
longjmp
malloc
memcmp
memcpy
memset
qsort
sin
sqrt
strcmp
strlen
toupper
vfprintf
wcslen

ws2_32

WSAGetLastError
WSASetLastError

avutil-51

av_dict_copy
av_dict_free
av_free
av_freep
av_gcd
av_get_bytes_per_sample
av_get_channel_layout
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_cpu_flags
av_get_picture_type_char
av_get_pix_fmt_name
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_image_alloc
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_fill_linesizes
av_image_fill_pointers
av_log
av_log_get_level
av_malloc
av_mallocz
av_opt_find
av_opt_free
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_pix_fmt_descriptors
av_realloc
av_reduce
av_reverse
av_set_string3
av_strdup
av_strlcat
av_vlog
ff_set_systematic_pal2

Exports

Exports

MPV_common_init_mmx
_get_output_format
_nm__av_pix_fmt_descriptors
_nm__av_reverse
align_put_bits
audio_resample
audio_resample_close
av_audio_convert
av_audio_convert_alloc
av_audio_convert_free
av_audio_resample_init
av_bitstream_filter_close
av_bitstream_filter_filter
av_bitstream_filter_init
av_bitstream_filter_next
av_codec_next
av_destruct_packet
av_destruct_packet_nofree
av_dup_packet
av_fast_malloc
av_fast_realloc
av_fft_calc
av_fft_end
av_fft_init
av_fft_permute
av_free_packet
av_get_bits_per_sample
av_get_bits_per_sample_format
av_get_codec_tag_string
av_get_pict_type_char
av_get_profile_name
av_grow_packet
av_hwaccel_next
av_imdct_calc
av_imdct_half
av_init_packet
av_lockmgr_register
av_log_ask_for_sample
av_log_missing_feature
av_mdct_calc
av_mdct_end
av_mdct_init
av_new_packet
av_packet_get_side_data
av_packet_merge_side_data
av_packet_new_side_data
av_packet_split_side_data
av_parser_change
av_parser_close
av_parser_init
av_parser_next
av_parser_parse2
av_picture_copy
av_picture_crop
av_picture_pad
av_rdft_calc
av_rdft_end
av_rdft_init
av_register_bitstream_filter
av_register_codec_parser
av_register_hwaccel
av_resample
av_resample_close
av_resample_compensate
av_resample_init
av_shrink_packet
av_xiphlacing
avcodec_align_dimensions
avcodec_align_dimensions2
avcodec_alloc_context
avcodec_alloc_context2
avcodec_alloc_context3
avcodec_alloc_frame
avcodec_channel_layout_num_channels
avcodec_close
avcodec_configuration
avcodec_copy_context
avcodec_decode_audio3
avcodec_decode_subtitle2
avcodec_decode_video2
avcodec_default_execute
avcodec_default_execute2
avcodec_default_free_buffers
avcodec_default_get_buffer
avcodec_default_get_format
avcodec_default_reget_buffer
avcodec_default_release_buffer
avcodec_encode_audio
avcodec_encode_subtitle
avcodec_encode_video
avcodec_find_best_pix_fmt
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_find_encoder
avcodec_find_encoder_by_name
avcodec_flush_buffers
avcodec_get_channel_layout
avcodec_get_channel_layout_string
avcodec_get_chroma_sub_sample
avcodec_get_context_defaults
avcodec_get_context_defaults2
avcodec_get_context_defaults3
avcodec_get_edge_width
avcodec_get_frame_defaults
avcodec_get_pix_fmt_loss
avcodec_get_pix_fmt_name
avcodec_get_sample_fmt
avcodec_get_sample_fmt_name
avcodec_guess_channel_layout
avcodec_init
avcodec_license
avcodec_open
avcodec_open2
avcodec_pix_fmt_to_codec_tag
avcodec_register
avcodec_register_all
avcodec_sample_fmt_string
avcodec_set_dimensions
avcodec_string
avcodec_thread_init
avcodec_version
avpicture_alloc
avpicture_deinterlace
avpicture_fill
avpicture_free
avpicture_get_size
avpicture_layout
avsubtitle_free
dsputil_init
dsputil_init_mmx
dsputil_init_pix_mmx
dsputil_static_init
ff_add_hfyu_left_prediction_sse4
ff_add_hfyu_left_prediction_ssse3
ff_add_hfyu_median_prediction_mmx2
ff_add_pixels_clamped_c
ff_add_pixels_clamped_mmx
ff_alternate_horizontal_scan
ff_alternate_vertical_scan
ff_apply_window_int16_mmxext
ff_apply_window_int16_mmxext_ba
ff_apply_window_int16_sse2
ff_apply_window_int16_sse2_ba
ff_apply_window_int16_ssse3
ff_apply_window_int16_ssse3_atom
ff_avg_cavs_qpel16_mc00_mmx2
ff_avg_cavs_qpel8_mc00_mmx2
ff_avg_h264_chroma_mc2_10_mmxext
ff_avg_h264_chroma_mc2_mmx2
ff_avg_h264_chroma_mc4_10_mmxext
ff_avg_h264_chroma_mc4_3dnow
ff_avg_h264_chroma_mc4_mmx2
ff_avg_h264_chroma_mc4_ssse3
ff_avg_h264_chroma_mc8_10_avx
ff_avg_h264_chroma_mc8_10_sse2
ff_avg_h264_chroma_mc8_3dnow_rnd
ff_avg_h264_chroma_mc8_mmx2_rnd
ff_avg_h264_chroma_mc8_ssse3_rnd
ff_avg_h264_qpel16_mc00_10_mmxext
ff_avg_h264_qpel16_mc00_10_sse2
ff_avg_h264_qpel16_mc01_10_mmxext
ff_avg_h264_qpel16_mc01_10_sse2
ff_avg_h264_qpel16_mc02_10_mmxext
ff_avg_h264_qpel16_mc02_10_sse2
ff_avg_h264_qpel16_mc03_10_mmxext
ff_avg_h264_qpel16_mc03_10_sse2
ff_avg_h264_qpel16_mc10_10_mmxext
ff_avg_h264_qpel16_mc10_10_sse2
ff_avg_h264_qpel16_mc10_10_sse2_cache64
ff_avg_h264_qpel16_mc10_10_ssse3_cache64
ff_avg_h264_qpel16_mc11_10_mmxext
ff_avg_h264_qpel16_mc11_10_sse2
ff_avg_h264_qpel16_mc12_10_mmxext
ff_avg_h264_qpel16_mc12_10_sse2
ff_avg_h264_qpel16_mc13_10_mmxext
ff_avg_h264_qpel16_mc13_10_sse2
ff_avg_h264_qpel16_mc20_10_mmxext
ff_avg_h264_qpel16_mc20_10_sse2
ff_avg_h264_qpel16_mc20_10_sse2_cache64
ff_avg_h264_qpel16_mc20_10_ssse3_cache64
ff_avg_h264_qpel16_mc21_10_mmxext
ff_avg_h264_qpel16_mc21_10_sse2
ff_avg_h264_qpel16_mc22_10_mmxext
ff_avg_h264_qpel16_mc22_10_sse2
ff_avg_h264_qpel16_mc23_10_mmxext
ff_avg_h264_qpel16_mc23_10_sse2
ff_avg_h264_qpel16_mc30_10_mmxext
ff_avg_h264_qpel16_mc30_10_sse2
ff_avg_h264_qpel16_mc30_10_sse2_cache64
ff_avg_h264_qpel16_mc30_10_ssse3_cache64
ff_avg_h264_qpel16_mc31_10_mmxext
ff_avg_h264_qpel16_mc31_10_sse2
ff_avg_h264_qpel16_mc32_10_mmxext
ff_avg_h264_qpel16_mc32_10_sse2
ff_avg_h264_qpel16_mc33_10_mmxext
ff_avg_h264_qpel16_mc33_10_sse2
ff_avg_h264_qpel4_mc00_10_mmxext
ff_avg_h264_qpel4_mc01_10_mmxext
ff_avg_h264_qpel4_mc02_10_mmxext
ff_avg_h264_qpel4_mc03_10_mmxext
ff_avg_h264_qpel4_mc10_10_mmxext
ff_avg_h264_qpel4_mc11_10_mmxext
ff_avg_h264_qpel4_mc12_10_mmxext
ff_avg_h264_qpel4_mc13_10_mmxext
ff_avg_h264_qpel4_mc20_10_mmxext
ff_avg_h264_qpel4_mc21_10_mmxext
ff_avg_h264_qpel4_mc22_10_mmxext
ff_avg_h264_qpel4_mc23_10_mmxext
ff_avg_h264_qpel4_mc30_10_mmxext
ff_avg_h264_qpel4_mc31_10_mmxext
ff_avg_h264_qpel4_mc32_10_mmxext
ff_avg_h264_qpel4_mc33_10_mmxext
ff_avg_h264_qpel8_mc00_10_mmxext
ff_avg_h264_qpel8_mc00_10_sse2
ff_avg_h264_qpel8_mc01_10_mmxext
ff_avg_h264_qpel8_mc01_10_sse2
ff_avg_h264_qpel8_mc02_10_mmxext
ff_avg_h264_qpel8_mc02_10_sse2
ff_avg_h264_qpel8_mc03_10_mmxext
ff_avg_h264_qpel8_mc03_10_sse2
ff_avg_h264_qpel8_mc10_10_mmxext
ff_avg_h264_qpel8_mc10_10_sse2
ff_avg_h264_qpel8_mc10_10_sse2_cache64
ff_avg_h264_qpel8_mc10_10_ssse3_cache64
ff_avg_h264_qpel8_mc11_10_mmxext
ff_avg_h264_qpel8_mc11_10_sse2
ff_avg_h264_qpel8_mc12_10_mmxext
ff_avg_h264_qpel8_mc12_10_sse2
ff_avg_h264_qpel8_mc13_10_mmxext
ff_avg_h264_qpel8_mc13_10_sse2
ff_avg_h264_qpel8_mc20_10_mmxext
ff_avg_h264_qpel8_mc20_10_sse2
ff_avg_h264_qpel8_mc20_10_sse2_cache64
ff_avg_h264_qpel8_mc20_10_ssse3_cache64
ff_avg_h264_qpel8_mc21_10_mmxext
ff_avg_h264_qpel8_mc21_10_sse2
ff_avg_h264_qpel8_mc22_10_mmxext
ff_avg_h264_qpel8_mc22_10_sse2
ff_avg_h264_qpel8_mc23_10_mmxext
ff_avg_h264_qpel8_mc23_10_sse2
ff_avg_h264_qpel8_mc30_10_mmxext
ff_avg_h264_qpel8_mc30_10_sse2
ff_avg_h264_qpel8_mc30_10_sse2_cache64
ff_avg_h264_qpel8_mc30_10_ssse3_cache64
ff_avg_h264_qpel8_mc31_10_mmxext
ff_avg_h264_qpel8_mc31_10_sse2
ff_avg_h264_qpel8_mc32_10_mmxext
ff_avg_h264_qpel8_mc32_10_sse2
ff_avg_h264_qpel8_mc33_10_mmxext
ff_avg_h264_qpel8_mc33_10_sse2
ff_avg_pixels16x16_10_c
ff_avg_pixels16x16_8_c
ff_avg_pixels16x16_9_c
ff_avg_pixels8x8_10_c
ff_avg_pixels8x8_8_c
ff_avg_pixels8x8_9_c
ff_avg_qpel16_mc11_old_c
ff_avg_qpel16_mc12_old_c
ff_avg_qpel16_mc13_old_c
ff_avg_qpel16_mc31_old_c
ff_avg_qpel16_mc32_old_c
ff_avg_qpel16_mc33_old_c
ff_avg_qpel8_mc11_old_c
ff_avg_qpel8_mc12_old_c
ff_avg_qpel8_mc13_old_c
ff_avg_qpel8_mc31_old_c
ff_avg_qpel8_mc32_old_c
ff_avg_qpel8_mc33_old_c
ff_avg_rv40_chroma_mc4_3dnow
ff_avg_rv40_chroma_mc4_mmx2
ff_avg_rv40_chroma_mc8_3dnow
ff_avg_rv40_chroma_mc8_mmx2
ff_avg_vc1_chroma_mc8_3dnow_nornd
ff_avg_vc1_chroma_mc8_mmx2_nornd
ff_avg_vc1_chroma_mc8_ssse3_nornd
ff_avg_vc1_mspel_mc00_mmx2
ff_block_permute
ff_bone
ff_check_alignment
ff_combine_frame
ff_copy_bits
ff_copy_pce_data
ff_cos_1024
ff_cos_1024_fixed
ff_cos_128
ff_cos_128_fixed
ff_cos_16
ff_cos_16384
ff_cos_16384_fixed
ff_cos_16_fixed
ff_cos_2048
ff_cos_2048_fixed
ff_cos_256
ff_cos_256_fixed
ff_cos_32
ff_cos_32768
ff_cos_32768_fixed
ff_cos_32_fixed
ff_cos_4096
ff_cos_4096_fixed
ff_cos_512
ff_cos_512_fixed
ff_cos_64
ff_cos_64_fixed
ff_cos_65536
ff_cos_65536_fixed
ff_cos_8192
ff_cos_8192_fixed
ff_cos_tabs
ff_cos_tabs_fixed
ff_cropTbl
ff_deinterlace_line_inplace_mmx
ff_deinterlace_line_mmx
ff_dirac_parse_sequence_header
ff_dnxhd_init_mmx
ff_emu_edge_core_mmx
ff_emu_edge_core_sse
ff_emulated_edge_mc_10
ff_emulated_edge_mc_8
ff_emulated_edge_mc_9
ff_faanidct
ff_faanidct_add
ff_faanidct_put
ff_fdct_mmx
ff_fdct_mmx2
ff_fdct_sse2
ff_fetch_timestamp
ff_fft_calc_avx
ff_fft_calc_sse
ff_fft_dispatch_3dn
ff_fft_dispatch_3dn2
ff_fft_dispatch_avx
ff_fft_dispatch_interleave_3dn
ff_fft_dispatch_interleave_3dn2
ff_fft_dispatch_interleave_avx
ff_fft_dispatch_interleave_sse
ff_fft_dispatch_sse
ff_fft_end
ff_fft_end_fixed
ff_fft_init
ff_fft_init_fixed
ff_fft_init_mmx
ff_fft_permute_sse
ff_find_pix_fmt
ff_float_interleave2_mmx
ff_float_interleave2_sse
ff_float_interleave6_mmx
ff_float_interleave6_sse
ff_float_interleave_c
ff_float_to_int16_interleave6_3dn2
ff_float_to_int16_interleave6_3dnow
ff_float_to_int16_interleave6_sse
ff_fmt_convert_init
ff_fmt_convert_init_x86
ff_frame_rate_tab
ff_gmc_c
ff_golomb_vlc_len
ff_h264_pred_init
ff_h264_pred_init_x86
ff_idct_xvid_mmx
ff_idct_xvid_mmx2
ff_idct_xvid_sse2
ff_idct_xvid_sse2_add
ff_idct_xvid_sse2_put
ff_imdct_calc_c
ff_imdct_calc_c_fixed
ff_imdct_calc_sse
ff_imdct_half_avx
ff_imdct_half_c
ff_imdct_half_c_fixed
ff_imdct_half_sse
ff_init_ff_cos_tabs
ff_init_ff_cos_tabs_fixed
ff_init_scantable
ff_interleaved_dirac_golomb_vlc_code
ff_interleaved_golomb_vlc_len
ff_interleaved_se_golomb_vlc_code
ff_interleaved_ue_golomb_vlc_code
ff_inverse
ff_is_hwaccel_pix_fmt
ff_log2_run
ff_match_2uint16
ff_mdct_calc_c
ff_mdct_calc_c_fixed
ff_mdct_calcw_c
ff_mdct_end
ff_mdct_end_fixed
ff_mdct_init
ff_mdct_init_fixed
ff_mpa_alloc_tables
ff_mpa_bitrate_tab
ff_mpa_enwindow
ff_mpa_freq_tab
ff_mpa_quant_bits
ff_mpa_quant_steps
ff_mpa_sblimit_table
ff_mpeg12_mbAddrIncrTable
ff_mpeg12_mbMotionVectorTable
ff_mpeg12_mbPatTable
ff_mpeg12_vlc_dc_chroma_bits
ff_mpeg12_vlc_dc_chroma_code
ff_mpeg12_vlc_dc_lum_bits
ff_mpeg12_vlc_dc_lum_code
ff_mpeg1_aspect
ff_mpeg1_default_intra_matrix
ff_mpeg1_default_non_intra_matrix
ff_mpeg2_aspect
ff_mpeg4audio_channels
ff_mpeg4audio_get_config
ff_mpeg4audio_sample_rates
ff_mpeg4video_split
ff_parse1_close
ff_parse_close
ff_pb_0
ff_pb_1
ff_pb_1F
ff_pb_3
ff_pb_3F
ff_pb_4
ff_pb_7
ff_pb_80
ff_pb_81
ff_pb_A1
ff_pb_F8
ff_pb_FC
ff_pb_FE
ff_pd_1
ff_pd_2
ff_pdw_80000000
ff_pred16x16_dc_mmxext
ff_pred16x16_dc_sse2
ff_pred16x16_dc_ssse3
ff_pred16x16_horizontal_10_mmxext
ff_pred16x16_horizontal_10_sse2
ff_pred16x16_horizontal_mmx
ff_pred16x16_horizontal_mmxext
ff_pred16x16_horizontal_ssse3
ff_pred16x16_plane_h264_mmx
ff_pred16x16_plane_h264_mmx2
ff_pred16x16_plane_h264_sse2
ff_pred16x16_plane_h264_ssse3
ff_pred16x16_plane_rv40_mmx
ff_pred16x16_plane_rv40_mmx2
ff_pred16x16_plane_rv40_sse2
ff_pred16x16_plane_rv40_ssse3
ff_pred16x16_plane_svq3_mmx
ff_pred16x16_plane_svq3_mmx2
ff_pred16x16_plane_svq3_sse2
ff_pred16x16_plane_svq3_ssse3
ff_pred16x16_tm_vp8_mmx
ff_pred16x16_tm_vp8_mmxext
ff_pred16x16_tm_vp8_sse2
ff_pred16x16_vertical_10_mmxext
ff_pred16x16_vertical_10_sse2
ff_pred16x16_vertical_mmx
ff_pred16x16_vertical_sse
ff_pred4x4_dc_10_mmxext
ff_pred4x4_dc_mmxext
ff_pred4x4_down_left_10_avx
ff_pred4x4_down_left_10_sse2
ff_pred4x4_down_left_mmxext
ff_pred4x4_down_right_10_avx
ff_pred4x4_down_right_10_sse2
ff_pred4x4_down_right_10_ssse3
ff_pred4x4_down_right_mmxext
ff_pred4x4_horizontal_down_10_avx
ff_pred4x4_horizontal_down_10_sse2
ff_pred4x4_horizontal_down_10_ssse3
ff_pred4x4_horizontal_down_mmxext
ff_pred4x4_horizontal_up_10_mmxext
ff_pred4x4_horizontal_up_mmxext
ff_pred4x4_tm_vp8_mmx
ff_pred4x4_tm_vp8_mmxext
ff_pred4x4_tm_vp8_ssse3
ff_pred4x4_vertical_left_10_avx
ff_pred4x4_vertical_left_10_sse2
ff_pred4x4_vertical_left_mmxext
ff_pred4x4_vertical_right_10_avx
ff_pred4x4_vertical_right_10_sse2
ff_pred4x4_vertical_right_10_ssse3
ff_pred4x4_vertical_right_mmxext
ff_pred4x4_vertical_vp8_mmxext
ff_pred8x8_dc_10_mmxext
ff_pred8x8_dc_10_sse2
ff_pred8x8_dc_mmxext
ff_pred8x8_dc_rv40_mmxext
ff_pred8x8_horizontal_10_sse2
ff_pred8x8_horizontal_mmx
ff_pred8x8_horizontal_mmxext
ff_pred8x8_horizontal_ssse3
ff_pred8x8_plane_mmx
ff_pred8x8_plane_mmx2
ff_pred8x8_plane_sse2
ff_pred8x8_plane_ssse3
ff_pred8x8_tm_vp8_mmx
ff_pred8x8_tm_vp8_mmxext
ff_pred8x8_tm_vp8_sse2
ff_pred8x8_tm_vp8_ssse3
ff_pred8x8_top_dc_10_mmxext
ff_pred8x8_top_dc_10_sse2

Sections

.text
Size: 892KB - Virtual size: 891KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 647KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avformat-53.dll
.dll windows:4 windows x86 arch:x86

cda9a24d0ec183721b985f721181e560

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:d5:e7:a5:50:27:92:93:70:c3:94:34:ac:05:e9:af:0d:85:99:23
Signer

Actual PE Digest

f6:d5:e7:a5:50:27:92:93:70:c3:94:34:ac:05:e9:af:0d:85:99:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_open
__dllonexit
__lc_codepage
__mb_cur_max
_assert
_errno
_iob
_isctype
_pctype
_stricmp
_strnicmp
_winmajor
_wopen
abort
atoi
calloc
fflush
fputc
free
fwrite
getenv
localeconv
malloc
memchr
memcpy
memmove
memset
sscanf
strchr
strcmp
strcpy
strlen
strncmp
strrchr
strspn
strstr
strtol
toupper
vfprintf
wcslen

avcodec-53

av_destruct_packet
av_dup_packet
av_fast_malloc
av_fast_realloc
av_free_packet
av_get_bits_per_sample
av_get_codec_tag_string
av_grow_packet
av_init_packet
av_log_ask_for_sample
av_new_packet
av_packet_merge_side_data
av_parser_close
av_parser_init
av_parser_parse2
av_shrink_packet
av_xiphlacing
avcodec_alloc_context3
avcodec_close
avcodec_decode_audio3
avcodec_decode_video2
avcodec_find_decoder
avcodec_get_frame_defaults
avcodec_open2
avcodec_pix_fmt_to_codec_tag
avcodec_register_all
avcodec_set_dimensions
avcodec_string
ff_find_pix_fmt
ff_mpa_freq_tab
ff_mpeg4audio_get_config
ff_mpeg4audio_sample_rates
ff_raw_pix_fmt_tags
ff_toupper4

avutil-51

av_compare_mod
av_compare_ts
av_crc
av_crc_get_table
av_d2q
av_dict_copy
av_dict_free
av_dict_get
av_dict_set
av_dynarray_add
av_find_info_tag
av_free
av_freep
av_gcd
av_get_pix_fmt_name
av_int2dbl
av_int2flt
av_log
av_malloc
av_mallocz
av_opt_find
av_opt_free
av_opt_set_defaults
av_opt_set_dict
av_parse_time
av_realloc
av_reduce
av_rescale
av_rescale_q
av_rescale_rnd
av_strdup
av_strlcat
av_strlcatf
av_strlcpy
av_strstart
ff_log2_tab

Exports

Exports

_get_output_format
_nm__ff_log2_tab
_nm__ff_mpa_freq_tab
_nm__ff_mpeg4audio_sample_rates
_nm__ff_raw_pix_fmt_tags
av_add_index_entry
av_alloc_put_byte
av_append_packet
av_close_input_file
av_close_input_stream
av_codec_get_id
av_codec_get_tag
av_demuxer_open
av_dump_format
av_filename_number_test
av_find_best_stream
av_find_default_stream_index
av_find_input_format
av_find_stream_info
av_gen_search
av_get_frame_filename
av_get_output_timestamp
av_get_packet
av_gettime
av_guess_codec
av_guess_format
av_hex_dump
av_hex_dump_log
av_iformat_next
av_index_search_timestamp
av_interleave_packet_per_dts
av_interleaved_write_frame
av_match_ext
av_metadata_conv
av_metadata_copy
av_metadata_free
av_metadata_get
av_metadata_set2
av_new_program
av_new_stream
av_oformat_next
av_open_input_file
av_open_input_stream
av_pkt_dump
av_pkt_dump2
av_pkt_dump_log
av_pkt_dump_log2
av_probe_input_buffer
av_probe_input_format
av_probe_input_format2
av_probe_input_format3
av_protocol_next
av_read_frame
av_read_packet
av_read_pause
av_read_play
av_register_all
av_register_input_format
av_register_output_format
av_register_protocol2
av_sdp_create
av_seek_frame
av_seek_frame_binary
av_set_parameters
av_set_pts_info
av_update_cur_dts
av_url_read_fpause
av_url_read_fseek
av_url_read_pause
av_url_read_seek
av_url_split
av_write_frame
av_write_header
av_write_trailer
avf_sdp_create
avformat_alloc_context
avformat_alloc_output_context
avformat_alloc_output_context2
avformat_configuration
avformat_find_stream_info
avformat_free_context
avformat_license
avformat_open_input
avformat_seek_file
avformat_version
avformat_write_header
avio_alloc_context
avio_check
avio_close
avio_close_dyn_buf
avio_enum_protocols
avio_flush
avio_get_str
avio_get_str16be
avio_get_str16le
avio_open
avio_open_dyn_buf
avio_pause
avio_printf
avio_put_str
avio_put_str16le
avio_r8
avio_rb16
avio_rb24
avio_rb32
avio_rb64
avio_read
avio_rl16
avio_rl24
avio_rl32
avio_rl64
avio_seek
avio_seek_time
avio_set_interrupt_cb
avio_size
avio_skip
avio_w8
avio_wb16
avio_wb24
avio_wb32
avio_wb64
avio_wl16
avio_wl24
avio_wl32
avio_wl64
avio_write
brktimegm
codec_movaudio_tags
codec_movvideo_tags
dump_format
ff_add_index_entry
ff_celt_codec
ff_codec_bmp_tags
ff_codec_get_id
ff_codec_get_tag
ff_codec_guid_get_id
ff_codec_movsubtitle_tags
ff_codec_wav_guids
ff_codec_wav_tags
ff_crc04C11DB7_update
ff_data_to_hex
ff_find_stream_index
ff_free_parser_state
ff_gen_syncpoint_search
ff_get_bmp_header
ff_get_guid
ff_get_line
ff_get_v_length
ff_get_wav_header
ff_hex_to_data
ff_id3v1_genre_str
ff_id3v1_read
ff_id3v2_2_metadata_conv
ff_id3v2_34_metadata_conv
ff_id3v2_3_tags
ff_id3v2_4_metadata_conv
ff_id3v2_4_tags
ff_id3v2_match
ff_id3v2_read
ff_id3v2_tag_len
ff_id3v2_tags
ff_index_search_timestamp
ff_interleave_add_packet
ff_make_absolute_url
ff_metadata_conv
ff_metadata_conv_ctx
ff_mkv_codec_tags
ff_mkv_metadata_conv
ff_mkv_mime_tags
ff_mov_iso639_to_lang
ff_mov_lang_to_iso639
ff_mov_read_chan
ff_mov_write_chan
ff_mp4_obj_type
ff_mp4_read_dec_config_descr
ff_mp4_read_descr
ff_mp4_read_descr_len
ff_new_chapter
ff_ntp_time
ff_ogm_audio_codec
ff_ogm_old_codec
ff_ogm_text_codec
ff_ogm_video_codec
ff_parse_key_value
ff_parse_specific_params
ff_program_add_stream_index
ff_put_v
ff_read_frame_flush
ff_reduce_index
ff_restore_parser_state
ff_rm_alloc_rmstream
ff_rm_codec_tags
ff_rm_free_rmstream
ff_rm_metadata
ff_rm_parse_packet
ff_rm_read_mdpr_codecdata
ff_rm_reorder_sipr_data
ff_rm_retrieve_cache
ff_sdp_write_media
ff_sipr_subpk_size
ff_skeleton_codec
ff_store_parser_state
ff_theora_codec
ff_url_join
ff_vorbis_codec
ff_vorbis_comment
ff_vorbiscomment_length
ff_vorbiscomment_metadata_conv
ff_vorbiscomment_write
ff_wav_codec_get_id
ff_win32_open
ff_write_chained
ffio_fdopen
ffio_fill
ffio_get_checksum
ffio_init_checksum
ffio_init_context
ffio_open_dyn_packet_buf
ffio_read_partial
ffio_read_varlen
ffio_rewind_with_probe_data
ffio_set_buf_size
ffurl_alloc
ffurl_close
ffurl_connect
ffurl_get_file_handle
ffurl_open
ffurl_read
ffurl_read_complete
ffurl_register_protocol
ffurl_seek
ffurl_size
ffurl_write
find_info_tag
first_protocol
get_be16
get_be24
get_be32
get_be64
get_buffer
get_byte
get_checksum
get_le16
get_le24
get_le32
get_le64
get_partial_buffer
get_strz
init_checksum
init_put_byte
matroska_video_stereo_mode
matroska_video_stereo_plane
parse_date
pcm_read_seek
put_be16
put_be24
put_be32
put_be64
put_buffer
put_byte
put_flush_packet
put_le16
put_le24
put_le32
put_le64
put_nbyte
put_strz
put_tag
url_alloc
url_close
url_close_buf
url_close_dyn_buf
url_connect
url_exist
url_fclose
url_fdopen
url_feof
url_ferror
url_fget_max_packet_size
url_fgetc
url_fgets
url_fileno
url_filesize
url_fopen
url_fprintf
url_fseek
url_fsize
url_fskip
url_ftell
url_get_file_handle
url_get_filename
url_get_max_packet_size
url_interrupt_cb
url_open
url_open_buf
url_open_dyn_buf
url_open_dyn_packet_buf
url_open_protocol
url_read
url_read_complete
url_seek
url_set_interrupt_cb
url_setbufsize
url_write

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
avutil-51.dll
.dll windows:4 windows x86 arch:x86

348455ac79d3a5ef49002e19f2d2acef

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:a9:38:ed:c7:ae:ac:8d:c7:1d:cb:b4:b4:f6:11:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/09/2012, 00:00

Not After

23/11/2015, 23:59

Subject

CN=Valve,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Valve,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fc:02:44:82:ee:02:70:74:f1:fc:6d:17:dc:f0:e3:94:d9:ea:5f:f9
Signer

Actual PE Digest

fc:02:44:82:ee:02:70:74:f1:fc:6d:17:dc:f0:e3:94:d9:ea:5f:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileMappingA
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetConsoleScreenBufferInfo
GetLastError
GetModuleHandleA
GetProcAddress
GetStdHandle
InitializeCriticalSection
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
SetConsoleTextAttribute
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

_close
_fstat
_isatty
_open
_read
__dllonexit
__lc_codepage
__mb_cur_max
_errno
_get_osfhandle
_iob
_isctype
_pctype
_stricmp
_strnicmp
_winmajor
abort
acos
asin
atan
bsearch
calloc
ceil
clock
cos
cosh
exp
fflush
floor
fputc
fputs
free
frexp
fwrite
getenv
gmtime
ldexp
localeconv
localtime
log
malloc
memcpy
memset
mktime
pow
realloc
sin
sinh
sqrt
strchr
strcmp
strcpy
strlen
strspn
strtol
strtoul
tan
tanh
time
toupper
vfprintf
wcslen

Exports

Exports

av_add_q
av_adler32_update
av_aes_crypt
av_aes_init
av_aes_size
av_base64_decode
av_base64_encode
av_bmg_get
av_compare_mod
av_compare_ts
av_crc
av_crc_get_table
av_crc_init
av_d2q
av_d2str
av_dbl2ext
av_dbl2int
av_default_item_name
av_des_crypt
av_des_init
av_dict_copy
av_dict_free
av_dict_get
av_dict_set
av_div_q
av_dynarray_add
av_eval_expr
av_evaluate_lls
av_expr_eval
av_expr_free
av_expr_parse
av_expr_parse_and_eval
av_ext2dbl
av_fifo_alloc
av_fifo_drain
av_fifo_free
av_fifo_generic_read
av_fifo_generic_write
av_fifo_realloc2
av_fifo_reset
av_fifo_size
av_fifo_space
av_file_map
av_file_unmap
av_find_info_tag
av_find_nearest_q_idx
av_find_opt
av_flt2int
av_force_cpu_flags
av_free
av_free_expr
av_freep
av_gcd
av_get_bits_per_pixel
av_get_bits_per_sample_fmt
av_get_bytes_per_sample
av_get_channel_layout
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_cpu_flags
av_get_double
av_get_int
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_name
av_get_pix_fmt_string
av_get_q
av_get_random_seed
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_get_string
av_get_token
av_image_alloc
av_image_check_size
av_image_copy
av_image_copy_plane
av_image_fill_linesizes
av_image_fill_max_pixsteps
av_image_fill_pointers
av_image_get_linesize
av_init_lls
av_int2dbl
av_int2flt
av_lfg_init
av_log
av_log_default_callback
av_log_get_level
av_log_set_callback
av_log_set_flags
av_log_set_level
av_lzo1x_decode
av_malloc
av_mallocz
av_md5_final
av_md5_init
av_md5_size
av_md5_sum
av_md5_update
av_memcpy_backptr
av_mul_q
av_nearer_q
av_next_option
av_opt_find
av_opt_flag_is_set
av_opt_free
av_opt_set_defaults
av_opt_set_defaults2
av_opt_set_dict
av_opt_show2
av_parse_and_eval_expr
av_parse_color
av_parse_expr
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_descriptors
av_rc4_crypt
av_rc4_init
av_read_image_line
av_realloc
av_reduce
av_rescale
av_rescale_q
av_rescale_rnd
av_reverse
av_samples_alloc
av_samples_fill_arrays
av_set_double
av_set_int
av_set_options_string
av_set_q
av_set_string3
av_sha_final
av_sha_init
av_sha_size
av_sha_update
av_solve_lls
av_strdup
av_strerror
av_stristart
av_stristr
av_strlcat
av_strlcatf
av_strlcpy
av_strstart
av_strtod
av_sub_q
av_tree_destroy
av_tree_enumerate
av_tree_find
av_tree_insert
av_tree_node_size
av_update_lls
av_vlog
av_write_image_line
avutil_configuration
avutil_license
avutil_version
ff_get_cpu_flags_x86
ff_inverse
ff_log2_tab
ff_set_systematic_pal2
ff_sqrt_tab

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
client32.exe
.exe windows:5 windows x86 arch:x86

a9d50692e95b79723f3e76fcf70d023e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/06/2022, 13:01

Not After

17/06/2025, 13:01

Subject

SERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:ad
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

17/06/2022, 13:01

Not After

17/06/2025, 13:01

Subject

SERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:45

Not After

08/05/2033, 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:bf:eb:03:e7:e0:f6:db:1a:a9:22:a1:d1:c5:e7:d5:fc:7f:5a:0a:af:df:df:56:5b:e5:36:a7:b1:2b:6f:7c
Signer

Actual PE Digest

99:bf:eb:03:e7:e0:f6:db:1a:a9:22:a1:d1:c5:e7:d5:fc:7f:5a:0a:af:df:df:56:5b:e5:36:a7:b1:2b:6f:7c

Digest Algorithm

sha256

PE Digest Matches

true

5f:69:b2:71:61:de:fe:8f:bf:fe:5f:3c:d2:cb:ae:53:e2:46:5e:14
Signer

Actual PE Digest

5f:69:b2:71:61:de:fe:8f:bf:fe:5f:3c:d2:cb:ae:53:e2:46:5e:14

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\nsmsrc\nsm\1410\1410\client32\release_unicode\client32.pdb

Imports

pcicl32

_NSMClient32@8

kernel32

GetCommandLineW
ExitProcess
GetModuleHandleW
GetStartupInfoW

Sections

.text
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
client32.ini
comcat.dll
.dll regsvr32 windows:10 windows x64 arch:x64

5c317b4785c1c3ce395f95788fb0f892

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

comcat.pdb

Imports

msvcrt

__C_specific_handler
_XcptFilter
_initterm
malloc
free
_amsg_exit

kernel32

QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
Sleep
GetCurrentProcessId

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
getuname.dll
.dll windows:10 windows x64 arch:x64

b5f02961939c3c6edf46e7379484f547

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

GetUName.pdb

Imports

msvcrt

__C_specific_handler
_XcptFilter
malloc
free
_initterm
_amsg_exit

api-ms-win-core-libraryloader-l1-2-0

LoadStringW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

GetUName

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ifsutilx.dll
.dll windows:10 windows x64 arch:x64

f0120248cc8015539d8aaf42f8d64a47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ifsutilx.pdb

Imports

msvcrt

_initterm
_vsnwprintf
_XcptFilter
__C_specific_handler
free
wcsncmp
malloc
memcpy
_amsg_exit
memset

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
DbgPrint

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoCreateInstance

api-ms-win-core-file-l1-1-0

CreateFileW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ifsutil

RegisterExtensionCallbacks

ulib

?Initialize@WSTRING@@QEAAEPEBGK@Z

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

CheckSnapshotPresence
CreateVolumeSnapshot
GetSnapshotErrorMessage
InitializeCOM
ReleaseVolumeSnapshot
UninitializeCOM

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libEGL.dll
.dll windows:10 windows x64 arch:x64

9a96e9625913c28565890e319d5bf446

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0b:50:cf:24:6b:26:3e:fd:85:a7:29:31:51:58:f3:ff
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/04/2024, 00:00

Not After

10/04/2027, 23:59

Subject

SERIALNUMBER=3582691,CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d8:f7:f4:17:b2:27:10:b3:82:ed:40:31:02:34:b1:8d:12:d1:36:70:e6:bb:80:a3:74:08:52:21:b0:7c:0c:72
Signer

Actual PE Digest

d8:f7:f4:17:b2:27:10:b3:82:ed:40:31:02:34:b1:8d:12:d1:36:70:e6:bb:80:a3:74:08:52:21:b0:7c:0c:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

libEGL.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

eglAcquireExternalContextANGLE
eglBindAPI
eglBindTexImage
eglChooseConfig
eglClientWaitSync
eglClientWaitSyncKHR
eglCopyBuffers
eglCopyMetalSharedEventANGLE
eglCreateContext
eglCreateDeviceANGLE
eglCreateImage
eglCreateImageKHR
eglCreateNativeClientBufferANDROID
eglCreatePbufferFromClientBuffer
eglCreatePbufferSurface
eglCreatePixmapSurface
eglCreatePlatformPixmapSurface
eglCreatePlatformPixmapSurfaceEXT
eglCreatePlatformWindowSurface
eglCreatePlatformWindowSurfaceEXT
eglCreateStreamKHR
eglCreateStreamProducerD3DTextureANGLE
eglCreateSync
eglCreateSyncKHR
eglCreateWindowSurface
eglDebugMessageControlKHR
eglDestroyContext
eglDestroyImage
eglDestroyImageKHR
eglDestroyStreamKHR
eglDestroySurface
eglDestroySync
eglDestroySyncKHR
eglDupNativeFenceFDANDROID
eglExportVkImageANGLE
eglForceGPUSwitchANGLE
eglGetCompositorTimingANDROID
eglGetCompositorTimingSupportedANDROID
eglGetConfigAttrib
eglGetConfigs
eglGetCurrentContext
eglGetCurrentDisplay
eglGetCurrentSurface
eglGetDisplay
eglGetError
eglGetFrameTimestampSupportedANDROID
eglGetFrameTimestampsANDROID
eglGetMscRateANGLE
eglGetNativeClientBufferANDROID
eglGetNextFrameIdANDROID
eglGetPlatformDisplay
eglGetPlatformDisplayEXT
eglGetProcAddress
eglGetSyncAttrib
eglGetSyncAttribKHR
eglGetSyncValuesCHROMIUM
eglHandleGPUSwitchANGLE
eglInitialize
eglLabelObjectKHR
eglLockSurfaceKHR
eglLockVulkanQueueANGLE
eglMakeCurrent
eglPostSubBufferNV
eglPrepareSwapBuffersANGLE
eglPresentationTimeANDROID
eglProgramCacheGetAttribANGLE
eglProgramCachePopulateANGLE
eglProgramCacheQueryANGLE
eglProgramCacheResizeANGLE
eglQueryAPI
eglQueryContext
eglQueryDebugKHR
eglQueryDeviceAttribEXT
eglQueryDeviceStringEXT
eglQueryDisplayAttribANGLE
eglQueryDisplayAttribEXT
eglQueryDmaBufFormatsEXT
eglQueryDmaBufModifiersEXT
eglQueryStreamKHR
eglQueryStreamu64KHR
eglQueryString
eglQueryStringiANGLE
eglQuerySupportedCompressionRatesEXT
eglQuerySurface
eglQuerySurface64KHR
eglQuerySurfacePointerANGLE
eglReacquireHighPowerGPUANGLE
eglReleaseDeviceANGLE
eglReleaseExternalContextANGLE
eglReleaseHighPowerGPUANGLE
eglReleaseTexImage
eglReleaseThread
eglSetBlobCacheFuncsANDROID
eglSetDamageRegionKHR
eglSetValidationEnabledANGLE
eglSignalSyncKHR
eglStreamAttribKHR
eglStreamConsumerAcquireKHR
eglStreamConsumerGLTextureExternalAttribsNV
eglStreamConsumerGLTextureExternalKHR
eglStreamConsumerReleaseKHR
eglStreamPostD3DTextureANGLE
eglSurfaceAttrib
eglSwapBuffers
eglSwapBuffersWithDamageKHR
eglSwapBuffersWithFrameTokenANGLE
eglSwapInterval
eglTerminate
eglUnlockSurfaceKHR
eglUnlockVulkanQueueANGLE
eglWaitClient
eglWaitGL
eglWaitNative
eglWaitSync
eglWaitSyncKHR
eglWaitUntilWorkScheduledANGLE

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libssp-0.dll
.dll windows:4 windows x64 arch:x64

550703e32944da81749eeb979a022099

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_exit
_initterm
_lock
_unlock
abort
calloc
fgets
free
fwrite
gets
malloc
memcpy
memmove
memset
realloc
strlen
strncmp
strncpy
vfprintf
_write
_open
_close

Exports

Exports

__chk_fail
__gets_chk
__memcpy_chk
__memmove_chk
__mempcpy_chk
__memset_chk
__stack_chk_fail
__stack_chk_guard
__stpcpy_chk
__strcat_chk
__strcpy_chk
__strncat_chk
__strncpy_chk

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 272B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 361B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libwinpthread-1.dll
.dll windows:4 windows x64 arch:x64

fea7be972a0bb7dd20cc26160803dae6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount64
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

__C_specific_handler
__iob_func
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_lock
_setjmp
_ultoa
_unlock
abort
calloc
exit
fprintf
free
fwrite
longjmp
malloc
memmove
memset
printf
realloc
signal
strlen
strncmp
vfprintf
_strdup

Exports

Exports

__pth_gpointer_locked
__pthread_clock_nanosleep
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
clock_getres
clock_gettime
clock_nanosleep
clock_settime
nanosleep
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstack
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstack
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 400B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
load/blizzard.ax
.dll regsvr32 windows:4 windows x86 arch:x86

a0df3593bae4cfff195bd9b1458870e1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/11/2015, 00:00

Not After

18/01/2018, 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:45:6a:f1:c0:45:86:6b:4e:16:f2:77:3e:2f:04:01:1e:6b:c8:a1
Signer

Actual PE Digest

7b:45:6a:f1:c0:45:86:6b:4e:16:f2:77:3e:2f:04:01:1e:6b:c8:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
GetWindowsDirectoryA
GetLastError
GetProcAddress
GetSystemInfo
InterlockedExchange
CreateThread
ResetEvent
GetCurrentThread
WaitForMultipleObjects
GetThreadPriority
GetTickCount
SetThreadPriority
lstrcmpiA
ReleaseSemaphore
GetModuleHandleA
GetVersionExA
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
CloseHandle
LeaveCriticalSection
CreateEventA
DuplicateHandle
GetCurrentThreadId
GetCurrentProcess
SetEvent
WaitForSingleObject
CreateSemaphoreA
VirtualFree
VirtualAlloc

user32

GetWindowRect
IsWindow
GetWindowThreadProcessId
MoveWindow
SetRectEmpty
CreateDialogParamA
PostMessageA
MsgWaitForMultipleObjects
GetQueueStatus
PostThreadMessageA
PeekMessageA
DispatchMessageA
LoadStringW
LoadStringA
InvalidateRect
DefWindowProcA
GetWindowLongA
SetWindowLongA
wsprintfA
RegisterWindowMessageA
SetDlgItemTextA
GetDlgItem
DestroyWindow
MessageBoxA
SendMessageA
EnableWindow
CreateWindowExA
GetDesktopWindow
ShowWindow
CheckDlgButton
LoadCursorA
SetCursor
SetClassLongA

gdi32

GdiFlush
SelectPalette
CreateCompatibleBitmap
GetDIBits
CreateDCA
DeleteDC
TextOutA
SetTextAlign
SetTextColor
DeleteObject

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegSetValueA

shell32

ShellExecuteA

ole32

CoTaskMemFree
StringFromGUID2
CoFreeUnusedLibraries
CoTaskMemAlloc
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

OleCreatePropertyFrame

msvcrt

srand
strstr
rand
sprintf
time
printf
atoi
??2@YAPAXI@Z
strncmp
??3@YAXPAX@Z
malloc
_purecall
__CxxFrameHandler
free

winmm

timeGetTime

Exports

Exports

Config
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mprext.dll
.dll windows:10 windows x64 arch:x64

8c4eb7a549c77fac0467b83cebc5d650

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

mprext.pdb

Imports

ntdll

__C_specific_handler
RtlLookupFunctionEntry
swprintf_s
wcscat_s
RtlUpcaseUnicodeChar
RtlCaptureContext
RtlVirtualUnwind
memset

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-1-0

SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

DoBroadcastSystemMessageWorker
DoCommandLinePromptWorker
DoPasswordDialogWorker
DoProfileErrorDialogWorker
ShowReconnectDialogEndWorker
ShowReconnectDialogUIWorker
ShowReconnectDialogWorker
WNetConnectionDialog1WWorker
WNetConnectionDialogWorker
WNetDisconnectDialog1WWorker
WNetDisconnectDialogWorker

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msidle.dll
.dll windows:10 windows x64 arch:x64

14fd2ad264e565ddd6fbeaa5eeae6e57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msidle.pdb

Imports

msvcrt

__C_specific_handler
_amsg_exit
_initterm
malloc
free
_XcptFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msidntld.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
msvcr100.dll
.dll windows:5 windows x86 arch:x86

5271d5ce8b44dd47bc92563e27585466

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8d:91:f0:a3:ff:41:70:8c:67:d0:ba:79:6d:52:da:88:0c:59:23:cc
Signer

Actual PE Digest

8d:91:f0:a3:ff:41:70:8c:67:d0:ba:79:6d:52:da:88:0c:59:23:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr100.i386.pdb

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileExA
FindClose
FindNextFileW
FindFirstFileExW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetDriveTypeA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
CreateEventW
SwitchToThread
SignalObjectAndWait
TryEnterCriticalSection
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetProcessAffinityMask
VirtualProtect
SetThreadAffinityMask
InitializeSListHead
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetThreadPriority
LoadLibraryW
SleepEx
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
RtlUnwind
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreatePipe
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetProcessHeap
InterlockedExchange
LockFile
UnlockFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsProcessorFeaturePresent

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@details@Concurrency@@QAE@PBD@Z
??0task_canceled@details@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@IAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p

Sections

.text
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
neth.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
netmsg.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nskbfltr.inf
nsm_vpro.ini
panmap.dll
.dll windows:10 windows x64 arch:x64

e9dbf5df0a9e862645294faf11ef4307

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

panmap.pdb

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
memcpy

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcess
TerminateProcess
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

kernel32

MulDiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pcicapi.dll
.dll windows:5 windows x86 arch:x86

f8282f99f39314d8a05a0ff650027272

Code Sign

e8:cb:c7:6f:b7:59:9a:2d:1f:79:37:f8:3b:77:9a:77
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/04/2019, 00:00

Not After

05/04/2022, 23:59

Subject

CN=CrossTec Corporation,O=CrossTec Corporation,POSTALCODE=33431,STREET=500 NE Spanish River Boulevard,L=Boca Raton,ST=FL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e8:cb:c7:6f:b7:59:9a:2d:1f:79:37:f8:3b:77:9a:77
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

06/04/2019, 00:00

Not After

05/04/2022, 23:59

Subject

CN=CrossTec Corporation,O=CrossTec Corporation,POSTALCODE=33431,STREET=500 NE Spanish River Boulevard,L=Boca Raton,ST=FL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:b8:f3:cd:f4:ca:cd:08:13:de:76:63:6b:49:6c:91:4a:86:62:73:62:a2:06:7f:47:d9:7a:93:0f:8e:d2:5e
Signer

Actual PE Digest

5e:b8:f3:cd:f4:ca:cd:08:13:de:76:63:6b:49:6c:91:4a:86:62:73:62:a2:06:7f:47:d9:7a:93:0f:8e:d2:5e

Digest Algorithm

sha256

PE Digest Matches

true

3a:bf:28:2a:8d:92:2a:9d:3c:7f:11:54:6a:41:36:21:a2:9c:98:04
Signer

Actual PE Digest

3a:bf:28:2a:8d:92:2a:9d:3c:7f:11:54:6a:41:36:21:a2:9c:98:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\nsmsrc\nsm\1280\1280\ctl32\release_unicode\pcicapi.pdb

Imports

kernel32

GetModuleFileNameW
GetProcAddress
GetModuleHandleW
OutputDebugStringW
LoadLibraryW
FreeLibrary
CloseHandle
OpenProcess
GetCurrentProcessId
CreateEventW
InterlockedIncrement
GetVersionExW
GetLocalTime
GetTempPathW
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcess
GetCurrentThreadId
GetTickCount
GetLastError
GetVersion
SetLastError
DisableThreadLibraryCalls
Sleep
LeaveCriticalSection
EnterCriticalSection
SetEvent
InterlockedDecrement
WaitForSingleObject
DeleteCriticalSection
CreateThread
InitializeCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
MultiByteToWideChar
ExitProcess
WideCharToMultiByte
QueryPerformanceCounter

user32

DispatchMessageW
TranslateMessage
GetMessageW
GetGuiResources
SetTimer
MessageBoxW
KillTimer
PeekMessageW
PostQuitMessage
wvsprintfW
wsprintfW

advapi32

GetTokenInformation
OpenProcessToken

msvcr100

_except_handler4_common
_onexit
_lock
malloc
wcsrchr
wcsncmp
fclose
_wfopen
wcsncat
fputws
strrchr
memset
iswctype
memcpy
free
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit

Exports

Exports

CapiClose
CapiConnected
CapiDial
CapiHangup
CapiListen
CapiNotify
CapiOpen
CapiOpen2
CapiRead
CapiSend

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prflbmsg.dll
.dll windows:10 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
provdiagnostics.dll
.dll windows:10 windows x64 arch:x64

66e2d1b2cdab292d56111a45637c4a3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

provdiagnostics.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
redist/camera_mf_trace.wprp
.xml
redist/configs
redist/mf_trace.wprp
.xml
redist/miles/Mp3dec.asi
.dll windows:4 windows x86 arch:x86

113244029ceda204dda9cd578f66b019

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/11/2015, 00:00

Not After

18/01/2018, 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e0:47:bf:20:46:d0:0f:42:d7:3e:a7:4b:3d:a1:f4:14:c6:38:80:e8
Signer

Actual PE Digest

e0:47:bf:20:46:d0:0f:42:d7:3e:a7:4b:3d:a1:f4:14:c6:38:80:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
DisableThreadLibraryCalls
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
RaiseException
RtlUnwind

mss32

RIB_register_interface
_RIB_provider_library_handle@0
_AIL_mem_free_lock@4
_AIL_mem_alloc_lock@4
_AIL_MMX_available@0
RIB_unregister_interface

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
redist/miles/Mssdolby.m3d
.dll windows:4 windows x86 arch:x86

6acf1151433f8344d1ac4481b08f7711

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/11/2015, 00:00

Not After

18/01/2018, 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:6e:14:36:fa:69:4e:13:bd:be:a6:0d:62:42:9c:ad:91:c6:0f:1f
Signer

Actual PE Digest

fa:6e:14:36:fa:69:4e:13:bd:be:a6:0d:62:42:9c:ad:91:c6:0f:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
DisableThreadLibraryCalls
LCMapStringW
RtlUnwind

mss32

_AIL_ms_count@0
RIB_register_interface
_RIB_provider_library_handle@0
_AIL_filter_sample_attribute@12
_AIL_set_filter_sample_preference@12
_AIL_set_sample_processor@12
_AIL_sample_playback_rate@4
_AIL_set_sample_playback_rate@8
_AIL_set_sample_pan@8
_AIL_set_sample_volume@8
_AIL_lock@0
_AIL_unlock@0
_AIL_get_preference@4
_AIL_init_sample@4
_AIL_stop_sample@4
_AIL_set_sample_type@12
_AIL_resume_sample@4
RIB_unregister_interface
_AIL_set_error@4
_AIL_release_timer_handle@4
_AIL_stop_timer@4
_AIL_set_timer_frequency@8
_AIL_start_timer@4
_AIL_set_timer_period@8
_AIL_register_timer@4
_AIL_enumerate_filters@12
_AIL_mem_alloc_lock@4
_AIL_release_sample_handle@4
_AIL_allocate_sample_handle@4
_AIL_primary_digital_driver@4
_AIL_mem_free_lock@4
_AIL_load_sample_buffer@16
_AIL_sample_buffer_ready@4

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
redist/miles/Msseax2.m3d
.dll windows:4 windows x86 arch:x86

ddb5c0adb544de157684e8731c9efa87

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/11/2015, 00:00

Not After

18/01/2018, 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

de:5f:48:cd:36:6d:0b:67:12:54:09:1a:5e:98:c6:65:09:35:a7:04
Signer

Actual PE Digest

de:5f:48:cd:36:6d:0b:67:12:54:09:1a:5e:98:c6:65:09:35:a7:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetOEMCP
DisableThreadLibraryCalls
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
Sleep
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
RaiseException
RtlUnwind

mss32

_AIL_lock@0
_AIL_lock_mutex@0
_AIL_unlock_mutex@0
_AIL_set_error@4
_AIL_release_timer_handle@4
_AIL_stop_timer@4
_AIL_set_timer_frequency@8
_AIL_start_timer@4
_AIL_get_preference@4
_AIL_unlock@0
_AIL_get_DirectSound_info@12
_AIL_digital_handle_reacquire@4
_AIL_set_preference@8
_AIL_digital_handle_release@4
RIB_unregister_interface
RIB_register_interface
_RIB_provider_library_handle@0
_AIL_set_timer_period@8
_AIL_register_timer@4

winmm

timeGetTime

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
redist/miles/Mssfast.m3d
.dll windows:4 windows x86 arch:x86

0e23d46c2d8f9de9174114dcf4997194

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/11/2015, 00:00

Not After

18/01/2018, 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8e:60:7f:f5:a8:14:be:f9:c9:f5:f6:d9:98:42:3a:8e:35:aa:ee:39
Signer

Actual PE Digest

8e:60:7f:f5:a8:14:be:f9:c9:f5:f6:d9:98:42:3a:8e:35:aa:ee:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringA
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
DisableThreadLibraryCalls
LCMapStringW
RtlUnwind

mss32

_AIL_ms_count@0
RIB_register_interface
_RIB_provider_library_handle@0
_AIL_filter_sample_attribute@12
_AIL_set_filter_sample_preference@12
_AIL_set_sample_processor@12
_AIL_sample_playback_rate@4
_AIL_set_sample_playback_rate@8
_AIL_set_sample_pan@8
_AIL_set_sample_volume@8
_AIL_lock@0
_AIL_unlock@0
_AIL_get_preference@4
_AIL_init_sample@4
_AIL_stop_sample@4
_AIL_set_sample_type@12
_AIL_resume_sample@4
RIB_unregister_interface
_AIL_set_error@4
_AIL_release_timer_handle@4
_AIL_stop_timer@4
_AIL_set_timer_frequency@8
_AIL_start_timer@4
_AIL_set_timer_period@8
_AIL_register_timer@4
_AIL_enumerate_filters@12
_AIL_mem_alloc_lock@4
_AIL_allocate_sample_handle@4
_AIL_primary_digital_driver@4
_AIL_release_sample_handle@4
_AIL_mem_free_lock@4
_AIL_load_sample_buffer@16
_AIL_sample_buffer_ready@4

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
redist/miles/Reverb3.flt
.dll windows:4 windows x86 arch:x86

03defa7ffc17825c777c64db523e9c6d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:d9:00:6d:6b:07:5e:81:fc:79:87:59:6b:6b:5e:56
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/11/2015, 00:00

Not After

18/01/2018, 12:00

Subject

CN=Blizzard Entertainment\, Inc.,O=Blizzard Entertainment\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:cd:94:8b:ea:07:08:17:20:67:53:f3:83:46:0a:67:3b:14:b3:40
Signer

Actual PE Digest

a5:cd:94:8b:ea:07:08:17:20:67:53:f3:83:46:0a:67:3b:14:b3:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mss32

_AIL_MMX_available@0
_AIL_mem_free_lock@4
_AIL_mem_alloc_lock@4
_AIL_digital_configuration@16
_RIB_provider_library_handle@0
RIB_register_interface
RIB_unregister_interface

kernel32

GetFileType
GetStdHandle
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
DisableThreadLibraryCalls
GetCommandLineA
GetVersion
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetHandleCount
MultiByteToWideChar
GetStringTypeA
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
HeapAlloc
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
redist/shortcuts-default.json
remcmdstub.exe
.exe windows:5 windows x86 arch:x86

99c0cd957fc7334714fefa3daa61a6ea

Code Sign

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/09/2017, 00:00

Not After

22/09/2020, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:90:6f:af:4f:bd:75:ba:a1:0b:32:23:56:a0:7f:6d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/09/2017, 00:00

Not After

22/09/2020, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:5b:db:b1:80:13:58:6a:fb:17:c4:72:52:4f:73:4e:82:c0:d3:d6:30:b8:41:55:f2:be:7f:46:2f:b8:e4:f4
Signer

Actual PE Digest

33:5b:db:b1:80:13:58:6a:fb:17:c4:72:52:4f:73:4e:82:c0:d3:d6:30:b8:41:55:f2:be:7f:46:2f:b8:e4:f4

Digest Algorithm

sha256

PE Digest Matches

true

1d:42:a2:20:c0:fa:8a:93:d6:9c:f1:f0:85:d9:8b:8f:0a:94:27:ac
Signer

Actual PE Digest

1d:42:a2:20:c0:fa:8a:93:d6:9c:f1:f0:85:d9:8b:8f:0a:94:27:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
FreeLibrary
GetProcAddress
SetLastError
GetVersionExA
GetLastError
GetModuleFileNameA
WaitForSingleObject
Sleep
WriteFile
GetExitCodeProcess
GenerateConsoleCtrlEvent
WaitForMultipleObjects
CloseHandle
CreateProcessA
SetConsoleCtrlHandler
SetConsoleMode
GetConsoleMode
GetStdHandle
ExpandEnvironmentStringsA
SetStdHandle
WriteConsoleW
HeapSize
SetFilePointer
FlushFileBuffers
GetCommandLineA
HeapSetInformation
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryW
HeapReAlloc
GetConsoleCP
CreateFileW

user32

EnumWindows
GetClassNameA
SendMessageA
EnumThreadWindows

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wiatrace.dll
.dll windows:10 windows x64 arch:x64

7146ee63c835f34bc9729fe5ed9f8dbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wiatrace.pdb

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_splitpath_s
_vsnprintf
memset

kernel32

CopyFileA
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
Sleep
TlsFree
GetModuleFileNameA
TlsSetValue
WriteFile
ExpandEnvironmentStringsA
SetEndOfFile
WaitForSingleObject
ReleaseMutex
TlsGetValue
TlsAlloc
GetLocalTime
SetFilePointerEx
GetCurrentProcessId
TerminateProcess

Exports

Exports

WIATRACE_DecrementIndentLevel
WIATRACE_GetIndentLevel
WIATRACE_GetTraceSettings
WIATRACE_IncrementIndentLevel
WIATRACE_Init
WIATRACE_OutputString
WIATRACE_SetTraceSettings
WIATRACE_Term

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8a1db56beebf8e839dde8e0df72f492

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:afCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:afCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

dc:e1:81:f3:38:7b:08:1c:26:8a:38:cf:5a:5c:37:c6:71:3a:51:1c:80:bd:de:31:76:ad:67:b2:6c:d1:1a:f5Signer

59:5a:26:d4:2a:01:38:38:e7:97:cc:93:42:13:93:47:93:f4:f1:70Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

a6ab0ac73d733ac12db0454e9a7326f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:37:e8Certificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

11:21:87:b3:98:71:ea:55:e9:2e:60:a8:a6:31:92:dd:60:f0Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

kernel32

user32

advapi32

Exports

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:af
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:af
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

dc:e1:81:f3:38:7b:08:1c:26:8a:38:cf:5a:5c:37:c6:71:3a:51:1c:80:bd:de:31:76:ad:67:b2:6c:d1:1a:f5
Signer

59:5a:26:d4:2a:01:38:38:e7:97:cc:93:42:13:93:47:93:f4:f1:70
Signer

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

04:00:00:00:00:01:31:89:c6:37:e8
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

11:21:87:b3:98:71:ea:55:e9:2e:60:a8:a6:31:92:dd:60:f0
Certificate

.text
Size: 240KB - Virtual size: 240KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 10KB - Virtual size: 29KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 512B - Virtual size: 24B

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 180B

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:af
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:af
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

aa:c6:41:a5:39:2a:06:44:f8:a6:47:af:8c:fc:9c:9f:16:08:c2:fa:70:e3:6f:a9:f7:31:4f:e1:a5:79:0a:06
Signer

b4:cd:b6:c8:71:1f:ab:d1:4a:7a:c3:f8:8f:5b:ac:26:23:2e:31:2a
Signer

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 994B

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 498B