7d7524e7eca2bf6a722153ff917d4ec62d7e125659b9a83f6f593642dbc9d426

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2017-Apr-29 07:14:49
Detected languages English - United States
Debug artifacts crypt32.pdb
CompanyName Microsoft Corporation
FileDescription Crypto API32
FileVersion 10.0.15063.1058 (WinBuild.160101.0800)
InternalName CRYPT32.DLL
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename CRYPT32.DLL
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.15063.1058

Plugin Output

Info Matching compiler(s): MASM/TASM - sig1(h)
Suspicious Strings found in the binary may indicate undesirable behavior: May have dropper capabilities:
  • CurrentControlSet\Services
 Contains domain names:
  • 0www.entrust.net
  • 1Entrust.net
  • 2www.entrust.net
  • 7www.entrust.net
  • Entrust.net
  • GoDaddy.com
  • Izenpe.com
  • acabogacia.org
  • acedicom.edicomgroup.com
  • acraiz.icpbrasil.gov.br
  • admin.ch
  • admindir.admin.ch
  • ancert.com
  • ca.mtin.es
  • ca2.mtin.es
  • camerfirma.com
  • catcert.net
  • cert.fnmt.es
  • cert.startcom.org
  • certeurope.fr
  • certicamara.com
  • certificadodigital.com.br
  • certificat2.com
  • certificates.starfieldtech.com
  • certplus.com
  • certs.oati.net
  • certs.oaticerts.com
  • chambersign.org
  • comodo.net
  • comodoca.com
  • correo.com
  • cps.chambersign.org
  • cps.siths.se
  • crl.anf.es
  • crl.certificat2.com
  • crl.chambersign.org
  • crl.comodo.net
  • crl.comodoca.com
  • crl.d-trust.net
  • crl.globalsign.net
  • crl.microsoft.com
  • crl.oces.trust2408.com
  • crl.pki.wellsfargo.com
  • crl.securetrust.com
  • crl.sgtrustservices.com
  • crl.startcom.org
  • crl.usertrust.com
  • crl.xrampsecurity.com
  • ctldl.windowsupdate.com
  • d-trust.net
  • data.microsoft.com
  • datev.de
  • defence.gov.au
  • directory.d-trust.net
  • echoworx.com
  • edicomgroup.com
  • entrust.net
  • firmaprofesional.com
  • globalsign.net
  • globaltrust.info
  • http.fpki.gov
  • http://ac.economia.gob.mx
  • http://ac.economia.gob.mx/cps.html0
  • http://ac.economia.gob.mx/last.crl0G
  • http://acedicom.edicomgroup.com
  • http://acedicom.edicomgroup.com/doc0
  • http://acraiz.icpbrasil.gov.br
  • http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
  • http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
  • http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
  • http://ca.disig.sk
  • http://ca.disig.sk/ca/crl/ca_disig.crl0
  • http://ca.mtin.es
  • http://ca.mtin.es/mtin/DPCyPoliticas0
  • http://ca.mtin.es/mtin/DPCyPoliticas0g
  • http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
  • http://ca.mtin.es/mtin/ocsp0
  • http://ca2.mtin.es
  • http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
  • http://cert.startcom.org
  • http://cert.startcom.org/intermediate.pdf0
  • http://cert.startcom.org/policy.pdf0
  • http://cert.startcom.org/policy.pdf05
  • http://cert.startcom.org/sfsca-crl.crl0+
  • http://certificates.starfieldtech.com
  • http://certificates.starfieldtech.com/repository/1604
  • http://certs.oati.net
  • http://certs.oati.net/repository/OATICA2.crl0
  • http://certs.oati.net/repository/OATICA2.crt0
  • http://certs.oaticerts.com
  • http://certs.oaticerts.com/repository/OATICA2.crl
  • http://certs.oaticerts.com/repository/OATICA2.crt08
  • http://cps.chambersign.org
  • http://cps.chambersign.org/cps/chambersignroot.html0
  • http://cps.chambersign.org/cps/chambersroot.html0
  • http://cps.chambersign.org/cps/publicnotaryroot.html0
  • http://cps.siths.se
  • http://cps.siths.se/sithsrootcav1.html0
  • http://crl.chambersign.org
  • http://crl.chambersign.org/chambersignroot.crl0
  • http://crl.chambersign.org/chambersroot.crl0
  • http://crl.chambersign.org/publicnotaryroot.crl0
  • http://crl.comodo.net
  • http://crl.comodo.net/AAACertificateServices.crl0
  • http://crl.comodoca.com
  • http://crl.comodoca.com/AAACertificateServices.crl06
  • http://crl.d-trust.net
  • http://crl.d-trust.net/crl/d-trust_root_ca_3_2013.crl0
  • http://crl.globalsign.net
  • http://crl.globalsign.net/root-r2.crl0
  • http://crl.microsoft.com
  • http://crl.microsoft.com/pki/crl/products/MicCerLisCA2011_2011-03-29.crl0
  • http://crl.microsoft.com/pki/crl/products/MicCerTruLisPCA_2009-04-02.crl0
  • http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
  • http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
  • http://crl.oces.certifikat.dk
  • http://crl.oces.certifikat.dk/oces.crl0+
  • http://crl.oces.trust2408.com
  • http://crl.oces.trust2408.com/oces.crl0\
  • http://crl.pki.wellsfargo.com
  • http://crl.pki.wellsfargo.com/wsprca.crl0
  • http://crl.securetrust.com
  • http://crl.securetrust.com/SGCA.crl0
  • http://crl.securetrust.com/STCA.crl0
  • http://crl.sgtrustservices.com
  • http://crl.sgtrustservices.com/racine-GroupeSG/LatestCRL0
  • http://crl.ssc.lt
  • http://crl.ssc.lt/root-a/cacrl.crl0
  • http://crl.ssc.lt/root-b/cacrl.crl0
  • http://crl.ssc.lt/root-c/cacrl.crl0
  • http://crl.startcom.org
  • http://crl.startcom.org/sfsca-crl.crl0
  • http://crl.usertrust.com
  • http://crl.usertrust.com/UTN-DATACorpSGC.crl0
  • http://crl.usertrust.com/UTN-USERFirst-ClientAuthenticationandEmail.crl0
  • http://crl.usertrust.com/UTN-USERFirst-Hardware.crl01
  • http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl0
  • http://crl.usertrust.com/UTN-USERFirst-Object.crl0
  • http://crl.xrampsecurity.com
  • http://crl.xrampsecurity.com/XGCA.crl0
  • http://crl1.comsign.co.il
  • http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
  • http://ctldl.windowsupdate.com
  • http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
  • http://fedir.comsign.co.il
  • http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
  • http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
  • http://fedir.comsign.co.il/crl/ComSignCA.crl0
  • http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
  • http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0
  • http://http.fpki.gov
  • http://http.fpki.gov/fcpca/caCertsIssuedByfcpca.p7c0
  • http://logo.verisign.com
  • http://logo.verisign.com/vslogo.gif0
  • http://micorsoft.com0
  • http://ocsp.accv.es0
  • http://ocsp.ncdc.gov.sa0
  • http://ocsp.pki.gva.es0
  • http://ocsp.suscerte.gob.ve0
  • http://pki-root.ecertpki.cl
  • http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0
  • http://pki.digidentity.eu
  • http://pki.digidentity.eu/validatie0
  • http://pki.registradores.org
  • http://pki.registradores.org/normativa/index.htm0
  • http://policy.camerfirma.com0
  • http://postsignum.ttc.cz
  • http://postsignum.ttc.cz/crl/psrootqca2.crl0
  • http://repository.swisssign.com
  • http://repository.swisssign.com/0
  • http://sertifikati.ca.posta.rs
  • http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0+
  • http://trustcenter-crl.certificat2.com
  • http://trustcenter-crl.certificat2.com/Keynectis/KEYNECTIS_ROOT_CA.crl0
  • http://users.ocsp.d-trust.net03
  • http://web.ncdc.gov.sa
  • http://web.ncdc.gov.sa/crl/nrcacomb1.crl0
  • http://web.ncdc.gov.sa/crl/nrcaparta1.crl
  • http://www.acabogacia.org
  • http://www.acabogacia.org/doc0
  • http://www.acabogacia.org0
  • http://www.accv.e
  • http://www.accv.es
  • http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
  • http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
  • http://www.accv.es/legislacion_c.htm0U
  • http://www.agesic.gub.uy
  • http://www.agesic.gub.uy/acrn/acrn.crl0
  • http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
  • http://www.ancert.com
  • http://www.ancert.com/cps0
  • http://www.anf.es
  • http://www.anf.es/AC/RC/ocsp0c
  • http://www.anf.es/es/address-direccion.html
  • http://www.ca.posta.rs
  • http://www.ca.posta.rs/dokumentacija0h
  • http://www.cert.fnmt.es
  • http://www.cert.fnmt.es/dpcs/0
  • http://www.certeurope.fr
  • http://www.certeurope.fr/reference/pc-root2.pdf0
  • http://www.certeurope.fr/reference/root2.crl0
  • http://www.certicamara.com
  • http://www.certicamara.com/dpc/0Z
  • http://www.certificadodigital.com.br
  • http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0
  • http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0
  • http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0
  • http://www.certifikat.dk
  • http://www.certifikat.dk/repository0
  • http://www.certplus.com
  • http://www.certplus.com/CRL/class1.crl0
  • http://www.certplus.com/CRL/class2.crl0
  • http://www.certplus.com/CRL/class3.crl0
  • http://www.certplus.com/CRL/class3P.crl0
  • http://www.certplus.com/CRL/class3TS.crl0
  • http://www.chambersign.org1
  • http://www.comsign.co.il
  • http://www.comsign.co.il/cps0
  • http://www.correo.com.uy
  • http://www.correo.com.uy/correocert/cps.pdf0
  • http://www.d-trust.net
  • http://www.d-trust.net/crl/d-trust_root_class_2_ca_2007.crl0
  • http://www.d-trust.net/crl/d-trust_root_class_3_ca_2007.crl0
  • http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_2009.crl0
  • http://www.d-trust.net/crl/d-trust_root_class_3_ca_2_ev_2009.crl0
  • http://www.d-trust.net0
  • http://www.datev.de
  • http://www.datev.de/zertifikat-policy-bt0
  • http://www.datev.de/zertifikat-policy-int0
  • http://www.datev.de/zertifikat-policy-std0
  • http://www.defence.gov.au
  • http://www.defence.gov.au/pki0
  • http://www.disig.sk
  • http://www.disig.sk/ca/crl/ca_disig.crl0,
  • http://www.disig.sk/ca0f
  • http://www.dnie.es
  • http://www.dnie.es/dpc0
  • http://www.e-certchile.cl
  • http://www.e-certchile.cl/html/productos/download/CPSv1.7.pdf01
  • http://www.e-me.lv
  • http://www.e-me.lv/repository0
  • http://www.e-szigno.hu
  • http://www.e-szigno.hu/RootCA.crl
  • http://www.e-szigno.hu/RootCA.crt0
  • http://www.e-szigno.hu/SZSZ
  • http://www.e-szigno.hu/SZSZ/0
  • http://www.e-trust.be
  • http://www.e-trust.be/CPS/QNcerts
  • http://www.ecee.gov.pt
  • http://www.ecee.gov.pt/dpc0
  • http://www.echoworx.com
  • http://www.echoworx.com/ca/root2/cps.pdf0
  • http://www.eme.lv
  • http://www.eme.lv/repository0
  • http://www.entrust.net
  • http://www.entrust.net/CRL/net1.crl0+
  • http://www.firmaprofesional.com
  • http://www.firmaprofesional.com/cps0\
  • http://www.globaltrust.info0
  • http://www.ica.co.il
  • http://www.ica.co.il/repository/cps/PersonalID_Practice_Statement.pdf0
  • http://www.informatik.admin.ch
  • http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
  • http://www.microsoft.com
  • http://www.microsoft.com/pki/certs/MicCerLisCA2011_2011-03-29.crt0
  • http://www.microsoft.com/pki/certs/MicCerTruLisPCA_2009-04-02.crt0
  • http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt07
  • http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
  • http://www.microsoft.com/pki/crl/products/MicCerTruLisPCA_2009-04-02.crl
  • http://www.oaticerts.com
  • http://www.oaticerts.com/repository.
  • http://www.pki.admin.ch
  • http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
  • http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_21_1.pdf0
  • http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
  • http://www.pki.gva.es
  • http://www.pki.gva.es/cp
  • http://www.pki.gva.es/cps0
  • http://www.pkioverheid.nl
  • http://www.pkioverheid.nl/policies/root-policy-G20
  • http://www.pkioverheid.nl/policies/root-policy0
  • http://www.post.trust.ie
  • http://www.post.trust.ie/reposit/cps.html0
  • http://www.postsignum.cz
  • http://www.postsignum.cz/crl/psrootqca2.crl02
  • http://www.quovadis.bm0
  • http://www.quovadisglobal.com
  • http://www.quovadisglobal.com/cps0
  • http://www.rcsc.lt
  • http://www.rcsc.lt/repository0
  • http://www.rootcert.ca
  • http://www.rootcert.ca/crl/
  • http://www.sk.ee
  • http://www.sk.ee/cps/0+
  • http://www.sk.ee/juur/crl/0
  • http://www.ssc.lt
  • http://www.ssc.lt/cps03
  • http://www.suscerte.gob.ve
  • http://www.suscerte.gob.ve/dpc0
  • http://www.suscerte.gob.ve/lcr0#
  • http://www.trustcenter.de
  • http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
  • http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
  • http://www.trustcor.ca
  • http://www.trustcor.ca/crl/
  • http://www.trustdst.com
  • http://www.trustdst.com/certificates/policy/ACES-index.html0
  • http://www.uce.gub.uy
  • http://www.uce.gub.uy/acrn/acrn.crl0
  • http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
  • http://www.usertrust.com1
  • http://www.usertrust.com1+0
  • http://www.usertrust.com1604
  • http://www2.postsignum.cz
  • http://www2.postsignum.cz/crl/psrootqca2.crl01
  • http://www2.public-trust.com
  • http://www2.public-trust.com/crl/ct/ctroot.crl0
  • https://crl.anf.es
  • https://crl.anf.es/AC/ANFServerCA.crl0
  • https://ocsp.quovadisoffshore.com0
  • https://rca.e-szigno.hu
  • https://rca.e-szigno.hu/ocsp0-
  • https://www.anf.es
  • https://www.anf.es/AC/ACTAS/789230
  • https://www.anf.es/AC/ANFServerCA.crl0+
  • https://www.anf.es/address/
  • https://www.catcert.net
  • https://www.catcert.net/verarrel
  • https://www.catcert.net/verarrel05
  • https://www.netlock.hu
  • https://www.netlock.hu/docs/
  • https://www.netlock.net
  • https://www.netlock.net/docs
  • icpbrasil.gov.br
  • informatik.admin.ch
  • izenpe.com
  • lcr1.certeurope.fr
  • lcr2.certeurope.fr
  • ldap.fpki.gov
  • ldap.tmca.com
  • logo.verisign.com
  • microsoft.com
  • netlock.net
  • oaticerts.com
  • oces.trust2408.com
  • ocsp.ncdc.gov
  • pki.admin.ch
  • pki.gva.es
  • pki.registradores.org
  • pki.wellsfargo.com
  • pkioverheid.nl
  • public-trust.com
  • quovadisglobal.com
  • registradores.org
  • repository.swisssign.com
  • rootcert.ca
  • securetrust.com
  • sertifikati.ca
  • sgtrustservices.com
  • siths.se
  • starfieldtech.com
  • startcom.org
  • swisssign.com
  • telecommand.telemetry.microsoft.com
  • telemetry.microsoft.com
  • trust.com
  • trust.net
  • trust2408.com
  • trustcenter-crl.certificat2.com
  • trustcenter.de
  • trustcor.ca
  • trustdst.com
  • usertrust.com
  • verisign.com
  • vortex.data.microsoft.com
  • web.ncdc.gov
  • wellsfargo.com
  • windowsupdate.com
  • www.acabogacia.org
  • www.accv.es
  • www.ancert.com
  • www.anf.es
  • www.camerfirma.com
  • www.catcert.net
  • www.cert.fnmt.es
  • www.certeurope.fr
  • www.certicamara.com
  • www.certificadodigital.com.br
  • www.certplus.com
  • www.correo.com
  • www.d-trust.net
  • www.datev.de
  • www.defence.gov.au
  • www.dnie.es
  • www.ecee.gov
  • www.echoworx.com
  • www.entrust.net
  • www.firmaprofesional.com
  • www.informatik.admin.ch
  • www.microsoft.com
  • www.netlock.net
  • www.oaticerts.com
  • www.pki.admin.ch
  • www.pki.gva.es
  • www.pkioverheid.nl
  • www.quovadisglobal.com
  • www.rootcert.ca
  • www.trustcenter.de
  • www.trustcor.ca
  • www.trustdst.com
  • www2.public-trust.com
  • xrampsecurity.com
Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • LoadLibraryExW
  • GetProcAddress
  • LoadLibraryA
 Functions which can be used for anti-debugging purposes:
  • NtQuerySystemInformation
 Can access the registry:
  • RegCloseKey
  • RegCreateKeyExA
  • RegQueryValueExA
  • RegSetKeySecurity
  • RegEnumKeyExW
  • RegDeleteKeyExW
  • RegDeleteValueW
  • RegEnumValueW
  • RegSetValueExA
  • RegCreateKeyExW
  • RegNotifyChangeKeyValue
  • RegQueryInfoKeyW
  • RegQueryValueExW
  • RegOpenKeyExW
  • RegSetValueExW
  • RegEnumKeyExA
  • RegGetKeySecurity
  • RegOpenKeyExA
 Uses Windows's Native API:
  • NtQuerySystemInformation
  • NtQueryObject
  • NtQueryInformationFile
 Can create temporary files:
  • CreateFileW
  • GetTempPathW
 Memory manipulation functions often used by packers:
  • VirtualAlloc
  • VirtualProtect
 Functions related to the privilege level:
  • OpenProcessToken
  • AdjustTokenPrivileges
  • CheckTokenMembership
 Changes object ACLs:
  • SetFileSecurityW
Info The PE's resources present abnormal characteristics. Resource 1010 is possibly compressed or encrypted.
Info The PE is digitally signed. Signer: Microsoft Windows
Issuer: Microsoft Windows Production PCA 2011
Safe VirusTotal score: 0/62 (Scanned on 2021-09-15 03:38:12) All the AVs think this file is safe.

Hashes

MD5 fa21ab5dabd0bad9fcb1451878b4e774
SHA1 143d9fe93510ee27b86e0bbe97b09dd86ab0393b
SHA256 7d7524e7eca2bf6a722153ff917d4ec62d7e125659b9a83f6f593642dbc9d426
SHA3 0c926d95366590af19c85dcbbb144d98d214a431c9276b07807b4f11c252a157
SSDeep 49152:NMqtbCVXSd/k5QWIKm86wj6K0dI8hwE267oa2a6D:NH4CSqEbR0rpO
Imports Hash e9a26b9afbeb3b7409f03ac742f5c3fd

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x108

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2017-Apr-29 07:14:49
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_DLL
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0xf4200
SizeOfInitializedData 0xcfc00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000059DD0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x180000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x1c9000
SizeOfHeaders 0x400
Checksum 0x1c5e62
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
SizeofStackReserve 0x40000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 73b110d14c3761b91b2e3422eba2643f
SHA1 cacf3928cdd785b85abb455c07a224a2c119bf41
SHA256 c7e3fcc629d82bd1320203e10fdc4cde6a063117d8e6dc7625e34314e4108509
SHA3 266caf81501e09498b699aed4e3ff8762c51fcec889245dc5bff3f17bdd903d6
VirtualSize 0xf407e
VirtualAddress 0x1000
SizeOfRawData 0xf4200
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.44564

.rdata

MD5 3e668eea3a97f16c1103d64a1a545b00
SHA1 a2a56f998bf5e73370d33ca597a1b44ac17833eb
SHA256 d75580c71494231b388a9ffb250821577f44f72f3a0b48aba3515f83bb4aa665
SHA3 1bd450c24567c8492c39f03e0caf42bbca777aebe254b0703adf9d663ce69bb4
VirtualSize 0x37722
VirtualAddress 0xf6000
SizeOfRawData 0x37800
PointerToRawData 0xf4600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.85706

.data

MD5 0e7dcf2283b4d17b59527e75ed69c3de
SHA1 4d606396fce7ed42a54c683935355a782d1f06a6
SHA256 8d6a47aa83bf9d90d02ec252a50d3341331623779c9089f8262f9ed898b73c71
SHA3 49e31ff383042824f6ebdd183762345e8c4cbd242a6195f1f62824bd6833d344
VirtualSize 0x67f0
VirtualAddress 0x12e000
SizeOfRawData 0xa00
PointerToRawData 0x12be00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 2.23257

.pdata

MD5 cb0cd581d491c5a5d9244f9c5800fec5
SHA1 201c848519aabc3741ae1b7c18ed156d1925341c
SHA256 ea51ceb7f74f0a310ef2fa31e76f0a9b24ae01e98213e9bc903a1db8201d8019
SHA3 2c4ae9912f42693d2b5c1b65715abdf469d1e0d880f6d16cf845d7df4aa88d9d
VirtualSize 0xd0f8
VirtualAddress 0x135000
SizeOfRawData 0xd200
PointerToRawData 0x12c800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.09239

.didat

MD5 1074c3d28cd916ceb8f238ef40ac4b33
SHA1 340b764cc54af6ce4310a5c6895f746949951867
SHA256 ae0461fc39c9690c76759d7874adad7c890d416258638a190dea0c0df9873029
SHA3 457e9fb7dfc0ceef428ad2cf1d14217a82e1ca0f1af820ae01f5d23ff0e4352a
VirtualSize 0x3a8
VirtualAddress 0x143000
SizeOfRawData 0x400
PointerToRawData 0x139a00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 3.08791

.rsrc

MD5 3b7519d9d6f80bdbe551ab5f6ee761c0
SHA1 afe5b63a0dcc249f4a03ce8cdb32eba9c9c3cac0
SHA256 6e4e77438bdf72cffd950a8b3157a0b48e1c527df841da4552bad2daae2da443
SHA3 6b666ca1657f6704ac451ec64ba21339f0d28f8fc0ea7491f8939380047ac5d5
VirtualSize 0x82788
VirtualAddress 0x144000
SizeOfRawData 0x82800
PointerToRawData 0x139e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.4053

.reloc

MD5 b6358a14741e2ed7cab4408363a15ceb
SHA1 55c8dbe82cf8eccbfc87028052711b47a647f50d
SHA256 1c4eec436fed77321de03287e40397406159591cb206caaed4d9f7bdb2fb477d
SHA3 d467a7029c3fe959a318c1c772357da484a7ce8340b840dfc29194328270318e
VirtualSize 0x1df4
VirtualAddress 0x1c7000
SizeOfRawData 0x1e00
PointerToRawData 0x1bc600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 5.41706

Imports

api-ms-win-crt-runtime-l1-1-0.dll _initterm
_initterm_e
api-ms-win-crt-private-l1-1-0.dll _o__itoa_s
_o__itow
_o__ltoa
_o__ltow
_o__register_onexit_function
_o__seh_filter_dll
_o__ultoa_s
_o__ultow_s
_o__initialize_narrow_environment
_o__wcsicmp
memcpy
_o_atol
_o_bsearch
_o_free
_o_isdigit
_o_isupper
_o_iswalnum
_o_iswalpha
_o_iswspace
_o_isxdigit
_o_memset
_o_qsort
_o_qsort_s
_o_strtoul
_o_toupper
_o_towlower
_o_wcstoul
__C_specific_handler
_o__execute_onexit_table
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__initialize_onexit_table
_o___std_type_info_destroy_list
memcmp
api-ms-win-core-errorhandling-l1-1-1.dll GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
api-ms-win-core-synch-l1-2-0.dll InitOnceExecuteOnce
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockExclusive
InitializeCriticalSection
WaitForMultipleObjectsEx
InitializeCriticalSectionAndSpinCount
CreateEventA
EnterCriticalSection
DeleteCriticalSection
Sleep
WaitForSingleObjectEx
SetEvent
WaitForSingleObject
LeaveCriticalSection
api-ms-win-core-registry-l1-1-0.dll RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegSetKeySecurity
RegEnumKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumValueW
RegSetValueExA
RegCreateKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExA
RegLoadMUIStringW
RegGetKeySecurity
RegOpenKeyExA
api-ms-win-core-processenvironment-l1-2-0.dll ExpandEnvironmentStringsW
GetEnvironmentVariableA
api-ms-win-core-heap-l2-1-0.dll LocalAlloc
LocalReAlloc
LocalFree
api-ms-win-core-version-l1-1-0.dll VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW
api-ms-win-core-rtlsupport-l1-2-0.dll RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext
api-ms-win-core-debug-l1-1-1.dll IsDebuggerPresent
OutputDebugStringA
api-ms-win-core-processthreads-l1-1-2.dll OpenThreadToken
IsProcessorFeaturePresent
GetCurrentProcessId
OpenProcessToken
GetCurrentThreadId
TerminateProcess
TlsAlloc
SetThreadToken
TlsGetValue
GetCurrentProcess
CreateThread
ExitThread
TlsSetValue
GetCurrentThread
SetThreadStackGuarantee
TlsFree
api-ms-win-core-profile-l1-1-0.dll QueryPerformanceFrequency
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-2-1.dll GetLocalTime
GetSystemTime
GetSystemInfo
GetVersionExA
GetSystemTimeAsFileTime
GetTickCount64
api-ms-win-core-interlocked-l1-2-0.dll InitializeSListHead
api-ms-win-core-libraryloader-l1-2-0.dll LockResource
SizeofResource
LoadResource
FreeResource
LoadStringW
GetModuleFileNameW
LoadLibraryExW
GetModuleHandleW
FreeLibrary
GetProcAddress
FreeLibraryAndExitThread
api-ms-win-core-file-l1-2-1.dll ReadFile
GetFileAttributesExW
GetFileAttributesW
SetEndOfFile
GetFileSize
WriteFile
SetFilePointer
CreateFileW
CreateDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationW
FileTimeToLocalFileTime
SetFileAttributesW
GetTempPathW
GetTempFileNameW
CompareFileTime
api-ms-win-eventing-provider-l1-1-0.dll EventWriteTransfer
EventRegister
EventUnregister
EventSetInformation
api-ms-win-core-localization-l1-2-1.dll FormatMessageW
IdnToAscii
IdnToUnicode
GetACP
api-ms-win-core-string-l1-1-0.dll WideCharToMultiByte
MultiByteToWideChar
CompareStringW
api-ms-win-security-base-l1-2-0.dll MakeAbsoluteSD
AddAccessAllowedAce
InitializeAcl
GetSecurityDescriptorSacl
EqualSid
GetAce
SetSecurityDescriptorDacl
MakeSelfRelativeSD
AdjustTokenPrivileges
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
CheckTokenMembership
GetTokenInformation
GetSidIdentifierAuthority
GetLengthSid
IsValidSid
AddAce
AddAccessAllowedAceEx
GetAclInformation
CopySid
GetSidSubAuthority
GetSidSubAuthorityCount
ImpersonateSelf
RevertToSelf
AccessCheck
AllocateAndInitializeSid
SetFileSecurityW
GetFileSecurityW
CheckTokenCapability
FreeSid
GetSecurityDescriptorDacl
api-ms-win-core-handle-l1-1-0.dll DuplicateHandle
CloseHandle
api-ms-win-core-psapi-l1-1-0.dll QueryFullProcessImageNameW
api-ms-win-core-timezone-l1-1-0.dll SystemTimeToFileTime
FileTimeToSystemTime
api-ms-win-core-libraryloader-l1-2-2.dll LoadLibraryA
api-ms-win-core-datetime-l1-1-1.dll GetTimeFormatA
GetTimeFormatW
GetDateFormatA
GetDateFormatW
api-ms-win-core-memory-l1-1-2.dll VirtualAlloc
UnmapViewOfFile
VirtualQuery
MapViewOfFile
VirtualProtect
api-ms-win-core-threadpool-l1-2-0.dll CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
api-ms-win-core-threadpool-private-l1-1-0.dll RegisterWaitForSingleObjectEx
api-ms-win-security-grouppolicy-l1-1-0.dll RegisterGPNotificationInternal
UnregisterGPNotificationInternal
MSASN1.dll ASN1objectidentifier2_cmp
ASN1_SetEncoderOption
ASN1open_free
ASN1BERDecObjectIdentifier2
ASN1BERDecOpenType
ASN1BEREncObjectIdentifier2
ASN1BERDecOctetString
ASN1octetstring_free
ASN1ztcharstring_free
ASN1BERDecEoid
ASN1bitstring_free
ASN1BERDecCharString
ASN1_CreateModule
ASN1BERDecNull
ASN1DEREncChar32String
ASN1BERDecU32Val
ASN1utf8string_free
ASN1BERDecOctetString2
ASN1DEREncBitString
ASN1DEREncBeginBlk
ASN1intx_free
ASN1BERDecZeroCharString
ASN1BERDecUTCTime
ASN1BERDecBitString2
ASN1DEREncChar16String
ASN1BERDecBitString
ASN1charstring_free
ASN1DEREncOctetString
ASN1BERDecS32Val
ASN1BERDecUTF8String
ASN1BERDecChar32String
ASN1BEREncOpenType
ASN1BEREncEoid
ASN1BEREncSX
ASN1BERDecChar16String
ASN1char32string_free
ASN1BERDecMultibyteString
ASN1BEREoid_free
ASN1_CloseModule
ASN1DEREncMultibyteString
ASN1BEREncNull
ASN1BEREncBool
ASN1BEREncEndOfContents
ASN1DEREncEndBlk
ASN1DEREncCharString
ASN1DEREncUTF8String
ASN1BEREncS32
ASN1EncSetError
ASN1DecRealloc
ASN1BERDecBool
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BERDecNotEndOfContents
ASN1DEREncNewBlkElement
ASN1BEREncU32
ASN1char16string_free
ASN1DEREncFlushBlkElement
ASN1BERDecPeekTag
ASN1BERDecGeneralizedTime
ASN1DEREncGeneralizedTime
ASN1BERDecExplicitTag
ASN1DecSetError
ASN1BERDecSXVal
ASN1BEREncRemoveZeroBits
ASN1BERDecOpenType2
ASN1DEREncUTCTime
ASN1BERDecU16Val
ASN1BERDotVal2Eoid
ASN1Free
ASN1BEREoid2DotVal
ASN1_CreateDecoder
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1_CloseEncoder
ASN1_FreeEncoded
ASN1_FreeDecoded
ASN1_Encode
ASN1_Decode
api-ms-win-core-threadpool-legacy-l1-1-0.dll UnregisterWaitEx
api-ms-win-core-kernel32-legacy-l1-1-1.dll CreateFileMappingA
FindResourceExA
GetComputerNameW
api-ms-win-core-heap-obsolete-l1-1-0.dll LocalSize
api-ms-win-core-localization-obsolete-l1-3-0.dll GetSystemDefaultUILanguage
GetUserDefaultUILanguage
CompareStringA
api-ms-win-core-string-obsolete-l1-1-0.dll lstrcmpA
lstrlenW
lstrcmpiW
lstrlenA
ntdll.dll EvtIntReportEventAndSourceAsync
strchr
EtwTraceMessage
WinSqmIncrementDWORD
memmove
RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
RtlGetDeviceFamilyInfoEnum
NtQuerySystemInformation
RtlNtStatusToDosError
wcsncmp
RtlCreateUnicodeStringFromAsciiz
wcsstr
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
A_SHAFinal
A_SHAUpdate
A_SHAInit
MD5Final
MD5Update
MD5Init
NtQueryObject
wcschr
NtQueryInformationFile
EtwEventWriteFull
EtwEventUnregister
EtwEventRegister
wcsrchr
_vsnwprintf
strncmp
_vsnprintf
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
ShipAssert
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlFreeUnicodeString
api-ms-win-core-delayload-l1-1-1.dll ResolveDelayLoadedAPI
DelayLoadFailureHook
api-ms-win-crt-string-l1-1-0.dll wcscmp
strcmp
api-ms-win-power-setting-l1-1-0.dll (delay-loaded) PowerSettingUnregisterNotification
PowerSettingRegisterNotification

Delayed Imports

Attributes 0x1
Name api-ms-win-power-setting-l1-1-0.dll
ModuleHandle 0x12eef0
DelayImportAddressTable 0x1431a0
DelayImportNameTable 0x126670
BoundDelayImportTable 0x127098
UnloadDelayImportTable 0
TimeStamp 1970-Jan-01 00:00:00

Ordinal 1001
Address 0x59a40

(#2)

Ordinal 1002
Address 0x784c0

(#3)

Ordinal 1003
Address 0x78090

(#4)

Ordinal 1004
Address 0x78080

(#5)

Ordinal 1005
Address 0x78120

(#6)

Ordinal 1006
Address 0x78110

(#7)

Ordinal 1007
Address 0x78030

(#8)

Ordinal 1008
Address 0x78070

(#9)

Ordinal 1009
Address 0x780d0

(#10)

Ordinal 1010
Address 0x78100

(#11)

Ordinal 1011
Address 0x78020

CryptObjectLocatorFree

Ordinal 1012
Address 0xcef90

CryptObjectLocatorGet

Ordinal 1013
Address 0xcefd0

CryptObjectLocatorGetContent

Ordinal 1014
Address 0xcf010

CryptObjectLocatorGetUpdated

Ordinal 1015
Address 0xcf0c0

CryptObjectLocatorInitialize

Ordinal 1016
Address 0xcf100

CryptObjectLocatorIsChanged

Ordinal 1017
Address 0xcf470

CryptObjectLocatorRelease

Ordinal 1018
Address 0xcf490

I_PFXImportCertStoreEx

Ordinal 1019
Address 0xcd90

CertAddCRLContextToStore

Ordinal 1020
Address 0x88ac0

CertAddCRLLinkToStore

Ordinal 1021
Address 0x88b50

CertAddCTLContextToStore

Ordinal 1022
Address 0x88ac0

CertAddCTLLinkToStore

Ordinal 1023
Address 0x88b50

CertAddCertificateContextToStore

Ordinal 1024
Address 0x52f20

CertAddCertificateLinkToStore

Ordinal 1025
Address 0x88b50

CertAddEncodedCRLToStore

Ordinal 1026
Address 0xe710

CertAddEncodedCTLToStore

Ordinal 1027
Address 0x2cf0

CertAddEncodedCertificateToStore

Ordinal 1028
Address 0x2c110

CertAddEncodedCertificateToSystemStoreA

Ordinal 1029
Address 0x89cb0

CertAddEncodedCertificateToSystemStoreW

Ordinal 1030
Address 0x89d30

CertAddEnhancedKeyUsageIdentifier

Ordinal 1031
Address 0x8a3a0

CertAddRefServerOcspResponse

Ordinal 1032
Address 0x8b7a0

CertAddRefServerOcspResponseContext

Ordinal 1033
Address 0x8b7b0

CertAddSerializedElementToStore

Ordinal 1034
Address 0xda40

CertAddStoreToCollection

Ordinal 1035
Address 0x36e10

CertAlgIdToOID

Ordinal 1036
Address 0x8bc40

CertCloseServerOcspResponse

Ordinal 1037
Address 0x8b7c0

CertCloseStore

Ordinal 1038
Address 0x1d8b0

CertCompareCertificate

Ordinal 1039
Address 0x4c980

CertCompareCertificateName

Ordinal 1040
Address 0x36620

CertCompareIntegerBlob

Ordinal 1041
Address 0x8bc80

CertComparePublicKeyInfo

Ordinal 1042
Address 0x4b4f0

CertControlStore

Ordinal 1043
Address 0x1e2d0

CertCreateCRLContext

Ordinal 1044
Address 0xe6d0

CertCreateCTLContext

Ordinal 1045
Address 0x2cb0

CertCreateCTLEntryFromCertificateContextProperties

Ordinal 1046
Address 0x88bb0

CertCreateCertificateChainEngine

Ordinal 1047
Address 0x43130

CertCreateCertificateContext

Ordinal 1048
Address 0x53370

CertCreateContext

Ordinal 1049
Address 0x3b020

CertCreateSelfSignCertificate

Ordinal 1050
Address 0x8c190

CertDeleteCRLFromStore

Ordinal 1051
Address 0x89110

CertDeleteCTLFromStore

Ordinal 1052
Address 0x89110

CertDeleteCertificateFromStore

Ordinal 1053
Address 0x89110

CertDuplicateCRLContext

Ordinal 1054
Address 0x40b50

CertDuplicateCTLContext

Ordinal 1055
Address 0x40b50

CertDuplicateCertificateChain

Ordinal 1056
Address 0x546d0

CertDuplicateCertificateContext

Ordinal 1057
Address 0x3a3d0

CertDuplicateStore

Ordinal 1058
Address 0x53c70

CertEnumCRLContextProperties

Ordinal 1059
Address 0x89130

CertEnumCRLsInStore

Ordinal 1060
Address 0x562f0

CertEnumCTLContextProperties

Ordinal 1061
Address 0x89130

CertEnumCTLsInStore

Ordinal 1062
Address 0x367c0

CertEnumCertificateContextProperties

Ordinal 1063
Address 0x89130

CertEnumCertificatesInStore

Ordinal 1064
Address 0x35530

CertEnumPhysicalStore

Ordinal 1065
Address 0x902c0

CertEnumSubjectInSortedCTL

Ordinal 1066
Address 0x89150

CertEnumSystemStore

Ordinal 1067
Address 0x902e0

CertEnumSystemStoreLocation

Ordinal 1068
Address 0x90660

CertFindAttribute

Ordinal 1069
Address 0x40600

CertFindCRLInStore

Ordinal 1070
Address 0x36480

CertFindCTLInStore

Ordinal 1071
Address 0x892b0

CertFindCertificateInCRL

Ordinal 1072
Address 0x42b00

CertFindCertificateInStore

Ordinal 1073
Address 0x34e40

CertFindChainInStore

Ordinal 1074
Address 0x91370

CertFindExtension

Ordinal 1075
Address 0x35f60

CertFindRDNAttr

Ordinal 1076
Address 0x68d0

CertFindSubjectInCTL

Ordinal 1077
Address 0x41860

CertFindSubjectInSortedCTL

Ordinal 1078
Address 0x3f7a0

CertFreeCRLContext

Ordinal 1079
Address 0x54610

CertFreeCTLContext

Ordinal 1080
Address 0x54610

CertFreeCertificateChain

Ordinal 1081
Address 0x119f0

CertFreeCertificateChainEngine

Ordinal 1082
Address 0x573c0

CertFreeCertificateChainList

Ordinal 1083
Address 0x7e10

CertFreeCertificateContext

Ordinal 1084
Address 0x1ce80

CertFreeServerOcspResponseContext

Ordinal 1085
Address 0x8b820

CertGetCRLContextProperty

Ordinal 1086
Address 0x22a60

CertGetCRLFromStore

Ordinal 1087
Address 0x6e70

CertGetCTLContextProperty

Ordinal 1088
Address 0x22a60

CertGetCertificateChain

Ordinal 1089
Address 0x38dd0

CertGetCertificateContextProperty

Ordinal 1090
Address 0x22a60

CertGetEnhancedKeyUsage

Ordinal 1091
Address 0x36050

CertGetIntendedKeyUsage

Ordinal 1092
Address 0x57cc0

CertGetIssuerCertificateFromStore

Ordinal 1093
Address 0x89310

CertGetNameStringA

Ordinal 1094
Address 0x58460

CertGetNameStringW

Ordinal 1095
Address 0x38430

CertGetPublicKeyLength

Ordinal 1096
Address 0x3b2a0

CertGetServerOcspResponseContext

Ordinal 1097
Address 0x8b870

CertGetStoreProperty

Ordinal 1098
Address 0x89410

CertGetSubjectCertificateFromStore

Ordinal 1099
Address 0xf680

CertGetValidUsages

Ordinal 1100
Address 0x36820

CertIsRDNAttrsInCertificateName

Ordinal 1101
Address 0x8bca0

CertIsStrongHashToSign

Ordinal 1102
Address 0xd560

CertIsValidCRLForCertificate

Ordinal 1103
Address 0x41cf0

CertIsWeakHash

Ordinal 1104
Address 0x390d0

CertNameToStrA

Ordinal 1105
Address 0x585f0

CertNameToStrW

Ordinal 1106
Address 0x18740

CertOIDToAlgId

Ordinal 1107
Address 0x41a20

CertOpenServerOcspResponse

Ordinal 1108
Address 0x8b920

CertOpenStore

Ordinal 1109
Address 0x2a170

CertOpenSystemStoreA

Ordinal 1110
Address 0x89db0

CertOpenSystemStoreW

Ordinal 1111
Address 0x89e20

CertRDNValueToStrA

Ordinal 1112
Address 0x91ea0

CertRDNValueToStrW

Ordinal 1113
Address 0x56c60

CertRegisterPhysicalStore

Ordinal 1114
Address 0x90730

CertRegisterSystemStore

Ordinal 1115
Address 0x909d0

CertRemoveEnhancedKeyUsageIdentifier

Ordinal 1116
Address 0x8a560

CertRemoveStoreFromCollection

Ordinal 1117
Address 0x5620

CertResyncCertificateChainEngine

Ordinal 1118
Address 0xc8fc0

CertRetrieveLogoOrBiometricInfo

Ordinal 1119
Address 0x93e50

CertSaveStore

Ordinal 1120
Address 0x3f6c0

CertSelectCertificateChains

Ordinal 1121
Address 0x2e50

CertSerializeCRLStoreElement

Ordinal 1122
Address 0x3f630

CertSerializeCTLStoreElement

Ordinal 1123
Address 0x3f630

CertSerializeCertificateStoreElement

Ordinal 1124
Address 0x3f630

CertSetCRLContextProperty

Ordinal 1125
Address 0x53750

CertSetCTLContextProperty

Ordinal 1126
Address 0x53750

CertSetCertificateContextPropertiesFromCTLEntry

Ordinal 1127
Address 0x2020

CertSetCertificateContextProperty

Ordinal 1128
Address 0x53750

CertSetEnhancedKeyUsage

Ordinal 1129
Address 0x8a660

CertSetStoreProperty

Ordinal 1130
Address 0x895e0

CertStrToNameA

Ordinal 1131
Address 0x91f70

CertStrToNameW

Ordinal 1132
Address 0x1a430

CertUnregisterPhysicalStore

Ordinal 1133
Address 0x90ad0

CertUnregisterSystemStore

Ordinal 1134
Address 0x90be0

CertVerifyCRLRevocation

Ordinal 1135
Address 0x8beb0

CertVerifyCRLTimeValidity

Ordinal 1136
Address 0x8bf40

CertVerifyCTLUsage

Ordinal 1137
Address 0x94620

CertVerifyCertificateChainPolicy

Ordinal 1138
Address 0x1ca40

CertVerifyRevocation

Ordinal 1139
Address 0x3e660

CertVerifySubjectCertificateContext

Ordinal 1140
Address 0x89650

CertVerifyTimeValidity

Ordinal 1141
Address 0x33dc0

CertVerifyValidityNesting

Ordinal 1142
Address 0x8bfe0

CryptAcquireCertificatePrivateKey

Ordinal 1143
Address 0x56480

CryptBinaryToStringA

Ordinal 1144
Address 0x14c20

CryptBinaryToStringW

Ordinal 1145
Address 0x14b00

CryptCloseAsyncHandle

Ordinal 1146
Address 0x95640

CryptCreateAsyncHandle

Ordinal 1147
Address 0x955f0

CryptCreateKeyIdentifierFromCSP

Ordinal 1148
Address 0x930c0

CryptDecodeMessage

Ordinal 1149
Address 0x96eb0

CryptDecodeObject

Ordinal 1150
Address 0x25e90

CryptDecodeObjectEx

Ordinal 1151
Address 0x25ed0

CryptDecryptAndVerifyMessageSignature

Ordinal 1152
Address 0x96f50

CryptDecryptMessage

Ordinal 1153
Address 0x97190

CryptEncodeObject

Ordinal 1154
Address 0x53fd0

CryptEncodeObjectEx

Ordinal 1155
Address 0x1c650

CryptEncryptMessage

Ordinal 1156
Address 0x97200

CryptEnumKeyIdentifierProperties

Ordinal 1157
Address 0x89690

CryptEnumOIDFunction

Ordinal 1158
Address 0x1b580

CryptEnumOIDInfo

Ordinal 1159
Address 0xa4710

CryptExportPKCS8

Ordinal 1160
Address 0xd1b30

CryptExportPublicKeyInfo

Ordinal 1161
Address 0x7b30

CryptExportPublicKeyInfoEx

Ordinal 1162
Address 0x55120

CryptExportPublicKeyInfoFromBCryptKeyHandle

Ordinal 1163
Address 0x93150

CryptFindCertificateKeyProvInfo

Ordinal 1164
Address 0x8c030

CryptFindLocalizedName

Ordinal 1165
Address 0xa4810

CryptFindOIDInfo

Ordinal 1166
Address 0x1af70

CryptFormatObject

Ordinal 1167
Address 0xae460

CryptFreeOIDFunctionAddress

Ordinal 1168
Address 0x3ebe0

CryptGetAsyncParam

Ordinal 1169
Address 0x95610

CryptGetDefaultOIDDllList

Ordinal 1170
Address 0x3ee50

CryptGetDefaultOIDFunctionAddress

Ordinal 1171
Address 0x3ef00

CryptGetKeyIdentifierProperty

Ordinal 1172
Address 0x89790

CryptGetMessageCertificates

Ordinal 1173
Address 0x972e0

CryptGetMessageSignerCount

Ordinal 1174
Address 0x97320

CryptGetOIDFunctionAddress

Ordinal 1175
Address 0x1cba0

CryptGetOIDFunctionValue

Ordinal 1176
Address 0xa32b0

CryptHashCertificate

Ordinal 1177
Address 0x4e300

CryptHashCertificate2

Ordinal 1178
Address 0x1b380

CryptHashMessage

Ordinal 1179
Address 0x973d0

CryptHashPublicKeyInfo

Ordinal 1180
Address 0x4df80

CryptHashToBeSigned

Ordinal 1181
Address 0x1a2e0

CryptImportPKCS8

Ordinal 1182
Address 0xd1f30

CryptImportPublicKeyInfo

Ordinal 1183
Address 0x56c30

CryptImportPublicKeyInfoEx

Ordinal 1184
Address 0x3b390

CryptImportPublicKeyInfoEx2

Ordinal 1185
Address 0x19220

CryptInitOIDFunctionSet

Ordinal 1186
Address 0x38c10

CryptInstallDefaultContext

Ordinal 1187
Address 0xb3830

CryptInstallOIDFunctionAddress

Ordinal 1188
Address 0x38ba0

CryptLoadSip

Ordinal 1189
Address 0xddc00

CryptMemAlloc

Ordinal 1190
Address 0x50040

CryptMemFree

Ordinal 1191
Address 0x7320

CryptMemRealloc

Ordinal 1192
Address 0xb3c60

CryptMsgCalculateEncodedLength

Ordinal 1193
Address 0xbce0

CryptMsgClose

Ordinal 1194
Address 0xfd90

CryptMsgControl

Ordinal 1195
Address 0x13310

CryptMsgCountersign

Ordinal 1196
Address 0xe6d60

CryptMsgCountersignEncoded

Ordinal 1197
Address 0xe6ef0

CryptMsgDuplicate

Ordinal 1198
Address 0x55090

CryptMsgEncodeAndSignCTL

Ordinal 1199
Address 0xbe90

CryptMsgGetAndVerifySigner

Ordinal 1200
Address 0x2950

CryptMsgGetParam

Ordinal 1201
Address 0x2cc40

CryptMsgOpenToDecode

Ordinal 1202
Address 0x3af00

CryptMsgOpenToEncode

Ordinal 1203
Address 0xa840

CryptMsgSignCTL

Ordinal 1204
Address 0xbda0

CryptMsgUpdate

Ordinal 1205
Address 0x2dd10

CryptMsgVerifyCountersignatureEncoded

Ordinal 1206
Address 0xe7270

CryptMsgVerifyCountersignatureEncodedEx

Ordinal 1207
Address 0x107c0

CryptProtectData

Ordinal 1208
Address 0x542d0

CryptProtectMemory

Ordinal 1209
Address 0x129e26
ForwardName DPAPI.CryptProtectMemory

CryptQueryObject

Ordinal 1210
Address 0xdad0

CryptRegisterDefaultOIDFunction

Ordinal 1211
Address 0xa33a0

CryptRegisterOIDFunction

Ordinal 1212
Address 0xa36a0

CryptRegisterOIDInfo

Ordinal 1213
Address 0xa48c0

CryptRetrieveTimeStamp

Ordinal 1214
Address 0xde0f0

CryptSIPAddProvider

Ordinal 1215
Address 0xddca0

CryptSIPCreateIndirectData

Ordinal 1216
Address 0x3e590

CryptSIPGetCaps

Ordinal 1217
Address 0x3e4c0

CryptSIPGetSealedDigest

Ordinal 1218
Address 0xde010

CryptSIPGetSignedDataMsg

Ordinal 1219
Address 0x3e3e0

CryptSIPLoad

Ordinal 1220
Address 0x3eb00

CryptSIPPutSignedDataMsg

Ordinal 1221
Address 0x70e0

CryptSIPRemoveProvider

Ordinal 1222
Address 0xdde70

CryptSIPRemoveSignedDataMsg

Ordinal 1223
Address 0x7690

CryptSIPRetrieveSubjectGuid

Ordinal 1224
Address 0x4f590

CryptSIPRetrieveSubjectGuidForCatalogFile

Ordinal 1225
Address 0x4f940

CryptSIPVerifyIndirectData

Ordinal 1226
Address 0x3feb0

CryptSetAsyncParam

Ordinal 1227
Address 0x95640

CryptSetKeyIdentifierProperty

Ordinal 1228
Address 0x898a0

CryptSetOIDFunctionValue

Ordinal 1229
Address 0xa37a0

CryptSignAndEncodeCertificate

Ordinal 1230
Address 0x4e050

CryptSignAndEncryptMessage

Ordinal 1231
Address 0x97630

CryptSignCertificate

Ordinal 1232
Address 0x4e1f0

CryptSignMessage

Ordinal 1233
Address 0x97790

CryptSignMessageWithKey

Ordinal 1234
Address 0x978a0

CryptStringToBinaryA

Ordinal 1235
Address 0x575c0

CryptStringToBinaryW

Ordinal 1236
Address 0x43be0

CryptUninstallDefaultContext

Ordinal 1237
Address 0xb39f0

CryptUnprotectData

Ordinal 1238
Address 0x4c540

CryptUnprotectMemory

Ordinal 1239
Address 0x12a10f
ForwardName DPAPI.CryptUnprotectMemory

CryptUnregisterDefaultOIDFunction

Ordinal 1240
Address 0xa3890

CryptUnregisterOIDFunction

Ordinal 1241
Address 0xa3b30

CryptUnregisterOIDInfo

Ordinal 1242
Address 0xa4ac0

CryptUpdateProtectedState

Ordinal 1243
Address 0x12a198
ForwardName DPAPI.CryptUpdateProtectedState

CryptVerifyCertificateSignature

Ordinal 1244
Address 0x8c140

CryptVerifyCertificateSignatureEx

Ordinal 1245
Address 0x18170

CryptVerifyDetachedMessageHash

Ordinal 1246
Address 0x97b20

CryptVerifyDetachedMessageSignature

Ordinal 1247
Address 0x97b80

CryptVerifyMessageHash

Ordinal 1248
Address 0x97c00

CryptVerifyMessageSignature

Ordinal 1249
Address 0x97c50

CryptVerifyMessageSignatureWithKey

Ordinal 1250
Address 0x97cd0

CryptVerifyTimeStampSignature

Ordinal 1251
Address 0xf620

I_CertChainEngineIsDisallowedCertificate

Ordinal 1252
Address 0x40b80

I_CertDiagControl

Ordinal 1253
Address 0xeb00

I_CertFinishSslHandshake

Ordinal 1254
Address 0x3d4c0

I_CertProcessSslHandshake

Ordinal 1255
Address 0x3cf20

I_CertProtectFunction

Ordinal 1256
Address 0x49b40

I_CertSrvProtectFunction

Ordinal 1257
Address 0x10e10

I_CertSyncStore

Ordinal 1258
Address 0x89a60

I_CertUpdateStore

Ordinal 1259
Address 0x56010

I_CryptAddRefLruEntry

Ordinal 1260
Address 0xc9f50

I_CryptAddSmartCardCertToStore

Ordinal 1261
Address 0xb6d40

I_CryptAllocTls

Ordinal 1262
Address 0x56900

I_CryptAllocTlsEx

Ordinal 1263
Address 0x38300

I_CryptCreateLruCache

Ordinal 1264
Address 0x300c0

I_CryptCreateLruEntry

Ordinal 1265
Address 0x1e170

I_CryptDetachTls

Ordinal 1266
Address 0x4f430

I_CryptDisableLruOfEntries

Ordinal 1267
Address 0xc9f60

I_CryptEnableLruOfEntries

Ordinal 1268
Address 0xc9fa0

I_CryptEnumMatchingLruEntries

Ordinal 1269
Address 0x55dc0

I_CryptFindLruEntry

Ordinal 1270
Address 0x4afa0

I_CryptFindLruEntryData

Ordinal 1271
Address 0xca010

I_CryptFindSmartCardCertInStore

Ordinal 1272
Address 0xb6e50

I_CryptFlushLruCache

Ordinal 1273
Address 0x53c90

I_CryptFreeLruCache

Ordinal 1274
Address 0x56160

I_CryptFreeTls

Ordinal 1275
Address 0x52ae0

I_CryptGetAsn1Decoder

Ordinal 1276
Address 0x28b40

I_CryptGetAsn1Encoder

Ordinal 1277
Address 0x288c0

I_CryptGetDefaultCryptProv

Ordinal 1278
Address 0x3be50

I_CryptGetDefaultCryptProvForEncrypt

Ordinal 1279
Address 0xb3b30

I_CryptGetFileVersion

Ordinal 1280
Address 0x78200

I_CryptGetLruEntryData

Ordinal 1281
Address 0x54d80

I_CryptGetLruEntryIdentifier

Ordinal 1282
Address 0xca040

I_CryptGetOssGlobal

Ordinal 1283
Address 0xb70a0

I_CryptGetTls

Ordinal 1284
Address 0x247a0

I_CryptInsertLruEntry

Ordinal 1285
Address 0x54b40

I_CryptInstallAsn1Module

Ordinal 1286
Address 0x3ae90

I_CryptInstallOssGlobal

Ordinal 1287
Address 0xb70a0

I_CryptReadTrustedPublisherDWORDValueFromRegistry

Ordinal 1288
Address 0x4aaf0

I_CryptRegisterSmartCardStore

Ordinal 1289
Address 0x95640

I_CryptReleaseLruEntry

Ordinal 1290
Address 0x55db0

I_CryptRemoveLruEntry

Ordinal 1291
Address 0x56e60

I_CryptSetTls

Ordinal 1292
Address 0x3c3b0

I_CryptTouchLruEntry

Ordinal 1293
Address 0x560d0

I_CryptUninstallAsn1Module

Ordinal 1294
Address 0x52ad0

I_CryptUninstallOssGlobal

Ordinal 1295
Address 0xb70a0

I_CryptUnregisterSmartCardStore

Ordinal 1296
Address 0x95640

I_CryptWalkAllLruCacheEntries

Ordinal 1297
Address 0x571f0

PFXExportCertStore

Ordinal 1298
Address 0xd0930

PFXExportCertStore2

Ordinal 1299
Address 0xd0a90

PFXExportCertStoreEx

Ordinal 1300
Address 0xd0ab0

PFXImportCertStore

Ordinal 1301
Address 0xd1a0

PFXIsPFXBlob

Ordinal 1302
Address 0xc070

PFXVerifyPassword

Ordinal 1303
Address 0xd0ca0

(#12)

Ordinal 2000
Address 0xa470

1010

Type AUTHROOTS
Language English - United States
Codepage UNKNOWN
Size 0x63c79
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.59833
MD5 b3efc448437db393b79cfa6b071afac6
SHA1 e73ffebac3017cfee39ee0c2e7fde7bc6a5da29f
SHA256 2446bba7f12605c91a6e1f570eae7fab550fbeead6a65d7c60de66005d78300f
SHA3 f9ff0119db66e3401f1421971d8f2c608d5dcf7f1703742606ea5acd8dbc88cf

1020

Type AUTHROOTSTL
Language English - United States
Codepage UNKNOWN
Size 0x1b85f
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.4721
MD5 c502eaa66bc7c4656e917758f03b3707
SHA1 fcf1a777bb82daf1e5f353818d6045c926b4f015
SHA256 0efe8455a273c22d2fdcf3d02be7f446a515a5504182a65d64a347c82972ce4f
SHA3 8977fd4484d10ef9018dbc8a9d25d4ee3f6ef92d5d74d7b913d0caa960412914

1

Type MUI
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.01537
MD5 e3e6d580800e950d9f06defee0df5c91
SHA1 0fc4e00d737a912b5cd2ff91d2d0f7017d564848
SHA256 a254b4b5549609e3eb3c08710f0781d471b40953bde01a7669598ae8ec4573cd
SHA3 3b746513f82add9904a9d513e843bc12e0e7171ed6f21672993146da67b016df

1011

Type UPDROOTS
Language English - United States
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.12193
MD5 ffa564b37001f3d6c4091290106ff61d
SHA1 342af37dae940b12755f2091d36c7b659c22cb8a
SHA256 1fda555fc5f2a09c794d0cac4a6ed290444ed4980b8dc14022a937cb79750233
SHA3 e1034098c5a8d78c0930aa827e99f16ef6d97790b8059277a37af1febd0fd5e0

1 (#2)

Type WEVT_TEMPLATE
Language English - United States
Codepage UNKNOWN
Size 0x2bae
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.62335
MD5 63651cbbba6930dbc1229a8934c887af
SHA1 1db0f84eb1b61de4c907719d03dee712591b8972
SHA256 3ba01188234e8a4f0e6b87bbe46bc060387547ccba86bc5026899c53c89885dd
SHA3 af6a3740055ba8155ecc500103e39d6ae564234c7320f9219eb78e31b139b5c5

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x388
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.56658
MD5 150c288cf80203d0c5ba867a0af845b0
SHA1 0353f3665e5704a4a084f0f65cc249c84560050c
SHA256 393cbfa3612cb0f9f445e48f7906d8243d4ac6821190c89036efb3e5cf8b69f3
SHA3 32f4bc87379b526c99a5f91747e6d4230f013e2a56c1ab287f3a1f22bbe4962d

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.15063.1058
ProductVersion 10.0.15063.1058
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_DLL
Language English - United States
CompanyName Microsoft Corporation
FileDescription Crypto API32
FileVersion (#2) 10.0.15063.1058 (WinBuild.160101.0800)
InternalName CRYPT32.DLL
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename CRYPT32.DLL
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.15063.1058
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2017-Apr-29 07:14:49
Version 0.0
SizeofData 36
AddressOfRawData 0x11763c
PointerToRawData 0x115c3c
Referenced File crypt32.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2017-Apr-29 07:14:49
Version 0.0
SizeofData 1712
AddressOfRawData 0x117660
PointerToRawData 0x115c60

UNKNOWN

Characteristics 0
TimeDateStamp 2017-Apr-29 07:14:49
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0xf4
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x18012e5f8
GuardCFCheckFunctionPointer 6443514160
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0x5093a048
Unmarked objects 0
Imports (VS2015 v14.0.? compiler 24610) 2
Imports (VS2008 SP1 build 30729) 77
Total imports 1462
C objects (VS2015 v14.0.? compiler 24610) 10
ASM objects (VS2015 v14.0.? compiler 24610) 4
C++ objects (VS2015 v14.0.? compiler 24610) 11
Exports (VS2015 v14.0.? compiler 24610) 1
C++ objects (POGO O) (VS2015 v14.0.? compiler 24610) 127
253 (VS2015 v14.0.? compiler 24610) 1
Resource objects (VS2015 v14.0.? compiler 24610) 1
Linker (VS2015 v14.0.? compiler 24610) 1

Errors

[*] Warning: 696 invalid export(s) not shown.
Leave a comment

No comments yet.