3c7d9ecd...bf9a | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win8.1_64 | exe
Classification: Trojan, Dropper

3c7d9ecd35b21a2a8fac7cce4fdb3e11c1950d5a02a0c0b369f4082acf00bf9a (SHA256)

3c7d9ecd35b21a2a8fac7cce4fdb3e11c1950d5a02a0c0b369f4082acf00bf9a.exe

Windows Exe (x86-32)

Created at 2018-05-16 15:35:00

...

Notifications (2/2)

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

The operating system was rebooted during the analysis because the sample installed a startup script or application for persistence.

Remarks

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 bytes
...
2063 512 bytes
...

Files Information

Number of sample files submitted for analysis 1
Number of files created and extracted during analysis 72
Number of files modified and extracted during analysis 140
c:\users\5jghkoaofdp\desktop\3c7d9ecd35b21a2a8fac7cce4fdb3e11c1950d5a02a0c0b369f4082acf00bf9a.exe, ...
Blacklisted
»
File Properties
Names c:\users\5jghkoaofdp\desktop\3c7d9ecd35b21a2a8fac7cce4fdb3e11c1950d5a02a0c0b369f4082acf00bf9a.exe (Sample File)
c:\windows\svchost.exe (Created File)
Size 16.50 KB
Hash Values MD5: 1221ac9d607af73c65fd6c62bec3d249
SHA1: 518d5a0a8025147b9e29821bccdaf3b42c0d01db
SHA256: 3c7d9ecd35b21a2a8fac7cce4fdb3e11c1950d5a02a0c0b369f4082acf00bf9a
Actions
...
File Reputation Information
»
Information Value
Severity
Blacklisted
Names Win32.Trojan.Reconyc
Families Reconyc
Classification Trojan
PE Information
»
Information Value
Image Base 0x400000
Entry Point 0x4020f0
Size Of Code 0x1800
Size Of Initialized Data 0x3600
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2018-05-09 15:29:35
Compiler/Packer Unknown
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x16be 0x1800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.1
.rdata 0x403000 0x105c 0x1200 0x1c00 CNT_INITIALIZED_DATA, MEM_READ 5.22
.data 0x405000 0x1fd8 0x1000 0x2e00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.93
.reloc 0x407000 0x270 0x400 0x3e00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.79
Imports (61)
»
CRYPT32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CryptImportPublicKeyInfo 0x0 0x403030 0x3b38 0x2738
CryptStringToBinaryA 0x0 0x403034 0x3b3c 0x273c
CryptDecodeObjectEx 0x0 0x403038 0x3b40 0x2740
SHLWAPI.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
PathCombineW 0x0 0x403100 0x3c08 0x2808
PathFindExtensionW 0x0 0x403104 0x3c0c 0x280c
MSVCRT.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
realloc 0x0 0x4030c0 0x3bc8 0x27c8
free 0x0 0x4030c4 0x3bcc 0x27cc
_wfopen 0x0 0x4030c8 0x3bd0 0x27d0
fwrite 0x0 0x4030cc 0x3bd4 0x27d4
rand 0x0 0x4030d0 0x3bd8 0x27d8
fseek 0x0 0x4030d4 0x3bdc 0x27dc
fclose 0x0 0x4030d8 0x3be0 0x27e0
srand 0x0 0x4030dc 0x3be4 0x27e4
malloc 0x0 0x4030e0 0x3be8 0x27e8
memset 0x0 0x4030e4 0x3bec 0x27ec
memcpy 0x0 0x4030e8 0x3bf0 0x27f0
KERNEL32.dll (31)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
lstrcmpW 0x0 0x403040 0x3b48 0x2748
GetFileSizeEx 0x0 0x403044 0x3b4c 0x274c
CreateFileW 0x0 0x403048 0x3b50 0x2750
UnmapViewOfFile 0x0 0x40304c 0x3b54 0x2754
CloseHandle 0x0 0x403050 0x3b58 0x2758
GetFileSize 0x0 0x403054 0x3b5c 0x275c
CreateFileMappingW 0x0 0x403058 0x3b60 0x2760
MapViewOfFile 0x0 0x40305c 0x3b64 0x2764
MoveFileW 0x0 0x403060 0x3b68 0x2768
LocalFree 0x0 0x403064 0x3b6c 0x276c
FindFirstFileW 0x0 0x403068 0x3b70 0x2770
FindNextFileW 0x0 0x40306c 0x3b74 0x2774
GetCurrentProcess 0x0 0x403070 0x3b78 0x2778
GetModuleFileNameW 0x0 0x403074 0x3b7c 0x277c
WaitForMultipleObjects 0x0 0x403078 0x3b80 0x2780
GetTempPathW 0x0 0x40307c 0x3b84 0x2784
CreateMutexW 0x0 0x403080 0x3b88 0x2788
FindClose 0x0 0x403084 0x3b8c 0x278c
ReleaseMutex 0x0 0x403088 0x3b90 0x2790
Wow64EnableWow64FsRedirection 0x0 0x40308c 0x3b94 0x2794
SetFileAttributesW 0x0 0x403090 0x3b98 0x2798
GetLogicalDriveStringsW 0x0 0x403094 0x3b9c 0x279c
Sleep 0x0 0x403098 0x3ba0 0x27a0
LoadLibraryA 0x0 0x40309c 0x3ba4 0x27a4
DeleteFileW 0x0 0x4030a0 0x3ba8 0x27a8
CreateThread 0x0 0x4030a4 0x3bac 0x27ac
GetWindowsDirectoryW 0x0 0x4030a8 0x3bb0 0x27b0
GetProcAddress 0x0 0x4030ac 0x3bb4 0x27b4
ExitProcess 0x0 0x4030b0 0x3bb8 0x27b8
CopyFileW 0x0 0x4030b4 0x3bbc 0x27bc
OpenMutexW 0x0 0x4030b8 0x3bc0 0x27c0
ADVAPI32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegSetValueExW 0x0 0x403000 0x3b08 0x2708
CryptAcquireContextW 0x0 0x403004 0x3b0c 0x270c
GetTokenInformation 0x0 0x403008 0x3b10 0x2710
RegOpenKeyW 0x0 0x40300c 0x3b14 0x2714
RegCreateKeyW 0x0 0x403010 0x3b18 0x2718
LookupPrivilegeValueW 0x0 0x403014 0x3b1c 0x271c
AdjustTokenPrivileges 0x0 0x403018 0x3b20 0x2720
RegCloseKey 0x0 0x40301c 0x3b24 0x2724
CryptEncrypt 0x0 0x403020 0x3b28 0x2728
OpenProcessToken 0x0 0x403024 0x3b2c 0x272c
RegOpenKeyExW 0x0 0x403028 0x3b30 0x2730
SHELL32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ShellExecuteW 0x0 0x4030f0 0x3bf8 0x27f8
SHGetSpecialFolderLocation 0x0 0x4030f4 0x3bfc 0x27fc
SHGetPathFromIDListW 0x0 0x4030f8 0x3c00 0x2800
c:\windows\svchost.exe
»
File Properties
Names c:\windows\svchost.exe (Created File)
Size 0.00 KB
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\boot\bcd.log1, ...
»
File Properties
Names c:\boot\bcd.log1 (Modified File)
c:\boot\bcd.log1.[sepsis@protonmail.com].sepsis (Created File)
c:\boot\bcd.log2 (Modified File)
c:\boot\bcd.log2.[sepsis@protonmail.com].sepsis (Created File)
Size 0.18 KB
Hash Values MD5: 9d545a04b7368d29972e89376eeeb264
SHA1: 0e819aef207a012e2d068ca32360ac65b6bfcab9
SHA256: b4dd973aed2766bb439db73e91d88cc945fb283e68e437c2e330ce652e0123c5
Actions
...
c:\boot\bootstat.dat
»
File Properties
Names c:\boot\bootstat.dat (Modified File)
Size 64.00 KB
Hash Values MD5: f5f732c22575bee4bba87805f554b311
SHA1: 16d12675c2c07f4194b57307ec887a03de5d6299
SHA256: 0c86848f3f2c2512e66819c64ba67c85b02f7241df3d850edcdcf18063f2953d
Actions
...
c:\boot\bootstat.dat, ...
»
File Properties
Names c:\boot\bootstat.dat (Modified File)
c:\boot\bootstat.dat.[sepsis@protonmail.com].sepsis (Created File)
Size 64.18 KB
Hash Values MD5: 4ea95f48d0f2d0e5b75802d21c075970
SHA1: cc14d658ed5360f09019758eab9bcdbc17ef315b
SHA256: 0a468b854de09777e9c8cbee51bbab967207821070105daea6832e8d58b8bfa9
Actions
...
c:\bootnxt
»
File Properties
Names c:\bootnxt (Modified File)
Size 0.00 KB
Hash Values MD5: 93b885adfe0da089cdf634904fd59f71
SHA1: 5ba93c9db0cff93f52b521d7420e43f6eda2784f
SHA256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Actions
...
c:\bootnxt, ...
»
File Properties
Names c:\bootnxt (Modified File)
c:\bootnxt.[sepsis@protonmail.com].sepsis (Created File)
Size 0.18 KB
Hash Values MD5: 75083afb5f033e0d63f25e50f64f1641
SHA1: 0390bc6aa882f0cda5a80f382a544087bbbfb2ba
SHA256: ba1194ff004e688f680e9426e8a2d8b55c250d103b97267361c4f2a0042dd8cb
Actions
...
c:\program files\common files\designer\msaddndr.olb
»
File Properties
Names c:\program files\common files\designer\msaddndr.olb (Modified File)
Size 15.61 KB
Hash Values MD5: 1108df7d19a17c500de8ac684950d742
SHA1: 3588c2cefafc75a8770efd61a29d9b49419c4bc2
SHA256: fbb1b8d5cf7b943ee9367e5da820ba3f10bdc40acdc0459ca4a27dc7ee5762e9
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0x1a00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2015-08-14 22:15:32
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rdata 0x180001000 0x1a4 0x200 0x400 CNT_INITIALIZED_DATA, MEM_READ 2.24
.rsrc 0x180002000 0x1648 0x1800 0x600 CNT_INITIALIZED_DATA, MEM_READ 3.77
Digital Signatures (2)
»
Signature Properties
InternalName MsAddnDr
FileVersion 16.0.4266.1003
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2016
ProductVersion 16.0.4266.1003
FileDescription Microsoft Add-In Designer Object Library
MOSEVersion BETA
OriginalFilename MSAddnDr.olb
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2015-06-04 17:40
Valid to 2016-09-04 17:40
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 78 32 5D 60 FF A5 91 38 1D 00 00 00 00 00 78
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Issuer Certificate: Microsoft Root Certificate Authority
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2001-05-09 23:19
Valid to 2021-05-09 23:28
Algorithm SHA-1 with RSA Encryption
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2015-06-04 17:42
Valid to 2016-09-04 17:42
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 01 0A 2C 79 AE D7 79 7B A6 AC 00 01 00 00 01 0A
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Issuer Certificate: Microsoft Root Certificate Authority
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2001-05-09 23:19
Valid to 2021-05-09 23:28
Algorithm SHA-1 with RSA Encryption
Serial number 79 AD 16 A1 4A A0 A5 AD 4C 73 58 F4 07 13 2E 65
c:\program files\common files\designer\msaddndr.olb, ...
»
File Properties
Names c:\program files\common files\designer\msaddndr.olb (Modified File)
c:\program files\common files\designer\msaddndr.olb.[sepsis@protonmail.com].sepsis (Created File)
Size 15.79 KB
Hash Values MD5: 228da1815eb645b81cb702ba4c93d3e8
SHA1: d683d6a5399d65be44ea7218a6c8134e187e6f48
SHA256: cfac4d55bfc01bdf961127632ac255478390794a760de3030776396c413b18af
Actions
...
c:\program files\common files\microsoft shared\dw\dbghelp.dll
»
File Properties
Names c:\program files\common files\microsoft shared\dw\dbghelp.dll (Modified File)
Size 1.31 MB
Hash Values MD5: 312289e1292aff1d25bb6a7df4d2bbe2
SHA1: 9ad793bcb21e3e9b18d840c00c8ddab567bac5f5
SHA256: 90074968c979523b006746c21134550ccd7067466cfe24b78276c72fbf48be74
Actions
...
PE Information
»
Information Value
Image Base 0x3000000
Entry Point 0x30ac044
Size Of Code 0x136a00
Size Of Initialized Data 0x2e800
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2009-01-31 01:17:46
Compiler/Packer Unknown
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x3001000 0x1369c5 0x136a00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 5.99
.data 0x3138000 0x1e1b0 0x5c00 0x136e00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 1.13
.pdata 0x3157000 0xa2fc 0xa400 0x13ca00 CNT_INITIALIZED_DATA, MEM_READ 5.98
.rsrc 0x3162000 0x3f0 0x400 0x146e00 CNT_INITIALIZED_DATA, MEM_READ 3.4
.reloc 0x3163000 0x5c16 0x5e00 0x147200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.2
Imports (184)
»
msvcrt.dll (85)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_isatty 0x0 0x3001320 0x1355d8 0x1349d8
_write 0x0 0x3001328 0x1355e0 0x1349e0
_lseeki64 0x0 0x3001330 0x1355e8 0x1349e8
_fileno 0x0 0x3001338 0x1355f0 0x1349f0
_read 0x0 0x3001340 0x1355f8 0x1349f8
__pioinfo 0x0 0x3001348 0x135600 0x134a00
__badioinfo 0x0 0x3001350 0x135608 0x134a08
??1type_info@@UEAA@XZ 0x0 0x3001358 0x135610 0x134a10
ferror 0x0 0x3001360 0x135618 0x134a18
wctomb 0x0 0x3001368 0x135620 0x134a20
_snprintf 0x0 0x3001370 0x135628 0x134a28
_iob 0x0 0x3001378 0x135630 0x134a30
isleadbyte 0x0 0x3001380 0x135638 0x134a38
__mb_cur_max 0x0 0x3001388 0x135640 0x134a40
mbtowc 0x0 0x3001390 0x135648 0x134a48
_onexit 0x0 0x3001398 0x135650 0x134a50
_lock 0x0 0x30013a0 0x135658 0x134a58
__dllonexit 0x0 0x30013a8 0x135660 0x134a60
_unlock 0x0 0x30013b0 0x135668 0x134a68
_CxxThrowException 0x0 0x30013b8 0x135670 0x134a70
memset 0x0 0x30013c0 0x135678 0x134a78
memcpy 0x0 0x30013c8 0x135680 0x134a80
_ismbblead 0x0 0x30013d0 0x135688 0x134a88
__C_specific_handler 0x0 0x30013d8 0x135690 0x134a90
_amsg_exit 0x0 0x30013e0 0x135698 0x134a98
_initterm 0x0 0x30013e8 0x1356a0 0x134aa0
_XcptFilter 0x0 0x30013f0 0x1356a8 0x134aa8
memmove 0x0 0x30013f8 0x1356b0 0x134ab0
_errno 0x0 0x3001400 0x1356b8 0x134ab8
__CxxFrameHandler 0x0 0x3001408 0x1356c0 0x134ac0
iswspace 0x0 0x3001410 0x1356c8 0x134ac8
calloc 0x0 0x3001418 0x1356d0 0x134ad0
_itoa 0x0 0x3001420 0x1356d8 0x134ad8
_wcsdup 0x0 0x3001428 0x1356e0 0x134ae0
towlower 0x0 0x3001430 0x1356e8 0x134ae8
tolower 0x0 0x3001438 0x1356f0 0x134af0
_wcslwr 0x0 0x3001440 0x1356f8 0x134af8
_wctime 0x0 0x3001448 0x135700 0x134b00
time 0x0 0x3001450 0x135708 0x134b08
??_V@YAXPEAX@Z 0x0 0x3001458 0x135710 0x134b10
_ltoa 0x0 0x3001460 0x135718 0x134b18
_wcsnicmp 0x0 0x3001468 0x135720 0x134b20
_purecall 0x0 0x3001470 0x135728 0x134b28
ctime 0x0 0x3001478 0x135730 0x134b30
malloc 0x0 0x3001480 0x135738 0x134b38
strncmp 0x0 0x3001488 0x135740 0x134b40
isspace 0x0 0x3001490 0x135748 0x134b48
_stricmp 0x0 0x3001498 0x135750 0x134b50
free 0x0 0x30014a0 0x135758 0x134b58
_strlwr 0x0 0x30014a8 0x135760 0x134b60
wcsrchr 0x0 0x30014b0 0x135768 0x134b68
strstr 0x0 0x30014b8 0x135770 0x134b70
_wcsicmp 0x0 0x30014c0 0x135778 0x134b78
qsort 0x0 0x30014c8 0x135780 0x134b80
iswxdigit 0x0 0x30014d0 0x135788 0x134b88
wcsncmp 0x0 0x30014d8 0x135790 0x134b90
_vsnwprintf 0x0 0x30014e0 0x135798 0x134b98
iswprint 0x0 0x30014e8 0x1357a0 0x134ba0
atol 0x0 0x30014f0 0x1357a8 0x134ba8
fclose 0x0 0x30014f8 0x1357b0 0x134bb0
__unDName 0x0 0x3001500 0x1357b8 0x134bb8
iswdigit 0x0 0x3001508 0x1357c0 0x134bc0
memcmp 0x0 0x3001510 0x1357c8 0x134bc8
bsearch 0x0 0x3001518 0x1357d0 0x134bd0
_wfsopen 0x0 0x3001520 0x1357d8 0x134bd8
fread 0x0 0x3001528 0x1357e0 0x134be0
fseek 0x0 0x3001530 0x1357e8 0x134be8
wcstol 0x0 0x3001538 0x1357f0 0x134bf0
strchr 0x0 0x3001540 0x1357f8 0x134bf8
??_U@YAPEAX_K@Z 0x0 0x3001548 0x135800 0x134c00
_time64 0x0 0x3001550 0x135808 0x134c08
_wfullpath 0x0 0x3001558 0x135810 0x134c10
_get_osfhandle 0x0 0x3001560 0x135818 0x134c18
_chsize 0x0 0x3001568 0x135820 0x134c20
_close 0x0 0x3001570 0x135828 0x134c28
_open_osfhandle 0x0 0x3001578 0x135830 0x134c30
ftell 0x0 0x3001580 0x135838 0x134c38
_memicmp 0x0 0x3001588 0x135840 0x134c40
_mbscmp 0x0 0x3001590 0x135848 0x134c48
_wgetenv 0x0 0x3001598 0x135850 0x134c50
wcsstr 0x0 0x30015a0 0x135858 0x134c58
wcschr 0x0 0x30015a8 0x135860 0x134c60
??3@YAXPEAX@Z 0x0 0x30015b0 0x135868 0x134c68
??2@YAPEAX_K@Z 0x0 0x30015b8 0x135870 0x134c70
_wsopen 0x0 0x30015c0 0x135878 0x134c78
KERNEL32.dll (99)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
MoveFileW 0x0 0x3001000 0x1352b8 0x1346b8
CreateFileW 0x0 0x3001008 0x1352c0 0x1346c0
DeleteFileW 0x0 0x3001010 0x1352c8 0x1346c8
CreateDirectoryW 0x0 0x3001018 0x1352d0 0x1346d0
FlushViewOfFile 0x0 0x3001020 0x1352d8 0x1346d8
MapViewOfFileEx 0x0 0x3001028 0x1352e0 0x1346e0
GetCurrentDirectoryW 0x0 0x3001030 0x1352e8 0x1346e8
InitializeCriticalSectionAndSpinCount 0x0 0x3001038 0x1352f0 0x1346f0
GetFileType 0x0 0x3001040 0x1352f8 0x1346f8
DeviceIoControl 0x0 0x3001048 0x135300 0x134700
SetFileAttributesW 0x0 0x3001050 0x135308 0x134708
__chkstk 0x0 0x3001058 0x135310 0x134710
CreateFileMappingW 0x0 0x3001060 0x135318 0x134718
LCMapStringW 0x0 0x3001068 0x135320 0x134720
LocalFree 0x0 0x3001070 0x135328 0x134728
GetVersion 0x0 0x3001078 0x135330 0x134730
FormatMessageW 0x0 0x3001080 0x135338 0x134738
DelayLoadFailureHook 0x0 0x3001088 0x135340 0x134740
SetUnhandledExceptionFilter 0x0 0x3001090 0x135348 0x134748
UnhandledExceptionFilter 0x0 0x3001098 0x135350 0x134750
TerminateProcess 0x0 0x30010a0 0x135358 0x134758
GetTickCount 0x0 0x30010a8 0x135360 0x134760
QueryPerformanceCounter 0x0 0x30010b0 0x135368 0x134768
RtlCaptureContext 0x0 0x30010b8 0x135370 0x134770
RtlLookupFunctionEntry 0x0 0x30010c0 0x135378 0x134778
RtlVirtualUnwind 0x0 0x30010c8 0x135380 0x134780
VirtualQueryEx 0x0 0x30010d0 0x135388 0x134788
GetThreadTimes 0x0 0x30010d8 0x135390 0x134790
GetThreadPriority 0x0 0x30010e0 0x135398 0x134798
GetPriorityClass 0x0 0x30010e8 0x1353a0 0x1347a0
GetThreadContext 0x0 0x30010f0 0x1353a8 0x1347a8
ResumeThread 0x0 0x30010f8 0x1353b0 0x1347b0
SuspendThread 0x0 0x3001100 0x1353b8 0x1347b8
GetCurrentThreadId 0x0 0x3001108 0x1353c0 0x1347c0
IsProcessorFeaturePresent 0x0 0x3001110 0x1353c8 0x1347c8
GetSystemInfo 0x0 0x3001118 0x1353d0 0x1347d0
GetSystemTimeAsFileTime 0x0 0x3001120 0x1353d8 0x1347d8
lstrcmpiW 0x0 0x3001128 0x1353e0 0x1347e0
Sleep 0x0 0x3001130 0x1353e8 0x1347e8
LoadLibraryExA 0x0 0x3001138 0x1353f0 0x1347f0
ReadProcessMemory 0x0 0x3001140 0x1353f8 0x1347f8
GetProcessHeap 0x0 0x3001148 0x135400 0x134800
LoadLibraryW 0x0 0x3001150 0x135408 0x134808
GetSystemDirectoryW 0x0 0x3001158 0x135410 0x134810
GetFileAttributesA 0x0 0x3001160 0x135418 0x134818
SetErrorMode 0x0 0x3001168 0x135420 0x134820
GetVersionExW 0x0 0x3001170 0x135428 0x134828
OutputDebugStringW 0x0 0x3001178 0x135430 0x134830
OutputDebugStringA 0x0 0x3001180 0x135438 0x134838
WriteFile 0x0 0x3001188 0x135440 0x134840
VirtualFree 0x0 0x3001190 0x135448 0x134848
OpenProcess 0x0 0x3001198 0x135450 0x134850
GetCurrentProcessId 0x0 0x30011a0 0x135458 0x134858
GetModuleHandleA 0x0 0x30011a8 0x135460 0x134860
MapViewOfFile 0x0 0x30011b0 0x135468 0x134868
CreateFileMappingA 0x0 0x30011b8 0x135470 0x134870
UnmapViewOfFile 0x0 0x30011c0 0x135478 0x134878
GetCurrentProcess 0x0 0x30011c8 0x135480 0x134880
DuplicateHandle 0x0 0x30011d0 0x135488 0x134888
VirtualProtect 0x0 0x30011d8 0x135490 0x134890
VirtualAlloc 0x0 0x30011e0 0x135498 0x134898
CreateDirectoryA 0x0 0x30011e8 0x1354a0 0x1348a0
GetFileAttributesW 0x0 0x30011f0 0x1354a8 0x1348a8
GetFullPathNameW 0x0 0x30011f8 0x1354b0 0x1348b0
WideCharToMultiByte 0x0 0x3001200 0x1354b8 0x1348b8
MultiByteToWideChar 0x0 0x3001208 0x1354c0 0x1348c0
ExpandEnvironmentStringsW 0x0 0x3001210 0x1354c8 0x1348c8
GetModuleFileNameW 0x0 0x3001218 0x1354d0 0x1348d0
SetLastError 0x0 0x3001220 0x1354d8 0x1348d8
FindFirstFileW 0x0 0x3001228 0x1354e0 0x1348e0
FindClose 0x0 0x3001230 0x1354e8 0x1348e8
FindNextFileW 0x0 0x3001238 0x1354f0 0x1348f0
LocalAlloc 0x0 0x3001240 0x1354f8 0x1348f8
EnterCriticalSection 0x0 0x3001248 0x135500 0x134900
LeaveCriticalSection 0x0 0x3001250 0x135508 0x134908
CreateFileA 0x0 0x3001258 0x135510 0x134910
GetFileSize 0x0 0x3001260 0x135518 0x134918
ReadFile 0x0 0x3001268 0x135520 0x134920
CloseHandle 0x0 0x3001270 0x135528 0x134928
GetLastError 0x0 0x3001278 0x135530 0x134930
TlsGetValue 0x0 0x3001280 0x135538 0x134938
TlsSetValue 0x0 0x3001288 0x135540 0x134940
LoadLibraryA 0x0 0x3001290 0x135548 0x134948
GetProcAddress 0x0 0x3001298 0x135550 0x134950
FreeLibrary 0x0 0x30012a0 0x135558 0x134958
TlsAlloc 0x0 0x30012a8 0x135560 0x134960
TlsFree 0x0 0x30012b0 0x135568 0x134968
GetVersionExA 0x0 0x30012b8 0x135570 0x134970
InitializeCriticalSection 0x0 0x30012c0 0x135578 0x134978
HeapCreate 0x0 0x30012c8 0x135580 0x134980
HeapDestroy 0x0 0x30012d0 0x135588 0x134988
DeleteCriticalSection 0x0 0x30012d8 0x135590 0x134990
HeapReAlloc 0x0 0x30012e0 0x135598 0x134998
HeapAlloc 0x0 0x30012e8 0x1355a0 0x1349a0
HeapFree 0x0 0x30012f0 0x1355a8 0x1349a8
IsDBCSLeadByte 0x0 0x30012f8 0x1355b0 0x1349b0
GetEnvironmentVariableW 0x0 0x3001300 0x1355b8 0x1349b8
CopyFileW 0x0 0x3001308 0x1355c0 0x1349c0
SetFilePointer 0x0 0x3001310 0x1355c8 0x1349c8
Exports (203)
»
Api name EAT Address Ordinal
DbgHelpCreateUserDump 0x3060da0 0x2
DbgHelpCreateUserDumpW 0x3060ec0 0x3
EnumDirTree 0x304fb20 0x4
EnumDirTreeW 0x304fc60 0x5
EnumerateLoadedModules 0x3048df0 0x6
EnumerateLoadedModules64 0x3048df0 0x7
EnumerateLoadedModulesEx 0x3048f30 0x8
EnumerateLoadedModulesExW 0x3048fd0 0x9
EnumerateLoadedModulesW64 0x3048e90 0xa
ExtensionApiVersion 0x3031f30 0xb
FindDebugInfoFile 0x304e0a0 0xc
FindDebugInfoFileEx 0x304f260 0xd
FindDebugInfoFileExW 0x304f1f0 0xe
FindExecutableImage 0x304ce00 0xf
FindExecutableImageEx 0x304dcc0 0x10
FindExecutableImageExW 0x304de40 0x11
FindFileInPath 0x304cc60 0x12
FindFileInSearchPath 0x304cce0 0x13
GetTimestampForLoadedLibrary 0x303b100 0x14
ImageDirectoryEntryToData 0x303ab30 0x15
ImageDirectoryEntryToDataEx 0x303a970 0x16
ImageNtHeader 0x303a4f0 0x17
ImageRvaToSection 0x303ab80 0x18
ImageRvaToVa 0x303ac30 0x19
ImagehlpApiVersion 0x30500e0 0x1a
ImagehlpApiVersionEx 0x30500f0 0x1b
MakeSureDirectoryPathExists 0x304fe50 0x1c
MiniDumpReadDumpStream 0x3074000 0x1d
MiniDumpWriteDump 0x3073c40 0x1e
SearchTreeForFile 0x304fce0 0x1f
SearchTreeForFileW 0x304fd30 0x20
StackWalk 0x306b210 0x21
StackWalk64 0x306b210 0x22
SymAddSourceStream 0x30460c0 0x23
SymAddSourceStreamA 0x3046050 0x24
SymAddSourceStreamW 0x3045e20 0x25
SymAddSymbol 0x3049760 0x26
SymAddSymbolW 0x3049670 0x27
SymCleanup 0x3043d30 0x28
SymDeleteSymbol 0x30498d0 0x29
SymDeleteSymbolW 0x30497d0 0x2a
SymEnumLines 0x30466c0 0x2b
SymEnumLinesW 0x30467b0 0x2c
SymEnumProcesses 0x3044c60 0x2d
SymEnumSourceFileTokens 0x30463f0 0x2e
SymEnumSourceFiles 0x304b480 0x2f
SymEnumSourceFilesW 0x304b530 0x30
SymEnumSourceLines 0x3046850 0x31
SymEnumSourceLinesW 0x3046960 0x32
SymEnumSym 0x304a9d0 0x33
SymEnumSymbols 0x3049ed0 0x34
SymEnumSymbolsForAddr 0x304a770 0x35
SymEnumSymbolsForAddrW 0x304a8a0 0x36
SymEnumSymbolsW 0x3049f80 0x37
SymEnumTypes 0x304acc0 0x38
SymEnumTypesByName 0x304adc0 0x39
SymEnumTypesByNameW 0x304aec0 0x3a
SymEnumTypesW 0x304ad40 0x3b
SymEnumerateModules 0x3044ea0 0x3c
SymEnumerateModules64 0x3044ea0 0x3d
SymEnumerateModulesW64 0x3044f10 0x3e
SymEnumerateSymbols 0x3045120 0x3f
SymEnumerateSymbols64 0x3045120 0x40
SymEnumerateSymbolsW 0x30451a0 0x41
SymEnumerateSymbolsW64 0x30451a0 0x42
SymFindDebugInfoFile 0x304f370 0x43
SymFindDebugInfoFileW 0x304f4a0 0x44
SymFindExecutableImage 0x304deb0 0x45
SymFindExecutableImageW 0x304e000 0x46
SymFindFileInPath 0x304c9e0 0x47
SymFindFileInPathW 0x304cbb0 0x48
SymFromAddr 0x3049940 0x49
SymFromAddrW 0x30499c0 0x4a
SymFromIndex 0x304a520 0x4b
SymFromIndexW 0x304a5d0 0x4c
SymFromName 0x3049c00 0x4d
SymFromNameW 0x3049ca0 0x4e
SymFromToken 0x3049a40 0x4f
SymFromTokenW 0x3049b10 0x50
SymFunctionTableAccess 0x3047b20 0x51
SymFunctionTableAccess64 0x3047b20 0x52
SymGetFileLineOffsets64 0x303cc40 0x53
SymGetHomeDirectory 0x3044620 0x54
SymGetHomeDirectoryW 0x3044530 0x55
SymGetLineFromAddr 0x3046a10 0x56
SymGetLineFromAddr64 0x3046a10 0x57
SymGetLineFromAddrW64 0x3046af0 0x58
SymGetLineFromName 0x3047340 0x59
SymGetLineFromName64 0x3047340 0x5a
SymGetLineFromNameW64 0x3046c70 0x5b
SymGetLineNext 0x3047630 0x5c
SymGetLineNext64 0x3047630 0x5d
SymGetLineNextW64 0x30476a0 0x5e
SymGetLinePrev 0x30476d0 0x5f
SymGetLinePrev64 0x30476d0 0x60
SymGetLinePrevW64 0x3047740 0x61
SymGetModuleBase 0x3048450 0x62
SymGetModuleBase64 0x3048450 0x63
SymGetModuleInfo 0x3047f80 0x64
SymGetModuleInfo64 0x3047f80 0x65
SymGetModuleInfoW 0x3048020 0x66
SymGetModuleInfoW64 0x3048020 0x67
SymGetOmapBlockBase 0x3049e20 0x1
SymGetOmaps 0x3049d00 0x68
SymGetOptions 0x3044910 0x69
SymGetScope 0x304a330 0x6a
SymGetScopeW 0x304a3e0 0x6b
SymGetSearchPath 0x3048870 0x6c
SymGetSearchPathW 0x30488f0 0x6d
SymGetSourceFile 0x3045bb0 0x6e
SymGetSourceFileFromToken 0x3046110 0x6f
SymGetSourceFileFromTokenW 0x30461d0 0x70
SymGetSourceFileToken 0x3045cd0 0x71
SymGetSourceFileTokenW 0x3045d40 0x72
SymGetSourceFileW 0x3045c40 0x73
SymGetSourceVarFromToken 0x3046250 0x74
SymGetSourceVarFromTokenW 0x3046340 0x75
SymGetSymFromAddr 0x3045310 0x76
SymGetSymFromAddr64 0x3045310 0x77
SymGetSymFromName 0x30455f0 0x78
SymGetSymFromName64 0x30455f0 0x79
SymGetSymNext 0x30458f0 0x7a
SymGetSymNext64 0x30458f0 0x7b
SymGetSymPrev 0x3045920 0x7c
SymGetSymPrev64 0x3045920 0x7d
SymGetSymbolFile 0x30604c0 0x7e
SymGetSymbolFileW 0x305fe80 0x7f
SymGetTypeFromName 0x304af40 0x80
SymGetTypeFromNameW 0x304b020 0x81
SymGetTypeInfo 0x304baf0 0x82
SymGetTypeInfoEx 0x304bb70 0x83
SymGetUnwindInfo 0x3047d40 0x84
SymInitialize 0x3043b30 0x85
SymInitializeW 0x30437a0 0x86
SymLoadModule 0x3048780 0x87
SymLoadModule64 0x3048780 0x88
SymLoadModuleEx 0x3048630 0x89
SymLoadModuleExW 0x3048700 0x8a
SymMatchFileName 0x3047770 0x8b
SymMatchFileNameW 0x3047900 0x8c
SymMatchString 0x304b240 0x8d
SymMatchStringA 0x304b2b0 0x8e
SymMatchStringW 0x304b2f0 0x8f
SymNext 0x3045670 0x90
SymNextW 0x3045720 0x91
SymPrev 0x3045750 0x92
SymPrevW 0x3045800 0x93
SymRefreshModuleList 0x3043720 0x94
SymRegisterCallback 0x3049070 0x95
SymRegisterCallback64 0x3049070 0x96
SymRegisterCallbackW64 0x3049120 0x97
SymRegisterFunctionEntryCallback 0x3047a80 0x98
SymRegisterFunctionEntryCallback64 0x3047a80 0x99
SymSearch 0x304a1b0 0x9a
SymSearchW 0x304a280 0x9b
SymSetContext 0x3044920 0x9c
SymSetHomeDirectory 0x3044480 0x9d
SymSetHomeDirectoryW 0x30443b0 0x9e
SymSetOptions 0x30446c0 0x9f
SymSetParentWindow 0x3043d80 0xa0
SymSetScopeFromAddr 0x30449d0 0xa1
SymSetScopeFromIndex 0x3044aa0 0xa2
SymSetSearchPath 0x3048970 0xa3
SymSetSearchPathW 0x3048a90 0xa4
SymSrvDeltaName 0x305ede0 0xa5
SymSrvDeltaNameW 0x305eb40 0xa6
SymSrvGetFileIndexInfo 0x3060790 0xa7
SymSrvGetFileIndexInfoW 0x3060880 0xa8
SymSrvGetFileIndexString 0x305f670 0xa9
SymSrvGetFileIndexStringW 0x305f550 0xaa
SymSrvGetFileIndexes 0x305f4e0 0xab
SymSrvGetFileIndexesW 0x305f3f0 0xac
SymSrvGetSupplement 0x305f0a0 0xad
SymSrvGetSupplementW 0x305eed0 0xae
SymSrvIsStore 0x305eaf0 0xaf
SymSrvIsStoreW 0x305e9e0 0xb0
SymSrvStoreFile 0x305f890 0xb1
SymSrvStoreFileW 0x305f760 0xb2
SymSrvStoreSupplement 0x305f310 0xb3
SymSrvStoreSupplementW 0x305f170 0xb4
SymUnDName 0x30487e0 0xb5
SymUnDName64 0x30487e0 0xb6
SymUnloadModule 0x30484e0 0xb7
SymUnloadModule64 0x30484e0 0xb8
UnDecorateSymbolName 0x304bc10 0xb9
UnDecorateSymbolNameW 0x304bcd0 0xba
WinDbgExtensionDllInit 0x3031f40 0xbb
block 0x3034a10 0xbc
chksym 0x3034800 0xbd
dbghelp 0x3044be0 0xbe
dh 0x3036af0 0xbf
fptr 0x30321e0 0xc0
homedir 0x3034ec0 0xc1
itoldyouso 0x30345f0 0xc2
lmi 0x30331a0 0xc3
lminfo 0x3032d20 0xc4
omap 0x3034c00 0xc5
srcfiles 0x30350e0 0xc6
stack_force_ebp 0x3032830 0xc7
stackdbg 0x3032300 0xc8
sym 0x3032a10 0xc9
symsrv 0x3032ba0 0xca
vc7fpo 0x3032280 0xcb
Digital Signatures (2)
»
Signature Properties
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName DBGHELP.DLL
FileVersion 6.11.0001.402 (debuggers(dbg).090130-1606)
CompanyName Microsoft Corporation
ProductName Debugging Tools for Windows(R)
ProductVersion 6.11.0001.402
FileDescription Windows Image Helper
OriginalFilename DBGHELP.DLL
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2008-10-22 21:24
Valid to 2010-01-22 21:34
Algorithm SHA-1 with RSA Encryption
Serial number 61 06 27 81 00 00 00 00 00 08
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Authority
Valid from 2007-08-22 22:31
Valid to 2012-08-25 07:00
Algorithm 1, 3, 14, 3, 2, 29
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Timestamping PCA
Valid from 2008-07-25 19:02
Valid to 2013-07-25 19:12
Algorithm SHA-1 with RSA Encryption
Serial number 61 06 94 2D 00 00 00 00 00 09
Issuer Certificate: Microsoft Timestamping PCA
»
Certificate Properties
Issued by Microsoft Root Authority
Valid from 2006-09-16 01:04
Valid to 2019-09-15 07:00
Algorithm SHA-1 with RSA Encryption
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
c:\program files\common files\microsoft shared\dw\dbghelp.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\dw\dbghelp.dll (Modified File)
c:\program files\common files\microsoft shared\dw\dbghelp.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 1.31 MB
Hash Values MD5: 4679ab1652b6ae68dc69edade0a027c0
SHA1: 759b229ea4cf5e82296605071de808829199c353
SHA256: d00503057698662823a786fc3699cd36679e905690bb2d19d424b2cb5eadc3fe
Actions
...
c:\program files\common files\microsoft shared\dw\dw20.exe
»
File Properties
Names c:\program files\common files\microsoft shared\dw\dw20.exe (Modified File)
Size 974.20 KB
Hash Values MD5: 21587eaad3120394426b036fc5b7277f
SHA1: 5839ab008b6d865f76f1929963d25d1c47ee5524
SHA256: 9388cb208954158e0cc3c8647dcb2d476d9bff5b80006587ba0f3524c2f4429a
Actions
...
PE Information
»
Information Value
Image Base 0x140000000
Entry Point 0x140053f0c
Size Of Code 0x6de00
Size Of Initialized Data 0x84e00
Size Of Uninitialized Data 0x0
Format x64
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:31:12
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x6dc74 0x6de00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.42
.rdata 0x14006f000 0x2a564 0x2a600 0x6e200 CNT_INITIALIZED_DATA, MEM_READ 5.31
.data 0x14009a000 0x4f510 0x4e400 0x98800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 5.73
.pdata 0x1400ea000 0x5a9c 0x5c00 0xe6c00 CNT_INITIALIZED_DATA, MEM_READ 5.67
.rsrc 0x1400f0000 0x3a30 0x3c00 0xec800 CNT_INITIALIZED_DATA, MEM_READ 5.57
.reloc 0x1400f4000 0x1834 0x1a00 0xf0400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.36
Imports (279)
»
VERSION.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetFileVersionInfoSizeW 0x0 0x14006f000 0x92a40 0x91c40
VerQueryValueA 0x0 0x14006f008 0x92a48 0x91c48
VerQueryValueW 0x0 0x14006f010 0x92a50 0x91c50
GetFileVersionInfoW 0x0 0x14006f018 0x92a58 0x91c58
WINTRUST.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WTHelperProvDataFromStateData 0x0 0x14006f028 0x92a68 0x91c68
WinVerifyTrust 0x0 0x14006f030 0x92a70 0x91c70
ADVAPI32.dll (47)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegCreateKeyExW 0x0 0x14006f040 0x92a80 0x91c80
RegQueryInfoKeyW 0x0 0x14006f048 0x92a88 0x91c88
RegEnumValueW 0x0 0x14006f050 0x92a90 0x91c90
EventUnregister 0x0 0x14006f058 0x92a98 0x91c98
GetSecurityDescriptorDacl 0x0 0x14006f060 0x92aa0 0x91ca0
RegCloseKey 0x0 0x14006f068 0x92aa8 0x91ca8
RegCreateKeyExA 0x0 0x14006f070 0x92ab0 0x91cb0
RegDeleteValueA 0x0 0x14006f078 0x92ab8 0x91cb8
RegDeleteValueW 0x0 0x14006f080 0x92ac0 0x91cc0
RegOpenKeyExA 0x0 0x14006f088 0x92ac8 0x91cc8
RegQueryValueExA 0x0 0x14006f090 0x92ad0 0x91cd0
RegQueryValueExW 0x0 0x14006f098 0x92ad8 0x91cd8
RegSetValueExA 0x0 0x14006f0a0 0x92ae0 0x91ce0
RegSetValueExW 0x0 0x14006f0a8 0x92ae8 0x91ce8
SetNamedSecurityInfoW 0x0 0x14006f0b0 0x92af0 0x91cf0
ConvertSidToStringSidA 0x0 0x14006f0b8 0x92af8 0x91cf8
ConvertStringSecurityDescriptorToSecurityDescriptorA 0x0 0x14006f0c0 0x92b00 0x91d00
GetUserNameA 0x0 0x14006f0c8 0x92b08 0x91d08
RegEnumKeyExA 0x0 0x14006f0d0 0x92b10 0x91d10
RegEnumValueA 0x0 0x14006f0d8 0x92b18 0x91d18
RegQueryInfoKeyA 0x0 0x14006f0e0 0x92b20 0x91d20
DeregisterEventSource 0x0 0x14006f0e8 0x92b28 0x91d28
RegisterEventSourceW 0x0 0x14006f0f0 0x92b30 0x91d30
ReportEventA 0x0 0x14006f0f8 0x92b38 0x91d38
ReportEventW 0x0 0x14006f100 0x92b40 0x91d40
OpenProcessToken 0x0 0x14006f108 0x92b48 0x91d48
AddAccessAllowedAce 0x0 0x14006f110 0x92b50 0x91d50
AddAccessDeniedAce 0x0 0x14006f118 0x92b58 0x91d58
AllocateAndInitializeSid 0x0 0x14006f120 0x92b60 0x91d60
CheckTokenMembership 0x0 0x14006f128 0x92b68 0x91d68
CopySid 0x0 0x14006f130 0x92b70 0x91d70
CreateWellKnownSid 0x0 0x14006f138 0x92b78 0x91d78
EqualSid 0x0 0x14006f140 0x92b80 0x91d80
FreeSid 0x0 0x14006f148 0x92b88 0x91d88
GetLengthSid 0x0 0x14006f150 0x92b90 0x91d90
GetTokenInformation 0x0 0x14006f158 0x92b98 0x91d98
InitializeAcl 0x0 0x14006f160 0x92ba0 0x91da0
InitializeSecurityDescriptor 0x0 0x14006f168 0x92ba8 0x91da8
IsValidSid 0x0 0x14006f170 0x92bb0 0x91db0
SetSecurityDescriptorDacl 0x0 0x14006f178 0x92bb8 0x91db8
ConvertStringSecurityDescriptorToSecurityDescriptorW 0x0 0x14006f180 0x92bc0 0x91dc0
OpenThreadToken 0x0 0x14006f188 0x92bc8 0x91dc8
RegOpenKeyExW 0x0 0x14006f190 0x92bd0 0x91dd0
EventWrite 0x0 0x14006f198 0x92bd8 0x91dd8
RegEnumKeyW 0x0 0x14006f1a0 0x92be0 0x91de0
RegGetValueW 0x0 0x14006f1a8 0x92be8 0x91de8
EventRegister 0x0 0x14006f1b0 0x92bf0 0x91df0
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x11 0x14006f1c0 0x92c00 0x91e00
ImageList_ReplaceIcon 0x0 0x14006f1c8 0x92c08 0x91e08
ImageList_Destroy 0x0 0x14006f1d0 0x92c10 0x91e10
ImageList_Create 0x0 0x14006f1d8 0x92c18 0x91e18
Cabinet.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x16 0x14006f1e8 0x92c28 0x91e28
(by ordinal) 0x17 0x14006f1f0 0x92c30 0x91e30
(by ordinal) 0xa 0x14006f1f8 0x92c38 0x91e38
(by ordinal) 0x15 0x14006f200 0x92c40 0x91e40
(by ordinal) 0xb 0x14006f208 0x92c48 0x91e48
(by ordinal) 0xd 0x14006f210 0x92c50 0x91e50
(by ordinal) 0xc 0x14006f218 0x92c58 0x91e58
(by ordinal) 0xe 0x14006f220 0x92c60 0x91e60
(by ordinal) 0x14 0x14006f228 0x92c68 0x91e68
GDI32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateFontIndirectW 0x0 0x14006f238 0x92c78 0x91e78
GetTextFaceA 0x0 0x14006f240 0x92c80 0x91e80
CreateFontIndirectA 0x0 0x14006f248 0x92c88 0x91e88
CreateFontA 0x0 0x14006f250 0x92c90 0x91e90
DeleteDC 0x0 0x14006f258 0x92c98 0x91e98
DeleteObject 0x0 0x14006f260 0x92ca0 0x91ea0
GetDeviceCaps 0x0 0x14006f268 0x92ca8 0x91ea8
GetTextExtentPoint32W 0x0 0x14006f270 0x92cb0 0x91eb0
RestoreDC 0x0 0x14006f278 0x92cb8 0x91eb8
SaveDC 0x0 0x14006f280 0x92cc0 0x91ec0
SelectObject 0x0 0x14006f288 0x92cc8 0x91ec8
SetBkMode 0x0 0x14006f290 0x92cd0 0x91ed0
SetMapMode 0x0 0x14006f298 0x92cd8 0x91ed8
SetTextColor 0x0 0x14006f2a0 0x92ce0 0x91ee0
SetTextAlign 0x0 0x14006f2a8 0x92ce8 0x91ee8
GetTextMetricsA 0x0 0x14006f2b0 0x92cf0 0x91ef0
GetObjectA 0x0 0x14006f2b8 0x92cf8 0x91ef8
GetObjectW 0x0 0x14006f2c0 0x92d00 0x91f00
ExtTextOutW 0x0 0x14006f2c8 0x92d08 0x91f08
KERNEL32.dll (181)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RtlCaptureStackBackTrace 0x0 0x14006f2d8 0x92d18 0x91f18
GetLastError 0x0 0x14006f2e0 0x92d20 0x91f20
EnterCriticalSection 0x0 0x14006f2e8 0x92d28 0x91f28
LeaveCriticalSection 0x0 0x14006f2f0 0x92d30 0x91f30
GetLocalTime 0x0 0x14006f2f8 0x92d38 0x91f38
GetCommandLineW 0x0 0x14006f300 0x92d40 0x91f40
DeleteFileW 0x0 0x14006f308 0x92d48 0x91f48
CloseHandle 0x0 0x14006f310 0x92d50 0x91f50
SetUnhandledExceptionFilter 0x0 0x14006f318 0x92d58 0x91f58
SetErrorMode 0x0 0x14006f320 0x92d60 0x91f60
ReleaseMutex 0x0 0x14006f328 0x92d68 0x91f68
WaitForSingleObject 0x0 0x14006f330 0x92d70 0x91f70
Sleep 0x0 0x14006f338 0x92d78 0x91f78
GetCurrentProcess 0x0 0x14006f340 0x92d80 0x91f80
GetCurrentProcessId 0x0 0x14006f348 0x92d88 0x91f88
TerminateProcess 0x0 0x14006f350 0x92d90 0x91f90
CreateThread 0x0 0x14006f358 0x92d98 0x91f98
GetModuleHandleA 0x0 0x14006f360 0x92da0 0x91fa0
GetProcAddress 0x0 0x14006f368 0x92da8 0x91fa8
SetProcessWorkingSetSize 0x0 0x14006f370 0x92db0 0x91fb0
WaitForMultipleObjects 0x0 0x14006f378 0x92db8 0x91fb8
MapViewOfFile 0x0 0x14006f380 0x92dc0 0x91fc0
GetProcessHeap 0x0 0x14006f388 0x92dc8 0x91fc8
InitializeCriticalSection 0x0 0x14006f390 0x92dd0 0x91fd0
DeleteCriticalSection 0x0 0x14006f398 0x92dd8 0x91fd8
GetVersionExA 0x0 0x14006f3a0 0x92de0 0x91fe0
GetVersionExW 0x0 0x14006f3a8 0x92de8 0x91fe8
FreeLibrary 0x0 0x14006f3b0 0x92df0 0x91ff0
GetModuleFileNameW 0x0 0x14006f3b8 0x92df8 0x91ff8
MultiByteToWideChar 0x0 0x14006f3c0 0x92e00 0x92000
FindClose 0x0 0x14006f3c8 0x92e08 0x92008
FindFirstFileW 0x0 0x14006f3d0 0x92e10 0x92010
FindNextFileW 0x0 0x14006f3d8 0x92e18 0x92018
WriteFile 0x0 0x14006f3e0 0x92e20 0x92020
SetLastError 0x0 0x14006f3e8 0x92e28 0x92028
GetSystemTimeAsFileTime 0x0 0x14006f3f0 0x92e30 0x92030
GetTickCount 0x0 0x14006f3f8 0x92e38 0x92038
GetSystemWindowsDirectoryW 0x0 0x14006f400 0x92e40 0x92040
LocalFree 0x0 0x14006f408 0x92e48 0x92048
MoveFileW 0x0 0x14006f410 0x92e50 0x92050
GetDateFormatW 0x0 0x14006f418 0x92e58 0x92058
GetTimeFormatW 0x0 0x14006f420 0x92e60 0x92060
GetFileSize 0x0 0x14006f428 0x92e68 0x92068
ReadFile 0x0 0x14006f430 0x92e70 0x92070
SetFilePointer 0x0 0x14006f438 0x92e78 0x92078
RaiseException 0x0 0x14006f440 0x92e80 0x92080
ExitThread 0x0 0x14006f448 0x92e88 0x92088
SuspendThread 0x0 0x14006f450 0x92e90 0x92090
SetPriorityClass 0x0 0x14006f458 0x92e98 0x92098
GetTickCount64 0x0 0x14006f460 0x92ea0 0x920a0
UnmapViewOfFile 0x0 0x14006f468 0x92ea8 0x920a8
CreateFileMappingA 0x0 0x14006f470 0x92eb0 0x920b0
GetComputerNameA 0x0 0x14006f478 0x92eb8 0x920b8
GetModuleFileNameA 0x0 0x14006f480 0x92ec0 0x920c0
GetModuleHandleW 0x0 0x14006f488 0x92ec8 0x920c8
LoadLibraryExA 0x0 0x14006f490 0x92ed0 0x920d0
MulDiv 0x0 0x14006f498 0x92ed8 0x920d8
GetACP 0x0 0x14006f4a0 0x92ee0 0x920e0
GetSystemDefaultUILanguage 0x0 0x14006f4a8 0x92ee8 0x920e8
GetSystemDefaultLangID 0x0 0x14006f4b0 0x92ef0 0x920f0
GetUserDefaultLangID 0x0 0x14006f4b8 0x92ef8 0x920f8
GetSystemDefaultLCID 0x0 0x14006f4c0 0x92f00 0x92100
SetEnvironmentVariableA 0x0 0x14006f4c8 0x92f08 0x92108
ExpandEnvironmentStringsW 0x0 0x14006f4d0 0x92f10 0x92110
CreateDirectoryW 0x0 0x14006f4d8 0x92f18 0x92118
TlsGetValue 0x0 0x14006f4e0 0x92f20 0x92120
GetFileAttributesW 0x0 0x14006f4e8 0x92f28 0x92128
SetEndOfFile 0x0 0x14006f4f0 0x92f30 0x92130
GetTempPathW 0x0 0x14006f4f8 0x92f38 0x92138
SetEvent 0x0 0x14006f500 0x92f40 0x92140
CreateRemoteThread 0x0 0x14006f508 0x92f48 0x92148
SetThreadPriority 0x0 0x14006f510 0x92f50 0x92150
CreateProcessW 0x0 0x14006f518 0x92f58 0x92158
OpenProcess 0x0 0x14006f520 0x92f60 0x92160
GetSystemInfo 0x0 0x14006f528 0x92f68 0x92168
GetSystemDirectoryA 0x0 0x14006f530 0x92f70 0x92170
VirtualQueryEx 0x0 0x14006f538 0x92f78 0x92178
ReadProcessMemory 0x0 0x14006f540 0x92f80 0x92180
WideCharToMultiByte 0x0 0x14006f548 0x92f88 0x92188
IsDBCSLeadByte 0x0 0x14006f550 0x92f90 0x92190
IsValidCodePage 0x0 0x14006f558 0x92f98 0x92198
CreateFileA 0x0 0x14006f560 0x92fa0 0x921a0
CreateFileW 0x0 0x14006f568 0x92fa8 0x921a8
GetFileType 0x0 0x14006f570 0x92fb0 0x921b0
CreateMutexA 0x0 0x14006f578 0x92fb8 0x921b8
CreateEventA 0x0 0x14006f580 0x92fc0 0x921c0
OpenEventA 0x0 0x14006f588 0x92fc8 0x921c8
OpenMutexA 0x0 0x14006f590 0x92fd0 0x921d0
CreateSemaphoreA 0x0 0x14006f598 0x92fd8 0x921d8
OpenSemaphoreA 0x0 0x14006f5a0 0x92fe0 0x921e0
HeapAlloc 0x0 0x14006f5a8 0x92fe8 0x921e8
HeapFree 0x0 0x14006f5b0 0x92ff0 0x921f0
GlobalFree 0x0 0x14006f5b8 0x92ff8 0x921f8
LocalAlloc 0x0 0x14006f5c0 0x93000 0x92200
GetCurrentThread 0x0 0x14006f5c8 0x93008 0x92208
GlobalAlloc 0x0 0x14006f5d0 0x93010 0x92210
GetLocaleInfoEx 0x0 0x14006f5d8 0x93018 0x92218
InitializeCriticalSectionEx 0x0 0x14006f5e0 0x93020 0x92220
GetCurrentThreadId 0x0 0x14006f5e8 0x93028 0x92228
LocaleNameToLCID 0x0 0x14006f5f0 0x93030 0x92230
GetUserDefaultLocaleName 0x0 0x14006f5f8 0x93038 0x92238
IsValidLocale 0x0 0x14006f600 0x93040 0x92240
CompareStringW 0x0 0x14006f608 0x93048 0x92248
GetUserDefaultLCID 0x0 0x14006f610 0x93050 0x92250
CompareStringEx 0x0 0x14006f618 0x93058 0x92258
LCIDToLocaleName 0x0 0x14006f620 0x93060 0x92260
GetSystemDefaultLocaleName 0x0 0x14006f628 0x93068 0x92268
EnumCalendarInfoExEx 0x0 0x14006f630 0x93070 0x92270
EnumSystemLocalesEx 0x0 0x14006f638 0x93078 0x92278
GetDateFormatEx 0x0 0x14006f640 0x93080 0x92280
GetCalendarInfoEx 0x0 0x14006f648 0x93088 0x92288
EnumDateFormatsExEx 0x0 0x14006f650 0x93090 0x92290
EnumTimeFormatsEx 0x0 0x14006f658 0x93098 0x92298
GetThreadUILanguage 0x0 0x14006f660 0x930a0 0x922a0
LoadResource 0x0 0x14006f668 0x930a8 0x922a8
LockResource 0x0 0x14006f670 0x930b0 0x922b0
SetFileAttributesW 0x0 0x14006f678 0x930b8 0x922b8
RaiseFailFastException 0x0 0x14006f680 0x930c0 0x922c0
OutputDebugStringA 0x0 0x14006f688 0x930c8 0x922c8
GetModuleHandleExW 0x0 0x14006f690 0x930d0 0x922d0
LoadLibraryW 0x0 0x14006f698 0x930d8 0x922d8
CreateActCtxW 0x0 0x14006f6a0 0x930e0 0x922e0
ActivateActCtx 0x0 0x14006f6a8 0x930e8 0x922e8
DeactivateActCtx 0x0 0x14006f6b0 0x930f0 0x922f0
FindActCtxSectionStringW 0x0 0x14006f6b8 0x930f8 0x922f8
QueryActCtxW 0x0 0x14006f6c0 0x93100 0x92300
WaitForSingleObjectEx 0x0 0x14006f6c8 0x93108 0x92308
GetDiskFreeSpaceExW 0x0 0x14006f6d0 0x93110 0x92310
GetFileAttributesExW 0x0 0x14006f6d8 0x93118 0x92318
GlobalMemoryStatusEx 0x0 0x14006f6e0 0x93120 0x92320
GetSystemDirectoryW 0x0 0x14006f6e8 0x93128 0x92328
GetNativeSystemInfo 0x0 0x14006f6f0 0x93130 0x92330
GetProductInfo 0x0 0x14006f6f8 0x93138 0x92338
GetTimeZoneInformation 0x0 0x14006f700 0x93140 0x92340
GetUserGeoID 0x0 0x14006f708 0x93148 0x92348
GetUserDefaultUILanguage 0x0 0x14006f710 0x93150 0x92350
GetVersion 0x0 0x14006f718 0x93158 0x92358
GetCommandLineA 0x0 0x14006f720 0x93160 0x92360
GetStartupInfoW 0x0 0x14006f728 0x93168 0x92368
UnhandledExceptionFilter 0x0 0x14006f730 0x93170 0x92370
IsDebuggerPresent 0x0 0x14006f738 0x93178 0x92378
RtlVirtualUnwind 0x0 0x14006f740 0x93180 0x92380
RtlLookupFunctionEntry 0x0 0x14006f748 0x93188 0x92388
RtlCaptureContext 0x0 0x14006f750 0x93190 0x92390
EncodePointer 0x0 0x14006f758 0x93198 0x92398
DecodePointer 0x0 0x14006f760 0x931a0 0x923a0
RtlUnwindEx 0x0 0x14006f768 0x931a8 0x923a8
RtlPcToFileHeader 0x0 0x14006f770 0x931b0 0x923b0
HeapReAlloc 0x0 0x14006f778 0x931b8 0x923b8
HeapSize 0x0 0x14006f780 0x931c0 0x923c0
ExitProcess 0x0 0x14006f788 0x931c8 0x923c8
GetStdHandle 0x0 0x14006f790 0x931d0 0x923d0
FreeEnvironmentStringsW 0x0 0x14006f798 0x931d8 0x923d8
GetEnvironmentStringsW 0x0 0x14006f7a0 0x931e0 0x923e0
SetHandleCount 0x0 0x14006f7a8 0x931e8 0x923e8
InitializeCriticalSectionAndSpinCount 0x0 0x14006f7b0 0x931f0 0x923f0
FlsGetValue 0x0 0x14006f7b8 0x931f8 0x923f8
FlsSetValue 0x0 0x14006f7c0 0x93200 0x92400
FlsFree 0x0 0x14006f7c8 0x93208 0x92408
FlsAlloc 0x0 0x14006f7d0 0x93210 0x92410
HeapSetInformation 0x0 0x14006f7d8 0x93218 0x92418
HeapCreate 0x0 0x14006f7e0 0x93220 0x92420
QueryPerformanceCounter 0x0 0x14006f7e8 0x93228 0x92428
GetCPInfo 0x0 0x14006f7f0 0x93230 0x92430
GetOEMCP 0x0 0x14006f7f8 0x93238 0x92438
LCMapStringW 0x0 0x14006f800 0x93240 0x92440
GetStringTypeW 0x0 0x14006f808 0x93248 0x92448
GetConsoleCP 0x0 0x14006f810 0x93250 0x92450
GetConsoleMode 0x0 0x14006f818 0x93258 0x92458
SetStdHandle 0x0 0x14006f820 0x93260 0x92460
WriteConsoleW 0x0 0x14006f828 0x93268 0x92468
FlushFileBuffers 0x0 0x14006f830 0x93270 0x92470
GetLongPathNameW 0x0 0x14006f838 0x93278 0x92478
GetShortPathNameW 0x0 0x14006f840 0x93280 0x92480
lstrcmpiW 0x0 0x14006f848 0x93288 0x92488
GetShortPathNameA 0x0 0x14006f850 0x93290 0x92490
FindResourceW 0x0 0x14006f858 0x93298 0x92498
SizeofResource 0x0 0x14006f860 0x932a0 0x924a0
LoadLibraryExW 0x0 0x14006f868 0x932a8 0x924a8
LoadLibraryA 0x0 0x14006f870 0x932b0 0x924b0
GetStringTypeExW 0x0 0x14006f878 0x932b8 0x924b8
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoCreateGuid 0x0 0x14006f888 0x932c8 0x924c8
CoUninitialize 0x0 0x14006f890 0x932d0 0x924d0
CoInitializeEx 0x0 0x14006f898 0x932d8 0x924d8
CoCreateInstance 0x0 0x14006f8a0 0x932e0 0x924e0
StringFromIID 0x0 0x14006f8a8 0x932e8 0x924e8
CoTaskMemFree 0x0 0x14006f8b0 0x932f0 0x924f0
OLEACC.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateStdAccessibleObject 0x0 0x14006f8c0 0x93300 0x92500
LresultFromObject 0x0 0x14006f8c8 0x93308 0x92508
OLEAUT32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysStringLen 0x7 0x14006f8d8 0x93318 0x92518
SystemTimeToVariantTime 0xb8 0x14006f8e0 0x93320 0x92520
VariantTimeToDosDateTime 0xd 0x14006f8e8 0x93328 0x92528
SysAllocString 0x2 0x14006f8f0 0x93330 0x92530
SysFreeString 0x6 0x14006f8f8 0x93338 0x92538
Icons (6)
»
Digital Signatures (2)
»
Signature Properties
InternalName DW20
FileVersion 15.0.4569.1503
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Application Error Reporting
ProductVersion 15.0.4569.1503
FileDescription Microsoft Application Error Reporting
OriginalFilename DW20.Exe
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 33 E5 27 86 A3 0E 4A 2A 80 00 00 00 00 00 33
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\dw\dw20.exe, ...
»
File Properties
Names c:\program files\common files\microsoft shared\dw\dw20.exe (Modified File)
c:\program files\common files\microsoft shared\dw\dw20.exe.[sepsis@protonmail.com].sepsis (Created File)
Size 974.38 KB
Hash Values MD5: 58435dd3eed646e1eb9e69d039a8fa91
SHA1: a8cc9afd1509c53b8b3e60011b9b7e621e7f10fb
SHA256: c0ee6d2f1c8bf01c38eb9d6380adcec6cf4a8520ca82e756a92172aa776c86a1
Actions
...
c:\program files\common files\microsoft shared\dw\dwtrig20.exe
»
File Properties
Names c:\program files\common files\microsoft shared\dw\dwtrig20.exe (Modified File)
Size 574.23 KB
Hash Values MD5: f0ea9218b3c1f961873efae9ac82a20d
SHA1: 816e816ddd31adb7e90ef84d69d7fc793679bc21
SHA256: 0b9173716de68122af51e8f955926f062e296619a9dbc043d2d4bc93e9078b2f
Actions
...
PE Information
»
Information Value
Image Base 0x140000000
Entry Point 0x14000779c
Size Of Code 0x32a00
Size Of Initialized Data 0x5ce00
Size Of Uninitialized Data 0x0
Format x64
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:34:23
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x3299c 0x32a00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.49
.rdata 0x140034000 0x1f4cc 0x1f600 0x32e00 CNT_INITIALIZED_DATA, MEM_READ 5.12
.data 0x140054000 0x38af0 0x36e00 0x52400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 7.29
.pdata 0x14008d000 0x2ed4 0x3000 0x89200 CNT_INITIALIZED_DATA, MEM_READ 5.32
.rsrc 0x140090000 0x878 0xa00 0x8c200 CNT_INITIALIZED_DATA, MEM_READ 4.04
.reloc 0x140091000 0x10d0 0x1200 0x8cc00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.36
Imports (184)
»
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VerQueryValueW 0x0 0x140034000 0x4f020 0x4de20
GetFileVersionInfoW 0x0 0x140034008 0x4f028 0x4de28
GetFileVersionInfoSizeW 0x0 0x140034010 0x4f030 0x4de30
ADVAPI32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
OpenThreadToken 0x0 0x140034020 0x4f040 0x4de40
ConvertStringSecurityDescriptorToSecurityDescriptorW 0x0 0x140034028 0x4f048 0x4de48
ConvertSidToStringSidA 0x0 0x140034030 0x4f050 0x4de50
RegCloseKey 0x0 0x140034038 0x4f058 0x4de58
RegCreateKeyExW 0x0 0x140034040 0x4f060 0x4de60
RegDeleteKeyW 0x0 0x140034048 0x4f068 0x4de68
RegEnumKeyExW 0x0 0x140034050 0x4f070 0x4de70
RegOpenKeyExW 0x0 0x140034058 0x4f078 0x4de78
RegSetValueExW 0x0 0x140034060 0x4f080 0x4de80
EventWrite 0x0 0x140034068 0x4f088 0x4de88
RegEnumKeyW 0x0 0x140034070 0x4f090 0x4de90
RegOpenKeyExA 0x0 0x140034078 0x4f098 0x4de98
RegQueryValueExA 0x0 0x140034080 0x4f0a0 0x4dea0
RegGetValueW 0x0 0x140034088 0x4f0a8 0x4dea8
EventRegister 0x0 0x140034090 0x4f0b0 0x4deb0
EventUnregister 0x0 0x140034098 0x4f0b8 0x4deb8
RegEnumValueW 0x0 0x1400340a0 0x4f0c0 0x4dec0
RegQueryValueExW 0x0 0x1400340a8 0x4f0c8 0x4dec8
AllocateAndInitializeSid 0x0 0x1400340b0 0x4f0d0 0x4ded0
CheckTokenMembership 0x0 0x1400340b8 0x4f0d8 0x4ded8
FreeSid 0x0 0x1400340c0 0x4f0e0 0x4dee0
RegQueryInfoKeyW 0x0 0x1400340c8 0x4f0e8 0x4dee8
SetSecurityDescriptorDacl 0x0 0x1400340d0 0x4f0f0 0x4def0
IsValidSid 0x0 0x1400340d8 0x4f0f8 0x4def8
InitializeSecurityDescriptor 0x0 0x1400340e0 0x4f100 0x4df00
InitializeAcl 0x0 0x1400340e8 0x4f108 0x4df08
GetSecurityDescriptorDacl 0x0 0x1400340f0 0x4f110 0x4df10
GetLengthSid 0x0 0x1400340f8 0x4f118 0x4df18
EqualSid 0x0 0x140034100 0x4f120 0x4df20
CreateWellKnownSid 0x0 0x140034108 0x4f128 0x4df28
CopySid 0x0 0x140034110 0x4f130 0x4df30
AddAccessDeniedAce 0x0 0x140034118 0x4f138 0x4df38
AddAccessAllowedAce 0x0 0x140034120 0x4f140 0x4df40
GetTokenInformation 0x0 0x140034128 0x4f148 0x4df48
OpenProcessToken 0x0 0x140034130 0x4f150 0x4df50
KERNEL32.dll (133)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ReleaseMutex 0x0 0x140034140 0x4f160 0x4df60
GetSystemTimeAsFileTime 0x0 0x140034148 0x4f168 0x4df68
GetLocalTime 0x0 0x140034150 0x4f170 0x4df70
GetTickCount64 0x0 0x140034158 0x4f178 0x4df78
RaiseFailFastException 0x0 0x140034160 0x4f180 0x4df80
GetDiskFreeSpaceExW 0x0 0x140034168 0x4f188 0x4df88
GetFileAttributesExW 0x0 0x140034170 0x4f190 0x4df90
GetFileSize 0x0 0x140034178 0x4f198 0x4df98
ReadFile 0x0 0x140034180 0x4f1a0 0x4dfa0
GlobalMemoryStatusEx 0x0 0x140034188 0x4f1a8 0x4dfa8
GetSystemDirectoryW 0x0 0x140034190 0x4f1b0 0x4dfb0
GetNativeSystemInfo 0x0 0x140034198 0x4f1b8 0x4dfb8
GetProductInfo 0x0 0x1400341a0 0x4f1c0 0x4dfc0
GetModuleHandleW 0x0 0x1400341a8 0x4f1c8 0x4dfc8
GetProcAddress 0x0 0x1400341b0 0x4f1d0 0x4dfd0
GetTimeZoneInformation 0x0 0x1400341b8 0x4f1d8 0x4dfd8
GetUserGeoID 0x0 0x1400341c0 0x4f1e0 0x4dfe0
GetUserDefaultUILanguage 0x0 0x1400341c8 0x4f1e8 0x4dfe8
GetSystemDefaultLCID 0x0 0x1400341d0 0x4f1f0 0x4dff0
GetUserDefaultLCID 0x0 0x1400341d8 0x4f1f8 0x4dff8
CreateDirectoryW 0x0 0x1400341e0 0x4f200 0x4e000
WaitForSingleObjectEx 0x0 0x1400341e8 0x4f208 0x4e008
GetCurrentProcess 0x0 0x1400341f0 0x4f210 0x4e010
GetCurrentProcessId 0x0 0x1400341f8 0x4f218 0x4e018
TerminateProcess 0x0 0x140034200 0x4f220 0x4e020
GetCurrentThreadId 0x0 0x140034208 0x4f228 0x4e028
CreateProcessW 0x0 0x140034210 0x4f230 0x4e030
GetTickCount 0x0 0x140034218 0x4f238 0x4e038
GlobalFree 0x0 0x140034220 0x4f240 0x4e040
LCIDToLocaleName 0x0 0x140034228 0x4f248 0x4e048
CreateMutexA 0x0 0x140034230 0x4f250 0x4e050
OpenMutexA 0x0 0x140034238 0x4f258 0x4e058
GlobalAlloc 0x0 0x140034240 0x4f260 0x4e060
GetACP 0x0 0x140034248 0x4f268 0x4e068
IsValidLocale 0x0 0x140034250 0x4f270 0x4e070
RaiseException 0x0 0x140034258 0x4f278 0x4e078
LeaveCriticalSection 0x0 0x140034260 0x4f280 0x4e080
EnumCalendarInfoExEx 0x0 0x140034268 0x4f288 0x4e088
HeapAlloc 0x0 0x140034270 0x4f290 0x4e090
HeapFree 0x0 0x140034278 0x4f298 0x4e098
GetProcessHeap 0x0 0x140034280 0x4f2a0 0x4e0a0
GetCommandLineW 0x0 0x140034288 0x4f2a8 0x4e0a8
HeapReAlloc 0x0 0x140034290 0x4f2b0 0x4e0b0
HeapSize 0x0 0x140034298 0x4f2b8 0x4e0b8
EncodePointer 0x0 0x1400342a0 0x4f2c0 0x4e0c0
DecodePointer 0x0 0x1400342a8 0x4f2c8 0x4e0c8
UnhandledExceptionFilter 0x0 0x1400342b0 0x4f2d0 0x4e0d0
SetUnhandledExceptionFilter 0x0 0x1400342b8 0x4f2d8 0x4e0d8
IsDebuggerPresent 0x0 0x1400342c0 0x4f2e0 0x4e0e0
RtlVirtualUnwind 0x0 0x1400342c8 0x4f2e8 0x4e0e8
RtlLookupFunctionEntry 0x0 0x1400342d0 0x4f2f0 0x4e0f0
RtlCaptureContext 0x0 0x1400342d8 0x4f2f8 0x4e0f8
RtlUnwindEx 0x0 0x1400342e0 0x4f300 0x4e100
ExitProcess 0x0 0x1400342e8 0x4f308 0x4e108
GetStdHandle 0x0 0x1400342f0 0x4f310 0x4e110
FreeEnvironmentStringsW 0x0 0x1400342f8 0x4f318 0x4e118
GetEnvironmentStringsW 0x0 0x140034300 0x4f320 0x4e120
SetHandleCount 0x0 0x140034308 0x4f328 0x4e128
InitializeCriticalSectionAndSpinCount 0x0 0x140034310 0x4f330 0x4e130
GetFileType 0x0 0x140034318 0x4f338 0x4e138
GetStartupInfoW 0x0 0x140034320 0x4f340 0x4e140
FlsGetValue 0x0 0x140034328 0x4f348 0x4e148
FlsSetValue 0x0 0x140034330 0x4f350 0x4e150
FlsFree 0x0 0x140034338 0x4f358 0x4e158
SetLastError 0x0 0x140034340 0x4f360 0x4e160
GetCurrentThread 0x0 0x140034348 0x4f368 0x4e168
HeapSetInformation 0x0 0x140034350 0x4f370 0x4e170
GetVersion 0x0 0x140034358 0x4f378 0x4e178
HeapCreate 0x0 0x140034360 0x4f380 0x4e180
QueryPerformanceCounter 0x0 0x140034368 0x4f388 0x4e188
Sleep 0x0 0x140034370 0x4f390 0x4e190
RtlPcToFileHeader 0x0 0x140034378 0x4f398 0x4e198
GetCPInfo 0x0 0x140034380 0x4f3a0 0x4e1a0
GetOEMCP 0x0 0x140034388 0x4f3a8 0x4e1a8
IsValidCodePage 0x0 0x140034390 0x4f3b0 0x4e1b0
FreeLibrary 0x0 0x140034398 0x4f3b8 0x4e1b8
LoadLibraryW 0x0 0x1400343a0 0x4f3c0 0x4e1c0
GetStringTypeW 0x0 0x1400343a8 0x4f3c8 0x4e1c8
SetFilePointer 0x0 0x1400343b0 0x4f3d0 0x4e1d0
WideCharToMultiByte 0x0 0x1400343b8 0x4f3d8 0x4e1d8
GetConsoleCP 0x0 0x1400343c0 0x4f3e0 0x4e1e0
GetConsoleMode 0x0 0x1400343c8 0x4f3e8 0x4e1e8
MultiByteToWideChar 0x0 0x1400343d0 0x4f3f0 0x4e1f0
LCMapStringW 0x0 0x1400343d8 0x4f3f8 0x4e1f8
SetStdHandle 0x0 0x1400343e0 0x4f400 0x4e200
WriteConsoleW 0x0 0x1400343e8 0x4f408 0x4e208
CreateFileW 0x0 0x1400343f0 0x4f410 0x4e210
FlushFileBuffers 0x0 0x1400343f8 0x4f418 0x4e218
GetFileAttributesW 0x0 0x140034400 0x4f420 0x4e220
GetLongPathNameW 0x0 0x140034408 0x4f428 0x4e228
GetShortPathNameW 0x0 0x140034410 0x4f430 0x4e230
GetSystemWindowsDirectoryW 0x0 0x140034418 0x4f438 0x4e238
lstrcmpiW 0x0 0x140034420 0x4f440 0x4e240
TlsGetValue 0x0 0x140034428 0x4f448 0x4e248
RtlCaptureStackBackTrace 0x0 0x140034430 0x4f450 0x4e250
LockResource 0x0 0x140034438 0x4f458 0x4e258
GetThreadUILanguage 0x0 0x140034440 0x4f460 0x4e260
EnumTimeFormatsEx 0x0 0x140034448 0x4f468 0x4e268
EnumDateFormatsExEx 0x0 0x140034450 0x4f470 0x4e270
GetCalendarInfoEx 0x0 0x140034458 0x4f478 0x4e278
GetLocaleInfoEx 0x0 0x140034460 0x4f480 0x4e280
CompareStringEx 0x0 0x140034468 0x4f488 0x4e288
GetVersionExW 0x0 0x140034470 0x4f490 0x4e290
EnterCriticalSection 0x0 0x140034478 0x4f498 0x4e298
GetLastError 0x0 0x140034480 0x4f4a0 0x4e2a0
CloseHandle 0x0 0x140034488 0x4f4a8 0x4e2a8
WriteFile 0x0 0x140034490 0x4f4b0 0x4e2b0
SetFileAttributesW 0x0 0x140034498 0x4f4b8 0x4e2b8
DeleteFileW 0x0 0x1400344a0 0x4f4c0 0x4e2c0
DeleteCriticalSection 0x0 0x1400344a8 0x4f4c8 0x4e2c8
InitializeCriticalSectionEx 0x0 0x1400344b0 0x4f4d0 0x4e2d0
lstrlenW 0x0 0x1400344b8 0x4f4d8 0x4e2d8
GetModuleFileNameW 0x0 0x1400344c0 0x4f4e0 0x4e2e0
CreateEventW 0x0 0x1400344c8 0x4f4e8 0x4e2e8
WaitForSingleObject 0x0 0x1400344d0 0x4f4f0 0x4e2f0
SetEvent 0x0 0x1400344d8 0x4f4f8 0x4e2f8
CompareStringW 0x0 0x1400344e0 0x4f500 0x4e300
EnumSystemLocalesEx 0x0 0x1400344e8 0x4f508 0x4e308
FlsAlloc 0x0 0x1400344f0 0x4f510 0x4e310
LocalAlloc 0x0 0x1400344f8 0x4f518 0x4e318
LocalFree 0x0 0x140034500 0x4f520 0x4e320
LoadLibraryA 0x0 0x140034508 0x4f528 0x4e328
GetTempPathW 0x0 0x140034510 0x4f530 0x4e330
LoadLibraryExW 0x0 0x140034518 0x4f538 0x4e338
LoadResource 0x0 0x140034520 0x4f540 0x4e340
SizeofResource 0x0 0x140034528 0x4f548 0x4e348
FindResourceW 0x0 0x140034530 0x4f550 0x4e350
GetModuleFileNameA 0x0 0x140034538 0x4f558 0x4e358
GetShortPathNameA 0x0 0x140034540 0x4f560 0x4e360
LocaleNameToLCID 0x0 0x140034548 0x4f568 0x4e368
GetUserDefaultLocaleName 0x0 0x140034550 0x4f570 0x4e370
GetSystemDefaultLocaleName 0x0 0x140034558 0x4f578 0x4e378
GetDateFormatEx 0x0 0x140034560 0x4f580 0x4e380
ole32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoTaskMemFree 0x0 0x140034570 0x4f590 0x4e390
StringFromCLSID 0x0 0x140034578 0x4f598 0x4e398
CoCreateGuid 0x0 0x140034580 0x4f5a0 0x4e3a0
CoRegisterClassObject 0x0 0x140034588 0x4f5a8 0x4e3a8
CoInitializeEx 0x0 0x140034590 0x4f5b0 0x4e3b0
CoUninitialize 0x0 0x140034598 0x4f5b8 0x4e3b8
CoCreateInstance 0x0 0x1400345a0 0x4f5c0 0x4e3c0
StringFromIID 0x0 0x1400345a8 0x4f5c8 0x4e3c8
CoRevokeClassObject 0x0 0x1400345b0 0x4f5d0 0x4e3d0
OLEAUT32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysAllocString 0x2 0x1400345c0 0x4f5e0 0x4e3e0
SysFreeString 0x6 0x1400345c8 0x4f5e8 0x4e3e8
LoadRegTypeLib 0xa2 0x1400345d0 0x4f5f0 0x4e3f0
LoadTypeLib 0xa1 0x1400345d8 0x4f5f8 0x4e3f8
Digital Signatures (2)
»
Signature Properties
InternalName dwtrig20.exe
FileVersion 15.0.4569.1503
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Watson Subscriber for SENS Network Notifications
ProductVersion 15.0.4569.1503
FileDescription Watson Subscriber for SENS Network Notifications
OriginalFilename dwtrig20.exe
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 34 24 31 40 C9 A0 C1 79 8D 00 00 00 00 00 34
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\dw\dwtrig20.exe, ...
»
File Properties
Names c:\program files\common files\microsoft shared\dw\dwtrig20.exe (Modified File)
c:\program files\common files\microsoft shared\dw\dwtrig20.exe.[sepsis@protonmail.com].sepsis (Created File)
Size 574.40 KB
Hash Values MD5: 0600feb1e31732b89988e3aafb444016
SHA1: 88d595150a145510984b09d0ccbf860fc9d63682
SHA256: 168d0ce4baa65d6f36d6d974469c3007b8dde7998fe3904d027bd8b9e971490f
Actions
...
c:\program files\common files\microsoft shared\equation\1033\eeintl.dll
»
File Properties
Names c:\program files\common files\microsoft shared\equation\1033\eeintl.dll (Modified File)
Size 62.59 KB
Hash Values MD5: f3e1265f2f72f0f30464c19fc0d9263d
SHA1: a63a10d4b34916cfc0d1b9d990244710b25b4b0f
SHA256: 092167fb8180160d65ab2f79cc9fba22ef91580af15be7bcddb27ac5613f34dd
Actions
...
PE Information
»
Information Value
Image Base 0x3de20000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0xc200
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2000-09-28 00:06:36
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rsrc 0x3de21000 0xbf50 0xc000 0x1000 CNT_INITIALIZED_DATA, MEM_READ 3.58
.reloc 0x3de2d000 0xc 0x1000 0xd000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.0
Digital Signatures (2)
»
Signature Properties
LegalCopyright Copyright © Design Science, Inc. 1990-2000
InternalName EEINTL.DLL
FileVersion 00091400
CompanyName Design Science, Inc.
ProductName Microsoft Equation Editor
ProductVersion 3.1
FileDescription Microsoft Equation Editor Int'l DLL
OriginalFilename EEINTL.DLL
Signature verification True
Certificate: VeriSign Time Stamping Service
»
Certificate Properties
Issued by VeriSign, Inc.
Valid from 2001-02-28 00:00
Valid to 2004-01-06 23:59
Algorithm MD5 with RSA Encryption
Serial number 87 A6 D5 C6 F6 29 34 FB AC 4F D4 3E 11 41 89 D
Issuer Certificate: VeriSign, Inc.
»
Certificate Properties
Issued by VeriSign, Inc.
Valid from 1997-05-12 00:00
Valid to 2004-01-07 23:59
Algorithm MD5 with RSA Encryption
Serial number 4A 19 D2 38 8C 82 59 1C A5 5D 73 5F 15 5D DC A3
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2002-05-25 00:55
Valid to 2003-11-25 01:05
Algorithm SHA-1 with RSA Encryption
Serial number 61 07 11 43 00 00 00 00 00 34
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Authority
Valid from 2000-12-10 08:00
Valid to 2005-11-12 08:00
Algorithm MD5 with RSA Encryption
Serial number 6A 0B 99 4F C0 00 DE AA 11 D4 D8 40 9A A8 BE E6
Issuer Certificate: Microsoft Root Authority
»
Certificate Properties
Issued by Microsoft Root Authority
Valid from 1997-01-10 07:00
Valid to 2020-12-31 07:00
Algorithm MD5 with RSA Encryption
Serial number C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
c:\program files\common files\microsoft shared\equation\1033\eeintl.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\equation\1033\eeintl.dll (Modified File)
c:\program files\common files\microsoft shared\equation\1033\eeintl.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 62.77 KB
Hash Values MD5: 51eb3a059480b7576659efb1bad7f521
SHA1: 52934a488d2e7496332dac9fda1a1ee7c50da281
SHA256: 6e24e0590625060c7516290e4b35267a2edb452828da9c4de3304fe424ab7e49
Actions
...
c:\program files\common files\microsoft shared\equation\eqnedt32.cnt
»
File Properties
Names c:\program files\common files\microsoft shared\equation\eqnedt32.cnt (Modified File)
Size 2.50 KB
Hash Values MD5: 46ce3a6fe2aac3523a07e8f1c8a29660
SHA1: 2cbe46d709c3229fb789a28bbd3dcb75bdf891c0
SHA256: 113948f5486837f5b352cdc34558a02ac95ede605dc271205ec702280aa1ef11
Actions
...
c:\program files\common files\microsoft shared\equation\eqnedt32.cnt, ...
»
File Properties
Names c:\program files\common files\microsoft shared\equation\eqnedt32.cnt (Modified File)
c:\program files\common files\microsoft shared\equation\eqnedt32.cnt.[sepsis@protonmail.com].sepsis (Created File)
Size 2.67 KB
Hash Values MD5: 854d72551d4d99dbb6cc756ffd9e8738
SHA1: 68f9f153c4ef0fc748d75dfa8e791cd0d1544f39
SHA256: fccf5a199f776e44ceddfbbc2b7c566e0ef5e961eca803fda6484ff9091b23f6
Actions
...
c:\program files\common files\microsoft shared\equation\eqnedt32.exe
»
File Properties
Names c:\program files\common files\microsoft shared\equation\eqnedt32.exe (Modified File)
Size 530.57 KB
Hash Values MD5: a87236e214f6d42a65f5dedac816aec8
SHA1: 601f4e8cd6b1c5fcd8f0be4acf01a08261a07b94
SHA256: 3c4a68070f3d7f14e488ae4f7ede8e7add0f8029995dc800833126ca062a2c6c
Actions
...
PE Information
»
Information Value
Image Base 0x400000
Entry Point 0x44cd40
Size Of Code 0x51400
Size Of Initialized Data 0x38200
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2000-11-09 17:20:15
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x513a3 0x52000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 5.92
.rdata 0x453000 0xbf2 0x1000 0x53000 CNT_INITIALIZED_DATA, MEM_READ 3.6
.data 0x454000 0x116c8 0x7000 0x54000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.26
.idata 0x466000 0x21be 0x3000 0x5b000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.38
.rsrc 0x469000 0x1f2d8 0x20000 0x5e000 CNT_INITIALIZED_DATA, MEM_READ 4.05
.reloc 0x489000 0x4704 0x5000 0x7e000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 6.14
Imports (340)
»
KERNEL32.dll (93)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetStringTypeA 0x0 0x466758 0x661ec 0x5b1ec
GetFileType 0x0 0x46675c 0x661f0 0x5b1f0
FlushFileBuffers 0x0 0x466760 0x661f4 0x5b1f4
WriteFile 0x0 0x466764 0x661f8 0x5b1f8
GetStdHandle 0x0 0x466768 0x661fc 0x5b1fc
GetOEMCP 0x0 0x46676c 0x66200 0x5b200
SetHandleCount 0x0 0x466770 0x66204 0x5b204
CompareStringW 0x0 0x466774 0x66208 0x5b208
GetStringTypeW 0x0 0x466778 0x6620c 0x5b20c
SetStdHandle 0x0 0x46677c 0x66210 0x5b210
GetEnvironmentStrings 0x0 0x466780 0x66214 0x5b214
RaiseException 0x0 0x466784 0x66218 0x5b218
IsBadReadPtr 0x0 0x466788 0x6621c 0x5b21c
lstrlenA 0x0 0x46678c 0x66220 0x5b220
lstrcpyA 0x0 0x466790 0x66224 0x5b224
MulDiv 0x0 0x466794 0x66228 0x5b228
LocalAlloc 0x0 0x466798 0x6622c 0x5b22c
OutputDebugStringA 0x0 0x46679c 0x66230 0x5b230
lstrcmpiA 0x0 0x4667a0 0x66234 0x5b234
GlobalSize 0x0 0x4667a4 0x66238 0x5b238
GlobalReAlloc 0x0 0x4667a8 0x6623c 0x5b23c
GlobalAlloc 0x0 0x4667ac 0x66240 0x5b240
GlobalLock 0x0 0x4667b0 0x66244 0x5b244
GetEnvironmentStringsW 0x0 0x4667b4 0x66248 0x5b248
FreeEnvironmentStringsW 0x0 0x4667b8 0x6624c 0x5b24c
GetCurrentProcess 0x0 0x4667bc 0x66250 0x5b250
FreeEnvironmentStringsA 0x0 0x4667c0 0x66254 0x5b254
UnhandledExceptionFilter 0x0 0x4667c4 0x66258 0x5b258
CloseHandle 0x0 0x4667c8 0x6625c 0x5b25c
TerminateProcess 0x0 0x4667cc 0x66260 0x5b260
ExitProcess 0x0 0x4667d0 0x66264 0x5b264
HeapCreate 0x0 0x4667d4 0x66268 0x5b268
VirtualAlloc 0x0 0x4667d8 0x6626c 0x5b26c
VirtualFree 0x0 0x4667dc 0x66270 0x5b270
LCMapStringA 0x0 0x4667e0 0x66274 0x5b274
HeapDestroy 0x0 0x4667e4 0x66278 0x5b278
LCMapStringW 0x0 0x4667e8 0x6627c 0x5b27c
GetStartupInfoA 0x0 0x4667ec 0x66280 0x5b280
RtlUnwind 0x0 0x4667f0 0x66284 0x5b284
GetCommandLineA 0x0 0x4667f4 0x66288 0x5b288
HeapFree 0x0 0x4667f8 0x6628c 0x5b28c
GetModuleHandleA 0x0 0x4667fc 0x66290 0x5b290
HeapAlloc 0x0 0x466800 0x66294 0x5b294
GetLocalTime 0x0 0x466804 0x66298 0x5b298
MoveFileA 0x0 0x466808 0x6629c 0x5b29c
GetLastError 0x0 0x46680c 0x662a0 0x5b2a0
SetErrorMode 0x0 0x466810 0x662a4 0x5b2a4
GetSystemTime 0x0 0x466814 0x662a8 0x5b2a8
GetTimeZoneInformation 0x0 0x466818 0x662ac 0x5b2ac
WinExec 0x0 0x46681c 0x662b0 0x5b2b0
GetSystemDefaultLangID 0x0 0x466820 0x662b4 0x5b2b4
GetCPInfo 0x0 0x466824 0x662b8 0x5b2b8
GetLocaleInfoA 0x0 0x466828 0x662bc 0x5b2bc
WideCharToMultiByte 0x0 0x46682c 0x662c0 0x5b2c0
GetSystemDirectoryA 0x0 0x466830 0x662c4 0x5b2c4
LockResource 0x0 0x466834 0x662c8 0x5b2c8
MultiByteToWideChar 0x0 0x466838 0x662cc 0x5b2cc
SizeofResource 0x0 0x46683c 0x662d0 0x5b2d0
LoadResource 0x0 0x466840 0x662d4 0x5b2d4
FreeResource 0x0 0x466844 0x662d8 0x5b2d8
FindResourceA 0x0 0x466848 0x662dc 0x5b2dc
_lread 0x0 0x46684c 0x662e0 0x5b2e0
SetEndOfFile 0x0 0x466850 0x662e4 0x5b2e4
SetFilePointer 0x0 0x466854 0x662e8 0x5b2e8
_lclose 0x0 0x466858 0x662ec 0x5b2ec
_lwrite 0x0 0x46685c 0x662f0 0x5b2f0
OpenFile 0x0 0x466860 0x662f4 0x5b2f4
GetModuleFileNameA 0x0 0x466864 0x662f8 0x5b2f8
_llseek 0x0 0x466868 0x662fc 0x5b2fc
GetWindowsDirectoryA 0x0 0x46686c 0x66300 0x5b300
GlobalFlags 0x0 0x466870 0x66304 0x5b304
GetTickCount 0x0 0x466874 0x66308 0x5b308
FatalAppExitA 0x0 0x466878 0x6630c 0x5b30c
SetEnvironmentVariableA 0x0 0x46687c 0x66310 0x5b310
LocalLock 0x0 0x466880 0x66314 0x5b314
LocalReAlloc 0x0 0x466884 0x66318 0x5b318
GlobalUnlock 0x0 0x466888 0x6631c 0x5b31c
LocalUnlock 0x0 0x46688c 0x66320 0x5b320
GetProcAddress 0x0 0x466890 0x66324 0x5b324
LocalFree 0x0 0x466894 0x66328 0x5b328
GetACP 0x0 0x466898 0x6632c 0x5b32c
GetVersion 0x0 0x46689c 0x66330 0x5b330
FreeLibrary 0x0 0x4668a0 0x66334 0x5b334
LoadLibraryA 0x0 0x4668a4 0x66338 0x5b338
GlobalHandle 0x0 0x4668a8 0x6633c 0x5b33c
GetProfileStringA 0x0 0x4668ac 0x66340 0x5b340
lstrcmpA 0x0 0x4668b0 0x66344 0x5b344
HeapReAlloc 0x0 0x4668b4 0x66348 0x5b348
IsDBCSLeadByte 0x0 0x4668b8 0x6634c 0x5b34c
GlobalFree 0x0 0x4668bc 0x66350 0x5b350
ReadFile 0x0 0x4668c0 0x66354 0x5b354
CreateFileA 0x0 0x4668c4 0x66358 0x5b358
CompareStringA 0x0 0x4668c8 0x6635c 0x5b35c
USER32.dll (141)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
InvalidateRect 0x0 0x4668d8 0x6636c 0x5b36c
SendDlgItemMessageA 0x0 0x4668dc 0x66370 0x5b370
GetDialogBaseUnits 0x0 0x4668e0 0x66374 0x5b374
IsDlgButtonChecked 0x0 0x4668e4 0x66378 0x5b378
CheckDlgButton 0x0 0x4668e8 0x6637c 0x5b37c
GetNextDlgTabItem 0x0 0x4668ec 0x66380 0x5b380
SetScrollRange 0x0 0x4668f0 0x66384 0x5b384
SetDlgItemTextA 0x0 0x4668f4 0x66388 0x5b388
GetDlgItemTextA 0x0 0x4668f8 0x6638c 0x5b38c
MapWindowPoints 0x0 0x4668fc 0x66390 0x5b390
CheckRadioButton 0x0 0x466900 0x66394 0x5b394
GetDoubleClickTime 0x0 0x466904 0x66398 0x5b398
ReleaseCapture 0x0 0x466908 0x6639c 0x5b39c
SetCapture 0x0 0x46690c 0x663a0 0x5b3a0
RegisterClassW 0x0 0x466910 0x663a4 0x5b3a4
SetMenu 0x0 0x466914 0x663a8 0x5b3a8
SetWindowTextA 0x0 0x466918 0x663ac 0x5b3ac
GetWindowTextA 0x0 0x46691c 0x663b0 0x5b3b0
InvalidateRgn 0x0 0x466920 0x663b4 0x5b3b4
ScrollDC 0x0 0x466924 0x663b8 0x5b3b8
IsZoomed 0x0 0x466928 0x663bc 0x5b3bc
AppendMenuA 0x0 0x46692c 0x663c0 0x5b3c0
GetSystemMenu 0x0 0x466930 0x663c4 0x5b3c4
GetClassLongA 0x0 0x466934 0x663c8 0x5b3c8
GetClassLongW 0x0 0x466938 0x663cc 0x5b3cc
DispatchMessageA 0x0 0x46693c 0x663d0 0x5b3d0
DispatchMessageW 0x0 0x466940 0x663d4 0x5b3d4
GetMessageW 0x0 0x466944 0x663d8 0x5b3d8
GetMessageA 0x0 0x466948 0x663dc 0x5b3dc
DefWindowProcW 0x0 0x46694c 0x663e0 0x5b3e0
VkKeyScanA 0x0 0x466950 0x663e4 0x5b3e4
GetKeyboardLayout 0x0 0x466954 0x663e8 0x5b3e8
LoadKeyboardLayoutA 0x0 0x466958 0x663ec 0x5b3ec
ActivateKeyboardLayout 0x0 0x46695c 0x663f0 0x5b3f0
GetKeyboardLayoutList 0x0 0x466960 0x663f4 0x5b3f4
InvertRect 0x0 0x466964 0x663f8 0x5b3f8
GetMenuCheckMarkDimensions 0x0 0x466968 0x663fc 0x5b3fc
RegisterClipboardFormatA 0x0 0x46696c 0x66400 0x5b400
CloseClipboard 0x0 0x466970 0x66404 0x5b404
EmptyClipboard 0x0 0x466974 0x66408 0x5b408
OpenClipboard 0x0 0x466978 0x6640c 0x5b40c
IsClipboardFormatAvailable 0x0 0x46697c 0x66410 0x5b410
GetClipboardData 0x0 0x466980 0x66414 0x5b414
SetClipboardData 0x0 0x466984 0x66418 0x5b418
HiliteMenuItem 0x0 0x466988 0x6641c 0x5b41c
GetMenuState 0x0 0x46698c 0x66420 0x5b420
GetMenuItemID 0x0 0x466990 0x66424 0x5b424
DeleteMenu 0x0 0x466994 0x66428 0x5b428
DrawMenuBar 0x0 0x466998 0x6642c 0x5b42c
EqualRect 0x0 0x46699c 0x66430 0x5b430
UnionRect 0x0 0x4669a0 0x66434 0x5b434
GetDesktopWindow 0x0 0x4669a4 0x66438 0x5b438
GetMessagePos 0x0 0x4669a8 0x6643c 0x5b43c
GetMessageTime 0x0 0x4669ac 0x66440 0x5b440
SetParent 0x0 0x4669b0 0x66444 0x5b444
GetClassInfoA 0x0 0x4669b4 0x66448 0x5b448
SetWindowPos 0x0 0x4669b8 0x6644c 0x5b44c
MessageBoxA 0x0 0x4669bc 0x66450 0x5b450
DialogBoxParamA 0x0 0x4669c0 0x66454 0x5b454
BringWindowToTop 0x0 0x4669c4 0x66458 0x5b458
OffsetRect 0x0 0x4669c8 0x6645c 0x5b45c
GetCaretBlinkTime 0x0 0x4669cc 0x66460 0x5b460
SetTimer 0x0 0x4669d0 0x66464 0x5b464
MessageBeep 0x0 0x4669d4 0x66468 0x5b468
WinHelpA 0x0 0x4669d8 0x6646c 0x5b46c
CreateDialogParamA 0x0 0x4669dc 0x66470 0x5b470
SendMessageA 0x0 0x4669e0 0x66474 0x5b474
GetAsyncKeyState 0x0 0x4669e4 0x66478 0x5b478
EnableWindow 0x0 0x4669e8 0x6647c 0x5b47c
GetScrollPos 0x0 0x4669ec 0x66480 0x5b480
GetScrollRange 0x0 0x4669f0 0x66484 0x5b484
SetScrollPos 0x0 0x4669f4 0x66488 0x5b488
SetCursor 0x0 0x4669f8 0x6648c 0x5b48c
PtInRect 0x0 0x4669fc 0x66490 0x5b490
ShowCursor 0x0 0x466a00 0x66494 0x5b494
IsWindowVisible 0x0 0x466a04 0x66498 0x5b498
GetMenuItemCount 0x0 0x466a08 0x6649c 0x5b49c
LoadStringA 0x0 0x466a0c 0x664a0 0x5b4a0
IsWindowUnicode 0x0 0x466a10 0x664a4 0x5b4a4
UpdateWindow 0x0 0x466a14 0x664a8 0x5b4a8
GetMenu 0x0 0x466a18 0x664ac 0x5b4ac
FindWindowA 0x0 0x466a1c 0x664b0 0x5b4b0
GetKeyState 0x0 0x466a20 0x664b4 0x5b4b4
PeekMessageA 0x0 0x466a24 0x664b8 0x5b4b8
KillTimer 0x0 0x466a28 0x664bc 0x5b4bc
DefWindowProcA 0x0 0x466a2c 0x664c0 0x5b4c0
LoadIconA 0x0 0x466a30 0x664c4 0x5b4c4
LoadCursorA 0x0 0x466a34 0x664c8 0x5b4c8
IsDialogMessageA 0x0 0x466a38 0x664cc 0x5b4cc
GetFocus 0x0 0x466a3c 0x664d0 0x5b4d0
BeginPaint 0x0 0x466a40 0x664d4 0x5b4d4
EndPaint 0x0 0x466a44 0x664d8 0x5b4d8
ScreenToClient 0x0 0x466a48 0x664dc 0x5b4dc
SetRect 0x0 0x466a4c 0x664e0 0x5b4e0
FillRect 0x0 0x466a50 0x664e4 0x5b4e4
IntersectRect 0x0 0x466a54 0x664e8 0x5b4e8
CopyRect 0x0 0x466a58 0x664ec 0x5b4ec
SetWindowLongA 0x0 0x466a5c 0x664f0 0x5b4f0
MoveWindow 0x0 0x466a60 0x664f4 0x5b4f4
DestroyWindow 0x0 0x466a64 0x664f8 0x5b4f8
CheckMenuItem 0x0 0x466a68 0x664fc 0x5b4fc
SetRectEmpty 0x0 0x466a6c 0x66500 0x5b500
RemoveMenu 0x0 0x466a70 0x66504 0x5b504
GetSubMenu 0x0 0x466a74 0x66508 0x5b508
CreateMenu 0x0 0x466a78 0x6650c 0x5b50c
EnableMenuItem 0x0 0x466a7c 0x66510 0x5b510
GetMenuStringA 0x0 0x466a80 0x66514 0x5b514
ModifyMenuA 0x0 0x466a84 0x66518 0x5b518
InsertMenuA 0x0 0x466a88 0x6651c 0x5b51c
GetParent 0x0 0x466a8c 0x66520 0x5b520
TranslateMessage 0x0 0x466a90 0x66524 0x5b524
SetForegroundWindow 0x0 0x466a94 0x66528 0x5b528
SetFocus 0x0 0x466a98 0x6652c 0x5b52c
PostQuitMessage 0x0 0x466a9c 0x66530 0x5b530
PostMessageA 0x0 0x466aa0 0x66534 0x5b534
CreateWindowExA 0x0 0x466aa4 0x66538 0x5b538
RegisterClassA 0x0 0x466aa8 0x6653c 0x5b53c
GetDC 0x0 0x466aac 0x66540 0x5b540
LoadMenuA 0x0 0x466ab0 0x66544 0x5b544
IsIconic 0x0 0x466ab4 0x66548 0x5b548
GetWindowLongA 0x0 0x466ab8 0x6654c 0x5b54c
ClientToScreen 0x0 0x466abc 0x66550 0x5b550
GetWindowRect 0x0 0x466ac0 0x66554 0x5b554
GetClassNameA 0x0 0x466ac4 0x66558 0x5b558
DestroyMenu 0x0 0x466ac8 0x6655c 0x5b55c
IsRectEmpty 0x0 0x466acc 0x66560 0x5b560
IsWindow 0x0 0x466ad0 0x66564 0x5b564
ShowWindow 0x0 0x466ad4 0x66568 0x5b568
LoadBitmapA 0x0 0x466ad8 0x6656c 0x5b56c
GetSysColor 0x0 0x466adc 0x66570 0x5b570
GetDlgItem 0x0 0x466ae0 0x66574 0x5b574
GetClientRect 0x0 0x466ae4 0x66578 0x5b578
DrawTextA 0x0 0x466ae8 0x6657c 0x5b57c
wsprintfA 0x0 0x466aec 0x66580 0x5b580
GetSystemMetrics 0x0 0x466af0 0x66584 0x5b584
GetWindowDC 0x0 0x466af4 0x66588 0x5b588
ReleaseDC 0x0 0x466af8 0x6658c 0x5b58c
EndDialog 0x0 0x466afc 0x66590 0x5b590
InflateRect 0x0 0x466b00 0x66594 0x5b594
GetCursorPos 0x0 0x466b04 0x66598 0x5b598
GetActiveWindow 0x0 0x466b08 0x6659c 0x5b59c
GDI32.dll (69)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateCompatibleBitmap 0x0 0x466640 0x660d4 0x5b0d4
CreateFontIndirectA 0x0 0x466644 0x660d8 0x5b0d8
LineTo 0x0 0x466648 0x660dc 0x5b0dc
SetBkMode 0x0 0x46664c 0x660e0 0x5b0e0
GetStockObject 0x0 0x466650 0x660e4 0x5b0e4
CreatePen 0x0 0x466654 0x660e8 0x5b0e8
MoveToEx 0x0 0x466658 0x660ec 0x5b0ec
BitBlt 0x0 0x46665c 0x660f0 0x5b0f0
DeleteMetaFile 0x0 0x466660 0x660f4 0x5b0f4
GetObjectA 0x0 0x466664 0x660f8 0x5b0f8
GetDeviceCaps 0x0 0x466668 0x660fc 0x5b0fc
SetBkColor 0x0 0x46666c 0x66100 0x5b100
CopyMetaFileA 0x0 0x466670 0x66104 0x5b104
PatBlt 0x0 0x466674 0x66108 0x5b108
CreatePatternBrush 0x0 0x466678 0x6610c 0x5b10c
SetTextColor 0x0 0x46667c 0x66110 0x5b110
PtVisible 0x0 0x466680 0x66114 0x5b114
GetTextFaceA 0x0 0x466684 0x66118 0x5b118
CreateBitmap 0x0 0x466688 0x6611c 0x5b11c
ExtTextOutA 0x0 0x46668c 0x66120 0x5b120
SetMapMode 0x0 0x466690 0x66124 0x5b124
CreateFontA 0x0 0x466694 0x66128 0x5b128
GetCharWidthA 0x0 0x466698 0x6612c 0x5b12c
GetCharWidth32A 0x0 0x46669c 0x66130 0x5b130
GetMapMode 0x0 0x4666a0 0x66134 0x5b134
GetCharWidth32W 0x0 0x4666a4 0x66138 0x5b138
GetBitmapBits 0x0 0x4666a8 0x6613c 0x5b13c
GetCharWidthW 0x0 0x4666ac 0x66140 0x5b140
TextOutW 0x0 0x4666b0 0x66144 0x5b144
SetTextAlign 0x0 0x4666b4 0x66148 0x5b148
TextOutA 0x0 0x4666b8 0x6614c 0x5b14c
Escape 0x0 0x4666bc 0x66150 0x5b150
CreateICA 0x0 0x4666c0 0x66154 0x5b154
GetTextMetricsA 0x0 0x4666c4 0x66158 0x5b158
EnumFontFamiliesExA 0x0 0x4666c8 0x6615c 0x5b15c
CreateSolidBrush 0x0 0x4666cc 0x66160 0x5b160
EnumFontsA 0x0 0x4666d0 0x66164 0x5b164
SelectClipRgn 0x0 0x4666d4 0x66168 0x5b168
SetRectRgn 0x0 0x4666d8 0x6616c 0x5b16c
CreateRectRgn 0x0 0x4666dc 0x66170 0x5b170
GetClipBox 0x0 0x4666e0 0x66174 0x5b174
RectVisible 0x0 0x4666e4 0x66178 0x5b178
CreateRectRgnIndirect 0x0 0x4666e8 0x6617c 0x5b17c
Ellipse 0x0 0x4666ec 0x66180 0x5b180
Polygon 0x0 0x4666f0 0x66184 0x5b184
SetROP2 0x0 0x4666f4 0x66188 0x5b188
SetMapperFlags 0x0 0x4666f8 0x6618c 0x5b18c
ExtTextOutW 0x0 0x4666fc 0x66190 0x5b190
Arc 0x0 0x466700 0x66194 0x5b194
SetWindowExtEx 0x0 0x466704 0x66198 0x5b198
SetWindowOrgEx 0x0 0x466708 0x6619c 0x5b19c
GetTextExtentPoint32A 0x0 0x46670c 0x661a0 0x5b1a0
CloseMetaFile 0x0 0x466710 0x661a4 0x5b1a4
RestoreDC 0x0 0x466714 0x661a8 0x5b1a8
CreateMetaFileA 0x0 0x466718 0x661ac 0x5b1ac
SaveDC 0x0 0x46671c 0x661b0 0x5b1b0
StretchBlt 0x0 0x466720 0x661b4 0x5b1b4
EnumMetaFile 0x0 0x466724 0x661b8 0x5b1b8
PlayMetaFile 0x0 0x466728 0x661bc 0x5b1bc
SetViewportExtEx 0x0 0x46672c 0x661c0 0x5b1c0
SetStretchBltMode 0x0 0x466730 0x661c4 0x5b1c4
FillRgn 0x0 0x466734 0x661c8 0x5b1c8
CombineRgn 0x0 0x466738 0x661cc 0x5b1cc
GetMetaFileBitsEx 0x0 0x46673c 0x661d0 0x5b1d0
Rectangle 0x0 0x466740 0x661d4 0x5b1d4
DeleteDC 0x0 0x466744 0x661d8 0x5b1d8
CreateCompatibleDC 0x0 0x466748 0x661dc 0x5b1dc
DeleteObject 0x0 0x46674c 0x661e0 0x5b1e0
SelectObject 0x0 0x466750 0x661e4 0x5b1e4
ADVAPI32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegEnumKeyExA 0x0 0x46660c 0x660a0 0x5b0a0
RegEnumValueA 0x0 0x466610 0x660a4 0x5b0a4
RegCloseKey 0x0 0x466614 0x660a8 0x5b0a8
RegQueryValueExA 0x0 0x466618 0x660ac 0x5b0ac
RegOpenKeyExA 0x0 0x46661c 0x660b0 0x5b0b0
RegCreateKeyExA 0x0 0x466620 0x660b4 0x5b0b4
RegQueryInfoKeyA 0x0 0x466624 0x660b8 0x5b0b8
RegSetValueExA 0x0 0x466628 0x660bc 0x5b0bc
RegDeleteKeyA 0x0 0x46662c 0x660c0 0x5b0c0
RegOpenKeyA 0x0 0x466630 0x660c4 0x5b0c4
ole32.dll (25)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateDataAdviseHolder 0x0 0x466b10 0x665a4 0x5b5a4
StgCreateDocfileOnILockBytes 0x0 0x466b14 0x665a8 0x5b5a8
CreateILockBytesOnHGlobal 0x0 0x466b18 0x665ac 0x5b5ac
GetHGlobalFromILockBytes 0x0 0x466b1c 0x665b0 0x5b5b0
CoDisconnectObject 0x0 0x466b20 0x665b4 0x5b5b4
CoLockObjectExternal 0x0 0x466b24 0x665b8 0x5b5b8
OleUninitialize 0x0 0x466b28 0x665bc 0x5b5bc
CoRegisterMessageFilter 0x0 0x466b2c 0x665c0 0x5b5c0
CoRevokeClassObject 0x0 0x466b30 0x665c4 0x5b5c4
CoRegisterClassObject 0x0 0x466b34 0x665c8 0x5b5c8
OleInitialize 0x0 0x466b38 0x665cc 0x5b5cc
CreateOleAdviseHolder 0x0 0x466b3c 0x665d0 0x5b5d0
OleRegEnumFormatEtc 0x0 0x466b40 0x665d4 0x5b5d4
ReleaseStgMedium 0x0 0x466b44 0x665d8 0x5b5d8
WriteFmtUserTypeStg 0x0 0x466b48 0x665dc 0x5b5dc
OleTranslateAccelerator 0x0 0x466b4c 0x665e0 0x5b5e0
OleCreateMenuDescriptor 0x0 0x466b50 0x665e4 0x5b5e4
OleDestroyMenuDescriptor 0x0 0x466b54 0x665e8 0x5b5e8
GetRunningObjectTable 0x0 0x466b58 0x665ec 0x5b5ec
CoGetMalloc 0x0 0x466b5c 0x665f0 0x5b5f0
OleDuplicateData 0x0 0x466b60 0x665f4 0x5b5f4
OleGetClipboard 0x0 0x466b64 0x665f8 0x5b5f8
WriteClassStg 0x0 0x466b68 0x665fc 0x5b5fc
OleFlushClipboard 0x0 0x466b6c 0x66600 0x5b600
OleSetClipboard 0x0 0x466b70 0x66604 0x5b604
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DragAcceptFiles 0x0 0x4668d0 0x66364 0x5b364
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x11 0x466638 0x660cc 0x5b0cc
Exports (14)
»
Api name EAT Address Ordinal
AboutMathType 0x401000 0x1
EqnFrameWinProc 0x40eae0 0x2
FMDFontListEnum 0x421294 0x3
FMDFontProtoEnum 0x421f18 0x4
FltToolbarWinProc 0x44a167 0x5
MFEnumFunc 0x42e7fd 0x6
MainWinProc 0x40e703 0x7
MtInsituWndProc 0x408d6e 0x8
ParamDlgProc 0x41aaa3 0x9
PopupMenuWinProc 0x449119 0xa
SizeDlgProc 0x41e194 0xb
StyleDefDlogProc 0x419e60 0xc
StyleOtherDlgProc 0x41dd2a 0xd
ZoomDlgProc 0x41e5c7 0xe
Icons (1)
»
Digital Signatures (2)
»
Signature Properties
LegalCopyright Copyright © Design Science, Inc. 1990-2000
InternalName Equation Editor
FileVersion 00110900
CompanyName Design Science, Inc.
ProductName Microsoft Equation Editor
ProductVersion 3.1
FileDescription Microsoft Equation Editor
OriginalFilename EQNEDT32.EXE
Signature verification True
Certificate: VeriSign Time Stamping Service
»
Certificate Properties
Issued by VeriSign, Inc.
Valid from 2001-02-28 00:00
Valid to 2004-01-06 23:59
Algorithm MD5 with RSA Encryption
Serial number 87 A6 D5 C6 F6 29 34 FB AC 4F D4 3E 11 41 89 D
Issuer Certificate: VeriSign, Inc.
»
Certificate Properties
Issued by VeriSign, Inc.
Valid from 1997-05-12 00:00
Valid to 2004-01-07 23:59
Algorithm MD5 with RSA Encryption
Serial number 4A 19 D2 38 8C 82 59 1C A5 5D 73 5F 15 5D DC A3
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2002-05-25 00:55
Valid to 2003-11-25 01:05
Algorithm SHA-1 with RSA Encryption
Serial number 61 07 11 43 00 00 00 00 00 34
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Authority
Valid from 2000-12-10 08:00
Valid to 2005-11-12 08:00
Algorithm MD5 with RSA Encryption
Serial number 6A 0B 99 4F C0 00 DE AA 11 D4 D8 40 9A A8 BE E6
Issuer Certificate: Microsoft Root Authority
»
Certificate Properties
Issued by Microsoft Root Authority
Valid from 1997-01-10 07:00
Valid to 2020-12-31 07:00
Algorithm MD5 with RSA Encryption
Serial number C1 00 8B 3C 3C 88 11 D1 3E F6 63 EC DF 40
c:\program files\common files\microsoft shared\equation\eqnedt32.exe, ...
»
File Properties
Names c:\program files\common files\microsoft shared\equation\eqnedt32.exe (Modified File)
c:\program files\common files\microsoft shared\equation\eqnedt32.exe.[sepsis@protonmail.com].sepsis (Created File)
Size 530.75 KB
Hash Values MD5: 5b61ee119abfba50caf9100f8b687924
SHA1: 7001057ce7fd9edf64caf1ffc09345fdb43e7205
SHA256: 436f592ba523b6fbd9a355d227e1888f9fdcc27692f3874c3dfd8720470843c2
Actions
...
c:\program files\common files\microsoft shared\equation\eqnedt32.exe.manifest
»
File Properties
Names c:\program files\common files\microsoft shared\equation\eqnedt32.exe.manifest (Modified File)
Size 0.55 KB
Hash Values MD5: 0b62cc4ea7d04f52dce02f386bf96712
SHA1: e1062f7bfb53a6be9949c6b51384068c07251369
SHA256: 7b06b9fa9c8063bf62a3851ba8b89b30e157dd98f14c1c6ecdc430c84f834df3
Actions
...
c:\program files\common files\microsoft shared\equation\eqnedt32.exe.manifest, ...
»
File Properties
Names c:\program files\common files\microsoft shared\equation\eqnedt32.exe.manifest (Modified File)
c:\program files\common files\microsoft shared\equation\eqnedt32.exe.manifest.[sepsis@protonmail.com].sepsis (Created File)
Size 0.73 KB
Hash Values MD5: 0194439975cb83f3c5216d7ad3f7babe
SHA1: 277bc16091bd3db68b0c9a858f9c3e5b1234511c
SHA256: 35c13133831490c8f803447c90b44094a659416186f898448e6130e4a5f8962a
Actions
...
c:\program files\common files\microsoft shared\equation\eqnedt32.hlp
»
File Properties
Names c:\program files\common files\microsoft shared\equation\eqnedt32.hlp (Modified File)
Size 172.18 KB
Hash Values MD5: e59fbd1656036dfbd76c4392a56d3b8a
SHA1: 54d3c638053bf5a6584430881aad67cf3ae78aac
SHA256: 52454f03fc9f71121a5d0a1c87a4d492f2c5819acc5c32448cc5c7e5ee801fe0
Actions
...
c:\program files\common files\microsoft shared\equation\eqnedt32.hlp, ...
»
File Properties
Names c:\program files\common files\microsoft shared\equation\eqnedt32.hlp (Modified File)
c:\program files\common files\microsoft shared\equation\eqnedt32.hlp.[sepsis@protonmail.com].sepsis (Created File)
Size 172.35 KB
Hash Values MD5: 9dc9a598750e702b78db22642270e816
SHA1: 50898393625d36d392fdc60fc69d3196d8db9635
SHA256: 8f39dccb819276c7b8671ebcf15bb236f6630bc80a3c5ea2196876f96a21d259
Actions
...
c:\program files\common files\microsoft shared\equation\mtextra.ttf
»
File Properties
Names c:\program files\common files\microsoft shared\equation\mtextra.ttf (Modified File)
Size 7.48 KB
Hash Values MD5: e269de5f63fcdedca11755947615f1fb
SHA1: f36d544ffaf7cb5112b502dab224087e9b323e38
SHA256: 6c469962f33b7222f07b8d1ae8025f177f4a5f5db3eb62fa1523f261a270991f
Actions
...
c:\program files\common files\microsoft shared\equation\mtextra.ttf, ...
»
File Properties
Names c:\program files\common files\microsoft shared\equation\mtextra.ttf (Modified File)
c:\program files\common files\microsoft shared\equation\mtextra.ttf.[sepsis@protonmail.com].sepsis (Created File)
Size 7.65 KB
Hash Values MD5: bcae409c119f08f9fbcba36fb1f3996d
SHA1: f16eb9b6dfc87c6f1488572f79a27b60c8dd87f4
SHA256: 1c6a5aed2a55cc4ecf1e123c9ddc5a15ff6e70e1093a50d0c2716a453555a4b8
Actions
...
c:\program files\common files\microsoft shared\euro\msoeuro.dll
»
File Properties
Names c:\program files\common files\microsoft shared\euro\msoeuro.dll (Modified File)
Size 31.61 KB
Hash Values MD5: 9c8947698f2569829b573b1f1c4f34d0
SHA1: 3ac471cda1cd626ebd6fe007b33b761f355eac3c
SHA256: 02a0429f14bad6963cf48ac29bac2693e073c29f34d8d13e09e772cdac46af87
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180003320
Size Of Code 0x2c00
Size Of Initialized Data 0x3a00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-11-07 13:06:14
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x2b58 0x2c00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.26
.rdata 0x180004000 0x1af0 0x1c00 0x3000 CNT_INITIALIZED_DATA, MEM_READ 4.54
.data 0x180006000 0x6e8 0x200 0x4c00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.54
.pdata 0x180007000 0x408 0x600 0x4e00 CNT_INITIALIZED_DATA, MEM_READ 3.01
.rsrc 0x180008000 0xc10 0xe00 0x5400 CNT_INITIALIZED_DATA, MEM_READ 3.36
.reloc 0x180009000 0x80 0x200 0x6200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 1.69
Imports (62)
»
MSVCR100.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_wcsupr_s 0x0 0x180004000 0x50c8 0x40c8
?terminate@@YAXXZ 0x0 0x180004008 0x50d0 0x40d0
_onexit 0x0 0x180004010 0x50d8 0x40d8
_lock 0x0 0x180004018 0x50e0 0x40e0
__dllonexit 0x0 0x180004020 0x50e8 0x40e8
_unlock 0x0 0x180004028 0x50f0 0x40f0
__clean_type_info_names_internal 0x0 0x180004030 0x50f8 0x40f8
__crt_debugger_hook 0x0 0x180004038 0x5100 0x4100
__CppXcptFilter 0x0 0x180004040 0x5108 0x4108
__C_specific_handler 0x0 0x180004048 0x5110 0x4110
_amsg_exit 0x0 0x180004050 0x5118 0x4118
_encoded_null 0x0 0x180004058 0x5120 0x4120
free 0x0 0x180004060 0x5128 0x4128
_initterm_e 0x0 0x180004068 0x5130 0x4130
_initterm 0x0 0x180004070 0x5138 0x4138
_malloc_crt 0x0 0x180004078 0x5140 0x4140
memmove 0x0 0x180004080 0x5148 0x4148
??2@YAPEAX_K@Z 0x0 0x180004088 0x5150 0x4150
vswprintf_s 0x0 0x180004090 0x5158 0x4158
??3@YAXPEAX@Z 0x0 0x180004098 0x5160 0x4160
_finite 0x0 0x1800040a0 0x5168 0x4168
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x1800040a8 0x5170 0x4170
KERNEL32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RtlCaptureContext 0x0 0x1800040b8 0x5180 0x4180
RtlLookupFunctionEntry 0x0 0x1800040c0 0x5188 0x4188
RtlVirtualUnwind 0x0 0x1800040c8 0x5190 0x4190
IsDebuggerPresent 0x0 0x1800040d0 0x5198 0x4198
SetUnhandledExceptionFilter 0x0 0x1800040d8 0x51a0 0x41a0
UnhandledExceptionFilter 0x0 0x1800040e0 0x51a8 0x41a8
GetCurrentProcess 0x0 0x1800040e8 0x51b0 0x41b0
TerminateProcess 0x0 0x1800040f0 0x51b8 0x41b8
Sleep 0x0 0x1800040f8 0x51c0 0x41c0
DecodePointer 0x0 0x180004100 0x51c8 0x41c8
EncodePointer 0x0 0x180004108 0x51d0 0x41d0
WerRegisterMemoryBlock 0x0 0x180004110 0x51d8 0x41d8
VirtualProtect 0x0 0x180004118 0x51e0 0x41e0
GetSystemTimeAsFileTime 0x0 0x180004120 0x51e8 0x41e8
GetModuleFileNameW 0x0 0x180004128 0x51f0 0x41f0
GetVersionExA 0x0 0x180004130 0x51f8 0x41f8
GetModuleFileNameA 0x0 0x180004138 0x5200 0x4200
QueryPerformanceCounter 0x0 0x180004140 0x5208 0x4208
GetProcessHeap 0x0 0x180004148 0x5210 0x4210
HeapSetInformation 0x0 0x180004150 0x5218 0x4218
GetCurrentProcessId 0x0 0x180004158 0x5220 0x4220
GetCurrentThreadId 0x0 0x180004160 0x5228 0x4228
GetTickCount 0x0 0x180004168 0x5230 0x4230
ADVAPI32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegSetValueA 0x0 0x180004178 0x5240 0x4240
RegOpenKeyExA 0x0 0x180004180 0x5248 0x4248
RegEnumKeyA 0x0 0x180004188 0x5250 0x4250
RegDeleteKeyA 0x0 0x180004190 0x5258 0x4258
RegSetValueW 0x0 0x180004198 0x5260 0x4260
RegOpenKeyExW 0x0 0x1800041a0 0x5268 0x4268
RegEnumKeyW 0x0 0x1800041a8 0x5270 0x4270
RegDeleteKeyW 0x0 0x1800041b0 0x5278 0x4278
RegCloseKey 0x0 0x1800041b8 0x5280 0x4280
OLEAUT32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysAllocString 0x2 0x1800041c8 0x5290 0x4290
LoadRegTypeLib 0xa2 0x1800041d0 0x5298 0x4298
LoadTypeLib 0xa1 0x1800041d8 0x52a0 0x42a0
RegisterTypeLib 0xa3 0x1800041e0 0x52a8 0x42a8
UnRegisterTypeLib 0xba 0x1800041e8 0x52b0 0x42b0
VarR8FromStr 0x54 0x1800041f0 0x52b8 0x42b8
VariantInit 0x8 0x1800041f8 0x52c0 0x42c0
VariantChangeType 0xc 0x180004200 0x52c8 0x42c8
Exports (5)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x1800026d0 0x1
DllGetClassObject 0x18000263c 0x2
DllMain 0x180002710 0x3
DllRegisterServer 0x1800026e4 0x4
DllUnregisterServer 0x1800026f8 0x5
Digital Signatures (2)
»
Signature Properties
InternalName MsoEuro
FileVersion 15.0.4454.1000
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4454.1000
FileDescription Microsoft Office Euro Converter
OriginalFilename MsoEuro.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-09-04 21:42
Valid to 2013-03-04 21:42
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 9D 1E 8D 27 AE B8 F3 D8 38 00 01 00 00 00 9D
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-09-04 21:12
Valid to 2013-12-04 21:12
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\euro\msoeuro.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\euro\msoeuro.dll (Modified File)
c:\program files\common files\microsoft shared\euro\msoeuro.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 31.79 KB
Hash Values MD5: b9f03b53f35e476502bd2aa3a7e2e0e7
SHA1: e9060b4c87dc940c889a04615dd023d123bea84c
SHA256: edeaff47c6510fcc1a1ac4365332bcc93254972475b617b0379ba89acf14a9ff
Actions
...
c:\program files\common files\microsoft shared\filters\msgfilt.dll
»
File Properties
Names c:\program files\common files\microsoft shared\filters\msgfilt.dll (Modified File)
Size 39.12 KB
Hash Values MD5: c93e3219fe53ed2d5313c78581cbda28
SHA1: 157f92c567a59463dbba28af4b48375851640c8d
SHA256: e1c1d2a6478f9b34c00be31e7b36257917553bc1669ad0402b653eff928d3316
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180004f24
Size Of Code 0x4800
Size Of Initialized Data 0x3c00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:35:37
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x47ac 0x4800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.16
.rdata 0x180006000 0x21e4 0x2200 0x4c00 CNT_INITIALIZED_DATA, MEM_READ 4.01
.data 0x180009000 0x908 0x400 0x6e00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.26
.pdata 0x18000a000 0x60c 0x800 0x7200 CNT_INITIALIZED_DATA, MEM_READ 3.4
.rsrc 0x18000b000 0x498 0x600 0x7a00 CNT_INITIALIZED_DATA, MEM_READ 2.68
.reloc 0x18000c000 0xec 0x200 0x8000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 3.03
Imports (73)
»
MSVCR100.dll (26)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x180006000 0x75d0 0x61d0
?terminate@@YAXXZ 0x0 0x180006008 0x75d8 0x61d8
_onexit 0x0 0x180006010 0x75e0 0x61e0
_lock 0x0 0x180006018 0x75e8 0x61e8
__dllonexit 0x0 0x180006020 0x75f0 0x61f0
_unlock 0x0 0x180006028 0x75f8 0x61f8
__clean_type_info_names_internal 0x0 0x180006030 0x7600 0x6200
__crt_debugger_hook 0x0 0x180006038 0x7608 0x6208
__CppXcptFilter 0x0 0x180006040 0x7610 0x6210
__C_specific_handler 0x0 0x180006048 0x7618 0x6218
_amsg_exit 0x0 0x180006050 0x7620 0x6220
_encoded_null 0x0 0x180006058 0x7628 0x6228
free 0x0 0x180006060 0x7630 0x6230
_initterm_e 0x0 0x180006068 0x7638 0x6238
_initterm 0x0 0x180006070 0x7640 0x6240
_malloc_crt 0x0 0x180006078 0x7648 0x6248
vswprintf_s 0x0 0x180006080 0x7650 0x6250
memset 0x0 0x180006088 0x7658 0x6258
memcpy 0x0 0x180006090 0x7660 0x6260
??_V@YAXPEAX@Z 0x0 0x180006098 0x7668 0x6268
??_U@YAPEAX_K@Z 0x0 0x1800060a0 0x7670 0x6270
wcsstr 0x0 0x1800060a8 0x7678 0x6278
wcsncmp 0x0 0x1800060b0 0x7680 0x6280
_CxxThrowException 0x0 0x1800060b8 0x7688 0x6288
??3@YAXPEAX@Z 0x0 0x1800060c0 0x7690 0x6290
??2@YAPEAX_K@Z 0x0 0x1800060c8 0x7698 0x6298
KERNEL32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DisableThreadLibraryCalls 0x0 0x1800060d8 0x76a8 0x62a8
RtlCaptureContext 0x0 0x1800060e0 0x76b0 0x62b0
RtlLookupFunctionEntry 0x0 0x1800060e8 0x76b8 0x62b8
RtlVirtualUnwind 0x0 0x1800060f0 0x76c0 0x62c0
IsDebuggerPresent 0x0 0x1800060f8 0x76c8 0x62c8
SetUnhandledExceptionFilter 0x0 0x180006100 0x76d0 0x62d0
UnhandledExceptionFilter 0x0 0x180006108 0x76d8 0x62d8
DecodePointer 0x0 0x180006110 0x76e0 0x62e0
EncodePointer 0x0 0x180006118 0x76e8 0x62e8
LoadLibraryExW 0x0 0x180006120 0x76f0 0x62f0
GetProcAddress 0x0 0x180006128 0x76f8 0x62f8
GetModuleHandleW 0x0 0x180006130 0x7700 0x6300
GetModuleFileNameW 0x0 0x180006138 0x7708 0x6308
HeapFree 0x0 0x180006140 0x7710 0x6310
HeapAlloc 0x0 0x180006148 0x7718 0x6318
WerRegisterMemoryBlock 0x0 0x180006150 0x7720 0x6320
VirtualProtect 0x0 0x180006158 0x7728 0x6328
GetTickCount 0x0 0x180006160 0x7730 0x6330
GetSystemTimeAsFileTime 0x0 0x180006168 0x7738 0x6338
Sleep 0x0 0x180006170 0x7740 0x6340
CreateFileW 0x0 0x180006178 0x7748 0x6348
DeleteFileW 0x0 0x180006180 0x7750 0x6350
GetTempFileNameW 0x0 0x180006188 0x7758 0x6358
WriteFile 0x0 0x180006190 0x7760 0x6360
GetTempPathW 0x0 0x180006198 0x7768 0x6368
CloseHandle 0x0 0x1800061a0 0x7770 0x6370
GetLastError 0x0 0x1800061a8 0x7778 0x6378
GetCurrentProcess 0x0 0x1800061b0 0x7780 0x6380
TerminateProcess 0x0 0x1800061b8 0x7788 0x6388
MultiByteToWideChar 0x0 0x1800061c0 0x7790 0x6390
QueryPerformanceCounter 0x0 0x1800061c8 0x7798 0x6398
GetCurrentThreadId 0x0 0x1800061d0 0x77a0 0x63a0
HeapSetInformation 0x0 0x1800061d8 0x77a8 0x63a8
GetCurrentProcessId 0x0 0x1800061e0 0x77b0 0x63b0
GetProcessHeap 0x0 0x1800061e8 0x77b8 0x63b8
ADVAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ReportEventW 0x0 0x1800061f8 0x77c8 0x63c8
RegisterEventSourceW 0x0 0x180006200 0x77d0 0x63d0
DeregisterEventSource 0x0 0x180006208 0x77d8 0x63d8
RegQueryValueExW 0x0 0x180006210 0x77e0 0x63e0
RegOpenKeyExW 0x0 0x180006218 0x77e8 0x63e8
RegCloseKey 0x0 0x180006220 0x77f0 0x63f0
ole32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoTaskMemFree 0x0 0x180006230 0x7800 0x6400
StgOpenStorageOnILockBytes 0x0 0x180006238 0x7808 0x6408
StgOpenStorage 0x0 0x180006240 0x7810 0x6410
CLSIDFromString 0x0 0x180006248 0x7818 0x6418
CoCreateInstance 0x0 0x180006250 0x7820 0x6420
CoTaskMemAlloc 0x0 0x180006258 0x7828 0x6428
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x180001e5c 0x1
DllGetClassObject 0x180001d8c 0x2
DllRegisterServer 0x180001e80 0x3
DllUnregisterServer 0x180001e80 0x4
Digital Signatures (2)
»
Signature Properties
InternalName Microsoft Message IFilter
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Message IFilter
OriginalFilename msgfilt.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\filters\msgfilt.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\filters\msgfilt.dll (Modified File)
c:\program files\common files\microsoft shared\filters\msgfilt.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 39.30 KB
Hash Values MD5: 2afb39ab896ddcb4c51fe2e75c6cecbd
SHA1: b3511398b7395c490924589ee255b04f1a50e205
SHA256: 163996e0c5a32e04f2ecbbdd474f53eca8ea0596ad77dffef41b9db4aa8605d4
Actions
...
c:\program files\common files\microsoft shared\filters\odffilt.dll
»
File Properties
Names c:\program files\common files\microsoft shared\filters\odffilt.dll (Modified File)
Size 940.66 KB
Hash Values MD5: 6c945b72dd789c42b63d57a2865ccaeb
SHA1: 7e176b93cfdd9eed36a7849139dac85520e9ba3e
SHA256: c3d94190de397ecaa4000431b3a2a4fb38adba1b2bb13eb540604b8e42ec4343
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18001a464
Size Of Code 0x94600
Size Of Initialized Data 0x54e00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:34:53
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x945e4 0x94600 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.45
.rdata 0x180096000 0x408a8 0x40a00 0x94a00 CNT_INITIALIZED_DATA, MEM_READ 4.62
.data 0x1800d7000 0xa708 0xa800 0xd5400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.35
.pdata 0x1800e2000 0x7248 0x7400 0xdfc00 CNT_INITIALIZED_DATA, MEM_READ 5.75
.rsrc 0x1800ea000 0x4d8 0x600 0xe7000 CNT_INITIALIZED_DATA, MEM_READ 2.8
.reloc 0x1800eb000 0x20fc 0x2200 0xe7600 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.44
Imports (179)
»
MSVCR100.dll (60)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_wcsnicmp 0x0 0x180096000 0xc44b0 0xc2eb0
wcsncmp 0x0 0x180096008 0xc44b8 0xc2eb8
iswspace 0x0 0x180096010 0xc44c0 0xc2ec0
wcsstr 0x0 0x180096018 0xc44c8 0xc2ec8
strncpy_s 0x0 0x180096020 0xc44d0 0xc2ed0
malloc 0x0 0x180096028 0xc44d8 0xc2ed8
??0exception@std@@QEAA@AEBQEBDH@Z 0x0 0x180096030 0xc44e0 0xc2ee0
wcstol 0x0 0x180096038 0xc44e8 0xc2ee8
_snprintf_s 0x0 0x180096040 0xc44f0 0xc2ef0
srand 0x0 0x180096048 0xc44f8 0xc2ef8
rand 0x0 0x180096050 0xc4500 0xc2f00
_vsnprintf_s 0x0 0x180096058 0xc4508 0xc2f08
memcpy_s 0x0 0x180096060 0xc4510 0xc2f10
_snwprintf_s 0x0 0x180096068 0xc4518 0xc2f18
_mbschr 0x0 0x180096070 0xc4520 0xc2f20
wcsncat_s 0x0 0x180096078 0xc4528 0xc2f28
wcschr 0x0 0x180096080 0xc4530 0xc2f30
wcscmp 0x0 0x180096088 0xc4538 0xc2f38
realloc 0x0 0x180096090 0xc4540 0xc2f40
__lconv_init 0x0 0x180096098 0xc4548 0xc2f48
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x1800960a0 0xc4550 0xc2f50
__clean_type_info_names_internal 0x0 0x1800960a8 0xc4558 0xc2f58
__crt_debugger_hook 0x0 0x1800960b0 0xc4560 0xc2f60
_onexit 0x0 0x1800960b8 0xc4568 0xc2f68
_lock 0x0 0x1800960c0 0xc4570 0xc2f70
__dllonexit 0x0 0x1800960c8 0xc4578 0xc2f78
_unlock 0x0 0x1800960d0 0xc4580 0xc2f80
?terminate@@YAXXZ 0x0 0x1800960d8 0xc4588 0xc2f88
__CppXcptFilter 0x0 0x1800960e0 0xc4590 0xc2f90
__C_specific_handler 0x0 0x1800960e8 0xc4598 0xc2f98
_amsg_exit 0x0 0x1800960f0 0xc45a0 0xc2fa0
_encoded_null 0x0 0x1800960f8 0xc45a8 0xc2fa8
free 0x0 0x180096100 0xc45b0 0xc2fb0
_initterm_e 0x0 0x180096108 0xc45b8 0xc2fb8
_initterm 0x0 0x180096110 0xc45c0 0xc2fc0
_malloc_crt 0x0 0x180096118 0xc45c8 0xc2fc8
vswprintf_s 0x0 0x180096120 0xc45d0 0xc2fd0
strstr 0x0 0x180096128 0xc45d8 0xc2fd8
wcsrchr 0x0 0x180096130 0xc45e0 0xc2fe0
_wtoi 0x0 0x180096138 0xc45e8 0xc2fe8
wcscpy_s 0x0 0x180096140 0xc45f0 0xc2ff0
memset 0x0 0x180096148 0xc45f8 0xc2ff8
memcpy 0x0 0x180096150 0xc4600 0xc3000
__RTDynamicCast 0x0 0x180096158 0xc4608 0xc3008
?what@exception@std@@UEBAPEBDXZ 0x0 0x180096160 0xc4610 0xc3010
??1exception@std@@UEAA@XZ 0x0 0x180096168 0xc4618 0xc3018
??0exception@std@@QEAA@AEBV01@@Z 0x0 0x180096170 0xc4620 0xc3020
??0exception@std@@QEAA@AEBQEBD@Z 0x0 0x180096178 0xc4628 0xc3028
??_U@YAPEAX_K@Z 0x0 0x180096180 0xc4630 0xc3030
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z 0x0 0x180096188 0xc4638 0xc3038
wcsncpy_s 0x0 0x180096190 0xc4640 0xc3040
memmove 0x0 0x180096198 0xc4648 0xc3048
_invalid_parameter_noinfo_noreturn 0x0 0x1800961a0 0xc4650 0xc3050
_CxxThrowException 0x0 0x1800961a8 0xc4658 0xc3058
??2@YAPEAX_K@Z 0x0 0x1800961b0 0xc4660 0xc3060
__CxxFrameHandler3 0x0 0x1800961b8 0xc4668 0xc3068
??_V@YAXPEAX@Z 0x0 0x1800961c0 0xc4670 0xc3070
memcmp 0x0 0x1800961c8 0xc4678 0xc3078
_vscwprintf 0x0 0x1800961d0 0xc4680 0xc3080
??3@YAXPEAX@Z 0x0 0x1800961d8 0xc4688 0xc3088
MSVCP100.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_Xlength_error@std@@YAXPEBD@Z 0x0 0x1800961e8 0xc4698 0xc3098
?_Xout_of_range@std@@YAXPEBD@Z 0x0 0x1800961f0 0xc46a0 0xc30a0
ADVAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegQueryValueExW 0x0 0x180096200 0xc46b0 0xc30b0
RegOpenKeyExW 0x0 0x180096208 0xc46b8 0xc30b8
RegCloseKey 0x0 0x180096210 0xc46c0 0xc30c0
ReportEventW 0x0 0x180096218 0xc46c8 0xc30c8
RegisterEventSourceW 0x0 0x180096220 0xc46d0 0xc30d0
DeregisterEventSource 0x0 0x180096228 0xc46d8 0xc30d8
KERNEL32.dll (92)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetShortPathNameW 0x0 0x180096238 0xc46e8 0xc30e8
GetLongPathNameW 0x0 0x180096240 0xc46f0 0xc30f0
GetTempPathW 0x0 0x180096248 0xc46f8 0xc30f8
GetTempFileNameW 0x0 0x180096250 0xc4700 0xc3100
DeleteFileW 0x0 0x180096258 0xc4708 0xc3108
GetFileType 0x0 0x180096260 0xc4710 0xc3110
GetFileSizeEx 0x0 0x180096268 0xc4718 0xc3118
CreateFileW 0x0 0x180096270 0xc4720 0xc3120
RaiseException 0x0 0x180096278 0xc4728 0xc3128
SwitchToThread 0x0 0x180096280 0xc4730 0xc3130
CompareStringW 0x0 0x180096288 0xc4738 0xc3138
lstrlenA 0x0 0x180096290 0xc4740 0xc3140
lstrlenW 0x0 0x180096298 0xc4748 0xc3148
LocalAlloc 0x0 0x1800962a0 0xc4750 0xc3150
FreeLibrary 0x0 0x1800962a8 0xc4758 0xc3158
InitializeCriticalSection 0x0 0x1800962b0 0xc4760 0xc3160
EnterCriticalSection 0x0 0x1800962b8 0xc4768 0xc3168
LeaveCriticalSection 0x0 0x1800962c0 0xc4770 0xc3170
DeleteCriticalSection 0x0 0x1800962c8 0xc4778 0xc3178
GetFileAttributesW 0x0 0x1800962d0 0xc4780 0xc3180
SetLastError 0x0 0x1800962d8 0xc4788 0xc3188
WideCharToMultiByte 0x0 0x1800962e0 0xc4790 0xc3190
SystemTimeToFileTime 0x0 0x1800962e8 0xc4798 0xc3198
GetLastError 0x0 0x1800962f0 0xc47a0 0xc31a0
GlobalAlloc 0x0 0x1800962f8 0xc47a8 0xc31a8
GlobalLock 0x0 0x180096300 0xc47b0 0xc31b0
GlobalUnlock 0x0 0x180096308 0xc47b8 0xc31b8
GlobalFree 0x0 0x180096310 0xc47c0 0xc31c0
lstrcmpiW 0x0 0x180096318 0xc47c8 0xc31c8
lstrcmpW 0x0 0x180096320 0xc47d0 0xc31d0
QueryPerformanceCounter 0x0 0x180096328 0xc47d8 0xc31d8
GetProcessHeap 0x0 0x180096330 0xc47e0 0xc31e0
LoadLibraryA 0x0 0x180096338 0xc47e8 0xc31e8
GetCurrentProcessId 0x0 0x180096340 0xc47f0 0xc31f0
GetCurrentThreadId 0x0 0x180096348 0xc47f8 0xc31f8
GetSystemTimeAsFileTime 0x0 0x180096350 0xc4800 0xc3200
GetTickCount 0x0 0x180096358 0xc4808 0xc3208
VirtualProtect 0x0 0x180096360 0xc4810 0xc3210
WerRegisterMemoryBlock 0x0 0x180096368 0xc4818 0xc3218
HeapAlloc 0x0 0x180096370 0xc4820 0xc3220
HeapFree 0x0 0x180096378 0xc4828 0xc3228
GetModuleFileNameW 0x0 0x180096380 0xc4830 0xc3230
GetModuleHandleW 0x0 0x180096388 0xc4838 0xc3238
GetProcAddress 0x0 0x180096390 0xc4840 0xc3240
LoadLibraryExW 0x0 0x180096398 0xc4848 0xc3248
EncodePointer 0x0 0x1800963a0 0xc4850 0xc3250
DecodePointer 0x0 0x1800963a8 0xc4858 0xc3258
Sleep 0x0 0x1800963b0 0xc4860 0xc3260
TerminateProcess 0x0 0x1800963b8 0xc4868 0xc3268
GetCurrentProcess 0x0 0x1800963c0 0xc4870 0xc3270
UnhandledExceptionFilter 0x0 0x1800963c8 0xc4878 0xc3278
SetUnhandledExceptionFilter 0x0 0x1800963d0 0xc4880 0xc3280
IsDebuggerPresent 0x0 0x1800963d8 0xc4888 0xc3288
RtlVirtualUnwind 0x0 0x1800963e0 0xc4890 0xc3290
RtlLookupFunctionEntry 0x0 0x1800963e8 0xc4898 0xc3298
RtlCaptureContext 0x0 0x1800963f0 0xc48a0 0xc32a0
TlsFree 0x0 0x1800963f8 0xc48a8 0xc32a8
TlsSetValue 0x0 0x180096400 0xc48b0 0xc32b0
TlsGetValue 0x0 0x180096408 0xc48b8 0xc32b8
TlsAlloc 0x0 0x180096410 0xc48c0 0xc32c0
FileTimeToLocalFileTime 0x0 0x180096418 0xc48c8 0xc32c8
GetNativeSystemInfo 0x0 0x180096420 0xc48d0 0xc32d0
CancelIoEx 0x0 0x180096428 0xc48d8 0xc32d8
SetFileTime 0x0 0x180096430 0xc48e0 0xc32e0
GetFileTime 0x0 0x180096438 0xc48e8 0xc32e8
FlushFileBuffers 0x0 0x180096440 0xc48f0 0xc32f0
CreateEventExW 0x0 0x180096448 0xc48f8 0xc32f8
WaitForMultipleObjectsEx 0x0 0x180096450 0xc4900 0xc3300
ResetEvent 0x0 0x180096458 0xc4908 0xc3308
WriteFile 0x0 0x180096460 0xc4910 0xc3310
SetFilePointerEx 0x0 0x180096468 0xc4918 0xc3318
SetEndOfFile 0x0 0x180096470 0xc4920 0xc3320
CreateEventW 0x0 0x180096478 0xc4928 0xc3328
DeviceIoControl 0x0 0x180096480 0xc4930 0xc3330
GetOverlappedResult 0x0 0x180096488 0xc4938 0xc3338
GetStringTypeExW 0x0 0x180096490 0xc4940 0xc3340
IsValidCodePage 0x0 0x180096498 0xc4948 0xc3348
MultiByteToWideChar 0x0 0x1800964a0 0xc4950 0xc3350
FileTimeToSystemTime 0x0 0x1800964a8 0xc4958 0xc3358
GetSystemTime 0x0 0x1800964b0 0xc4960 0xc3360
CreateSemaphoreExW 0x0 0x1800964b8 0xc4968 0xc3368
WaitForSingleObjectEx 0x0 0x1800964c0 0xc4970 0xc3370
ReleaseSemaphore 0x0 0x1800964c8 0xc4978 0xc3378
TryEnterCriticalSection 0x0 0x1800964d0 0xc4980 0xc3380
RemoveDirectoryW 0x0 0x1800964d8 0xc4988 0xc3388
ReadFile 0x0 0x1800964e0 0xc4990 0xc3390
HeapSetInformation 0x0 0x1800964e8 0xc4998 0xc3398
InitializeCriticalSectionEx 0x0 0x1800964f0 0xc49a0 0xc33a0
CloseHandle 0x0 0x1800964f8 0xc49a8 0xc33a8
GetTickCount64 0x0 0x180096500 0xc49b0 0xc33b0
CreateDirectoryW 0x0 0x180096508 0xc49b8 0xc33b8
GetFileAttributesExW 0x0 0x180096510 0xc49c0 0xc33c0
query.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
BindIFilterFromStorage 0x0 0x180096520 0xc49d0 0xc33d0
BindIFilterFromStream 0x0 0x180096528 0xc49d8 0xc33d8
ole32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WriteFmtUserTypeStg 0x0 0x180096538 0xc49e8 0xc33e8
StgOpenStorageOnILockBytes 0x0 0x180096540 0xc49f0 0xc33f0
StgCreateDocfileOnILockBytes 0x0 0x180096548 0xc49f8 0xc33f8
GetConvertStg 0x0 0x180096550 0xc4a00 0xc3400
ReadClassStg 0x0 0x180096558 0xc4a08 0xc3408
StringFromGUID2 0x0 0x180096560 0xc4a10 0xc3410
CLSIDFromString 0x0 0x180096568 0xc4a18 0xc3418
CoCreateGuid 0x0 0x180096570 0xc4a20 0xc3420
CoCreateInstance 0x0 0x180096578 0xc4a28 0xc3428
CreateStreamOnHGlobal 0x0 0x180096580 0xc4a30 0xc3430
CoTaskMemFree 0x0 0x180096588 0xc4a38 0xc3438
CoTaskMemAlloc 0x0 0x180096590 0xc4a40 0xc3440
OLEAUT32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysStringLen 0x7 0x1800965a0 0xc4a50 0xc3450
VariantInit 0x8 0x1800965a8 0xc4a58 0xc3458
SysAllocString 0x2 0x1800965b0 0xc4a60 0xc3460
SysFreeString 0x6 0x1800965b8 0xc4a68 0xc3468
VariantClear 0x9 0x1800965c0 0xc4a70 0xc3470
Exports (2)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x1800012ac 0x1
DllGetClassObject 0x180001020 0x2
Digital Signatures (2)
»
Signature Properties
InternalName Microsoft Filter for Open Document Format
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Filter for Open Document Format
OriginalFilename odffilt.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\filters\odffilt.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\filters\odffilt.dll (Modified File)
c:\program files\common files\microsoft shared\filters\odffilt.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 940.83 KB
Hash Values MD5: ef0d4357983d69bd33bf1419ee975f1d
SHA1: bf661ac03f4b37ed94420bb4bbdf7ac837eeb03d
SHA256: e9cadc9c3a3ffb7dec58c32e0f433e90fa3c7df57e40276af79875de2f8ca2cd
Actions
...
c:\program files\common files\microsoft shared\filters\offfiltx.dll
»
File Properties
Names c:\program files\common files\microsoft shared\filters\offfiltx.dll (Modified File)
Size 1.12 MB
Hash Values MD5: ddb9ea671acd9c931d308c71b2643bfe
SHA1: d98492990a6c2001d1f118073d338aa13d77333c
SHA256: a4caf9011f5821070762dad99393106235b7403e9708b0a96af8ebfd31e5dfcb
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x1800293e0
Size Of Code 0xbb800
Size Of Initialized Data 0x62400
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:34:08
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xbb7c0 0xbb800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.48
.rdata 0x1800bd000 0x4ba20 0x4bc00 0xbbc00 CNT_INITIALIZED_DATA, MEM_READ 4.66
.data 0x180109000 0xaf68 0xb000 0x107800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.42
.pdata 0x180114000 0x88d4 0x8a00 0x112800 CNT_INITIALIZED_DATA, MEM_READ 5.8
.rsrc 0x18011d000 0x4d0 0x600 0x11b200 CNT_INITIALIZED_DATA, MEM_READ 2.82
.reloc 0x18011e000 0x2620 0x2800 0x11b800 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.42
Imports (200)
»
MSVCR100.dll (64)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
??0exception@std@@QEAA@AEBQEBD@Z 0x0 0x1800bd000 0xef5b0 0xee1b0
strncpy_s 0x0 0x1800bd008 0xef5b8 0xee1b8
wcscpy_s 0x0 0x1800bd010 0xef5c0 0xee1c0
?what@exception@std@@UEBAPEBDXZ 0x0 0x1800bd018 0xef5c8 0xee1c8
??1exception@std@@UEAA@XZ 0x0 0x1800bd020 0xef5d0 0xee1d0
??0exception@std@@QEAA@AEBV01@@Z 0x0 0x1800bd028 0xef5d8 0xee1d8
??0exception@std@@QEAA@AEBQEBDH@Z 0x0 0x1800bd030 0xef5e0 0xee1e0
strnlen 0x0 0x1800bd038 0xef5e8 0xee1e8
_vsnwprintf_s 0x0 0x1800bd040 0xef5f0 0xee1f0
_snprintf_s 0x0 0x1800bd048 0xef5f8 0xee1f8
_mbschr 0x0 0x1800bd050 0xef600 0xee200
memmove 0x0 0x1800bd058 0xef608 0xee208
wcsncat_s 0x0 0x1800bd060 0xef610 0xee210
srand 0x0 0x1800bd068 0xef618 0xee218
rand 0x0 0x1800bd070 0xef620 0xee220
_vsnprintf_s 0x0 0x1800bd078 0xef628 0xee228
_snwprintf_s 0x0 0x1800bd080 0xef630 0xee230
wcscmp 0x0 0x1800bd088 0xef638 0xee238
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x1800bd090 0xef640 0xee240
__clean_type_info_names_internal 0x0 0x1800bd098 0xef648 0xee248
__crt_debugger_hook 0x0 0x1800bd0a0 0xef650 0xee250
_onexit 0x0 0x1800bd0a8 0xef658 0xee258
_lock 0x0 0x1800bd0b0 0xef660 0xee260
__dllonexit 0x0 0x1800bd0b8 0xef668 0xee268
_unlock 0x0 0x1800bd0c0 0xef670 0xee270
?terminate@@YAXXZ 0x0 0x1800bd0c8 0xef678 0xee278
__lconv_init 0x0 0x1800bd0d0 0xef680 0xee280
__C_specific_handler 0x0 0x1800bd0d8 0xef688 0xee288
_amsg_exit 0x0 0x1800bd0e0 0xef690 0xee290
_encoded_null 0x0 0x1800bd0e8 0xef698 0xee298
_initterm_e 0x0 0x1800bd0f0 0xef6a0 0xee2a0
_initterm 0x0 0x1800bd0f8 0xef6a8 0xee2a8
_malloc_crt 0x0 0x1800bd100 0xef6b0 0xee2b0
vswprintf_s 0x0 0x1800bd108 0xef6b8 0xee2b8
swprintf_s 0x0 0x1800bd110 0xef6c0 0xee2c0
wcsncpy_s 0x0 0x1800bd118 0xef6c8 0xee2c8
floor 0x0 0x1800bd120 0xef6d0 0xee2d0
_vsnwprintf 0x0 0x1800bd128 0xef6d8 0xee2d8
_wtof 0x0 0x1800bd130 0xef6e0 0xee2e0
wcstoul 0x0 0x1800bd138 0xef6e8 0xee2e8
_itow_s 0x0 0x1800bd140 0xef6f0 0xee2f0
_wcsicmp 0x0 0x1800bd148 0xef6f8 0xee2f8
wcsrchr 0x0 0x1800bd150 0xef700 0xee300
realloc 0x0 0x1800bd158 0xef708 0xee308
malloc 0x0 0x1800bd160 0xef710 0xee310
free 0x0 0x1800bd168 0xef718 0xee318
wcstol 0x0 0x1800bd170 0xef720 0xee320
__RTDynamicCast 0x0 0x1800bd178 0xef728 0xee328
memcpy_s 0x0 0x1800bd180 0xef730 0xee330
_wtoi 0x0 0x1800bd188 0xef738 0xee338
_wcsnicmp 0x0 0x1800bd190 0xef740 0xee340
wcsstr 0x0 0x1800bd198 0xef748 0xee348
wcsncmp 0x0 0x1800bd1a0 0xef750 0xee350
wcschr 0x0 0x1800bd1a8 0xef758 0xee358
_invalid_parameter_noinfo_noreturn 0x0 0x1800bd1b0 0xef760 0xee360
memset 0x0 0x1800bd1b8 0xef768 0xee368
memcmp 0x0 0x1800bd1c0 0xef770 0xee370
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z 0x0 0x1800bd1c8 0xef778 0xee378
iswspace 0x0 0x1800bd1d0 0xef780 0xee380
memcpy 0x0 0x1800bd1d8 0xef788 0xee388
__CxxFrameHandler3 0x0 0x1800bd1e0 0xef790 0xee390
__CppXcptFilter 0x0 0x1800bd1e8 0xef798 0xee398
_vscwprintf 0x0 0x1800bd1f0 0xef7a0 0xee3a0
_CxxThrowException 0x0 0x1800bd1f8 0xef7a8 0xee3a8
ADVAPI32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ReportEventW 0x0 0x1800bd208 0xef7b8 0xee3b8
RegisterEventSourceW 0x0 0x1800bd210 0xef7c0 0xee3c0
DeregisterEventSource 0x0 0x1800bd218 0xef7c8 0xee3c8
RegSetValueExW 0x0 0x1800bd220 0xef7d0 0xee3d0
RegEnumKeyExW 0x0 0x1800bd228 0xef7d8 0xee3d8
RegDeleteValueW 0x0 0x1800bd230 0xef7e0 0xee3e0
RegDeleteKeyW 0x0 0x1800bd238 0xef7e8 0xee3e8
RegCreateKeyExW 0x0 0x1800bd240 0xef7f0 0xee3f0
RegQueryValueExW 0x0 0x1800bd248 0xef7f8 0xee3f8
RegOpenKeyExW 0x0 0x1800bd250 0xef800 0xee400
RegCloseKey 0x0 0x1800bd258 0xef808 0xee408
KERNEL32.dll (91)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetFileSizeEx 0x0 0x1800bd268 0xef818 0xee418
SwitchToThread 0x0 0x1800bd270 0xef820 0xee420
GetNativeSystemInfo 0x0 0x1800bd278 0xef828 0xee428
CancelIoEx 0x0 0x1800bd280 0xef830 0xee430
SetFileTime 0x0 0x1800bd288 0xef838 0xee438
GetFileTime 0x0 0x1800bd290 0xef840 0xee440
FlushFileBuffers 0x0 0x1800bd298 0xef848 0xee448
CreateEventExW 0x0 0x1800bd2a0 0xef850 0xee450
WaitForMultipleObjectsEx 0x0 0x1800bd2a8 0xef858 0xee458
ResetEvent 0x0 0x1800bd2b0 0xef860 0xee460
SetFilePointerEx 0x0 0x1800bd2b8 0xef868 0xee468
SetEndOfFile 0x0 0x1800bd2c0 0xef870 0xee470
CreateEventW 0x0 0x1800bd2c8 0xef878 0xee478
DeviceIoControl 0x0 0x1800bd2d0 0xef880 0xee480
GetFileType 0x0 0x1800bd2d8 0xef888 0xee488
GetLongPathNameW 0x0 0x1800bd2e0 0xef890 0xee490
GetShortPathNameW 0x0 0x1800bd2e8 0xef898 0xee498
GlobalAlloc 0x0 0x1800bd2f0 0xef8a0 0xee4a0
GlobalFree 0x0 0x1800bd2f8 0xef8a8 0xee4a8
CreateFileW 0x0 0x1800bd300 0xef8b0 0xee4b0
DeleteFileW 0x0 0x1800bd308 0xef8b8 0xee4b8
GetTempFileNameW 0x0 0x1800bd310 0xef8c0 0xee4c0
WriteFile 0x0 0x1800bd318 0xef8c8 0xee4c8
GetTempPathW 0x0 0x1800bd320 0xef8d0 0xee4d0
CloseHandle 0x0 0x1800bd328 0xef8d8 0xee4d8
GetLastError 0x0 0x1800bd330 0xef8e0 0xee4e0
GetCurrentProcess 0x0 0x1800bd338 0xef8e8 0xee4e8
TerminateProcess 0x0 0x1800bd340 0xef8f0 0xee4f0
CompareStringW 0x0 0x1800bd348 0xef8f8 0xee4f8
InitializeCriticalSection 0x0 0x1800bd350 0xef900 0xee500
EnterCriticalSection 0x0 0x1800bd358 0xef908 0xee508
LeaveCriticalSection 0x0 0x1800bd360 0xef910 0xee510
DeleteCriticalSection 0x0 0x1800bd368 0xef918 0xee518
lstrcmpiW 0x0 0x1800bd370 0xef920 0xee520
WideCharToMultiByte 0x0 0x1800bd378 0xef928 0xee528
lstrlenW 0x0 0x1800bd380 0xef930 0xee530
lstrlenA 0x0 0x1800bd388 0xef938 0xee538
MultiByteToWideChar 0x0 0x1800bd390 0xef940 0xee540
GetFileAttributesW 0x0 0x1800bd398 0xef948 0xee548
RaiseException 0x0 0x1800bd3a0 0xef950 0xee550
GetVersionExW 0x0 0x1800bd3a8 0xef958 0xee558
QueryPerformanceCounter 0x0 0x1800bd3b0 0xef960 0xee560
GetProcessHeap 0x0 0x1800bd3b8 0xef968 0xee568
HeapSetInformation 0x0 0x1800bd3c0 0xef970 0xee570
GetCurrentProcessId 0x0 0x1800bd3c8 0xef978 0xee578
GetCurrentThreadId 0x0 0x1800bd3d0 0xef980 0xee580
GetSystemTimeAsFileTime 0x0 0x1800bd3d8 0xef988 0xee588
GetTickCount 0x0 0x1800bd3e0 0xef990 0xee590
VirtualProtect 0x0 0x1800bd3e8 0xef998 0xee598
WerRegisterMemoryBlock 0x0 0x1800bd3f0 0xef9a0 0xee5a0
HeapAlloc 0x0 0x1800bd3f8 0xef9a8 0xee5a8
HeapFree 0x0 0x1800bd400 0xef9b0 0xee5b0
GetModuleFileNameW 0x0 0x1800bd408 0xef9b8 0xee5b8
GetModuleHandleW 0x0 0x1800bd410 0xef9c0 0xee5c0
GetProcAddress 0x0 0x1800bd418 0xef9c8 0xee5c8
LoadLibraryExW 0x0 0x1800bd420 0xef9d0 0xee5d0
EncodePointer 0x0 0x1800bd428 0xef9d8 0xee5d8
DecodePointer 0x0 0x1800bd430 0xef9e0 0xee5e0
Sleep 0x0 0x1800bd438 0xef9e8 0xee5e8
UnhandledExceptionFilter 0x0 0x1800bd440 0xef9f0 0xee5f0
SetUnhandledExceptionFilter 0x0 0x1800bd448 0xef9f8 0xee5f8
IsDebuggerPresent 0x0 0x1800bd450 0xefa00 0xee600
RtlVirtualUnwind 0x0 0x1800bd458 0xefa08 0xee608
RtlLookupFunctionEntry 0x0 0x1800bd460 0xefa10 0xee610
RtlCaptureContext 0x0 0x1800bd468 0xefa18 0xee618
TlsFree 0x0 0x1800bd470 0xefa20 0xee620
TlsSetValue 0x0 0x1800bd478 0xefa28 0xee628
TlsGetValue 0x0 0x1800bd480 0xefa30 0xee630
TlsAlloc 0x0 0x1800bd488 0xefa38 0xee638
GetOverlappedResult 0x0 0x1800bd490 0xefa40 0xee640
GetSystemTime 0x0 0x1800bd498 0xefa48 0xee648
IsValidCodePage 0x0 0x1800bd4a0 0xefa50 0xee650
IsDBCSLeadByte 0x0 0x1800bd4a8 0xefa58 0xee658
GetStringTypeExW 0x0 0x1800bd4b0 0xefa60 0xee660
SystemTimeToFileTime 0x0 0x1800bd4b8 0xefa68 0xee668
FileTimeToSystemTime 0x0 0x1800bd4c0 0xefa70 0xee670
GetTickCount64 0x0 0x1800bd4c8 0xefa78 0xee678
CreateSemaphoreExW 0x0 0x1800bd4d0 0xefa80 0xee680
WaitForSingleObjectEx 0x0 0x1800bd4d8 0xefa88 0xee688
ReleaseSemaphore 0x0 0x1800bd4e0 0xefa90 0xee690
TryEnterCriticalSection 0x0 0x1800bd4e8 0xefa98 0xee698
RemoveDirectoryW 0x0 0x1800bd4f0 0xefaa0 0xee6a0
ReadFile 0x0 0x1800bd4f8 0xefaa8 0xee6a8
GetFileAttributesExW 0x0 0x1800bd500 0xefab0 0xee6b0
CreateDirectoryW 0x0 0x1800bd508 0xefab8 0xee6b8
InitializeCriticalSectionEx 0x0 0x1800bd510 0xefac0 0xee6c0
LocalAlloc 0x0 0x1800bd518 0xefac8 0xee6c8
FreeLibrary 0x0 0x1800bd520 0xefad0 0xee6d0
LoadLibraryA 0x0 0x1800bd528 0xefad8 0xee6d8
FileTimeToLocalFileTime 0x0 0x1800bd530 0xefae0 0xee6e0
SetLastError 0x0 0x1800bd538 0xefae8 0xee6e8
query.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
BindIFilterFromStorage 0x0 0x1800bd548 0xefaf8 0xee6f8
ole32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateILockBytesOnHGlobal 0x0 0x1800bd558 0xefb08 0xee708
PropVariantCopy 0x0 0x1800bd560 0xefb10 0xee710
CreateStreamOnHGlobal 0x0 0x1800bd568 0xefb18 0xee718
CoCreateGuid 0x0 0x1800bd570 0xefb20 0xee720
GetConvertStg 0x0 0x1800bd578 0xefb28 0xee728
StringFromGUID2 0x0 0x1800bd580 0xefb30 0xee730
WriteFmtUserTypeStg 0x0 0x1800bd588 0xefb38 0xee738
ReadClassStg 0x0 0x1800bd590 0xefb40 0xee740
StgOpenStorageOnILockBytes 0x0 0x1800bd598 0xefb48 0xee748
StgCreateDocfileOnILockBytes 0x0 0x1800bd5a0 0xefb50 0xee750
CoCreateInstance 0x0 0x1800bd5a8 0xefb58 0xee758
CoTaskMemFree 0x0 0x1800bd5b0 0xefb60 0xee760
CoTaskMemAlloc 0x0 0x1800bd5b8 0xefb68 0xee768
PropVariantClear 0x0 0x1800bd5c0 0xefb70 0xee770
CLSIDFromString 0x0 0x1800bd5c8 0xefb78 0xee778
MSVCP100.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_Xout_of_range@std@@YAXPEBD@Z 0x0 0x1800bd5d8 0xefb88 0xee788
?_Xlength_error@std@@YAXPEBD@Z 0x0 0x1800bd5e0 0xefb90 0xee790
OLEAUT32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysFreeString 0x6 0x1800bd5f0 0xefba0 0xee7a0
VariantChangeTypeEx 0x93 0x1800bd5f8 0xefba8 0xee7a8
VariantChangeType 0xc 0x1800bd600 0xefbb0 0xee7b0
VariantClear 0x9 0x1800bd608 0xefbb8 0xee7b8
SysStringLen 0x7 0x1800bd610 0xefbc0 0xee7c0
VariantInit 0x8 0x1800bd618 0xefbc8 0xee7c8
SysAllocString 0x2 0x1800bd620 0xefbd0 0xee7d0
SysAllocStringLen 0x4 0x1800bd628 0xefbd8 0xee7d8
SystemTimeToVariantTime 0xb8 0x1800bd630 0xefbe0 0xee7e0
VariantTimeToSystemTime 0xb9 0x1800bd638 0xefbe8 0xee7e8
SafeArrayCreate 0xf 0x1800bd640 0xefbf0 0xee7f0
SafeArrayGetDim 0x11 0x1800bd648 0xefbf8 0xee7f8
SafeArrayGetUBound 0x13 0x1800bd650 0xefc00 0xee800
SafeArrayGetLBound 0x14 0x1800bd658 0xefc08 0xee808
SafeArrayAccessData 0x17 0x1800bd660 0xefc10 0xee810
SafeArrayUnaccessData 0x18 0x1800bd668 0xefc18 0xee818
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x180002ab8 0x1
DllGetClassObject 0x180002620 0x2
DllRegisterServer 0x18001525c 0x3
DllUnregisterServer 0x180015418 0x4
Digital Signatures (2)
»
Signature Properties
InternalName Microsoft Office Open XML Format Filter
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Office Open XML Format Filter
OriginalFilename offfiltx.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\filters\offfiltx.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\filters\offfiltx.dll (Modified File)
c:\program files\common files\microsoft shared\filters\offfiltx.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 1.12 MB
Hash Values MD5: 22cd6893caa9d3c373afa2cf77635f0e
SHA1: 9ac50bc7adbddcd7b7c3f3d34321cb681e45aeac
SHA256: 36e5cc3a0661bfb3f27aa8a52f762f4c3e3f86fafcd5b6f2136d3436e00f8668
Actions
...
c:\program files\common files\microsoft shared\filters\visfilt.dll
»
File Properties
Names c:\program files\common files\microsoft shared\filters\visfilt.dll (Modified File)
Size 3.74 MB
Hash Values MD5: 3aed295cdb86b67ef6d20e8a6e1fb765
SHA1: 7e763738ec6a78dea41079124d4f87868d34328f
SHA256: 3992c0be7ae184fd156150e6807bac2d2b5342a2e93d56c153670a5ddda469bb
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18000fc6c
Size Of Code 0x1f5600
Size Of Initialized Data 0x1c7200
Size Of Uninitialized Data 0x200
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:19:41
Compiler/Packer Unknown
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x1f5444 0x1f5600 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.4
.rdata 0x1801f7000 0x14ac88 0x14ae00 0x1f5a00 CNT_INITIALIZED_DATA, MEM_READ 5.91
.data 0x180342000 0x561f8 0x56000 0x340800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 6.22
.pdata 0x180399000 0x1cf20 0x1d000 0x396800 CNT_INITIALIZED_DATA, MEM_READ 5.96
.tls 0x1803b6000 0x29 0x0 0x0 CNT_UNINITIALIZED_DATA, MEM_READ, MEM_WRITE 0.0
.rsrc 0x1803b7000 0x500 0x600 0x3b3800 CNT_INITIALIZED_DATA, MEM_READ 2.77
.reloc 0x1803b8000 0x8b08 0x8c00 0x3b3e00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.5
Digital Signatures (2)
»
Signature Properties
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 33 E5 27 86 A3 0E 4A 2A 80 00 00 00 00 00 33
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\filters\visfilt.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\filters\visfilt.dll (Modified File)
c:\program files\common files\microsoft shared\filters\visfilt.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 3.74 MB
Hash Values MD5: 0520ae921464d91df95d8173d8cf892f
SHA1: daa669d055663233a2a0db4f7e769916cfebb7bf
SHA256: 3caac82d10cc4a029e96df56377e1c22e2e0f0d4a20bfa26119172d91616d479
Actions
...
c:\program files\common files\microsoft shared\grphflt\epsimp32.flt
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\epsimp32.flt (Modified File)
Size 635.15 KB
Hash Values MD5: 9bc53132f679cc81dc035fa517996f07
SHA1: 57da96b6aed705a5cba131aa4f2498b3aa5e4b1f
SHA256: 9dbc949ecdf073a05b4ea0ed3e0101cfeb5c65e86b3cb4ccbee656926c18945d
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18007935c
Size Of Code 0x7c200
Size Of Initialized Data 0x21200
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:44:00
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x7c0cc 0x7c200 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.39
.rdata 0x18007e000 0x15ba0 0x15c00 0x7c600 CNT_INITIALIZED_DATA, MEM_READ 5.47
.data 0x180094000 0x5180 0x4c00 0x92200 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.31
.pdata 0x18009a000 0x46e0 0x4800 0x96e00 CNT_INITIALIZED_DATA, MEM_READ 5.77
.rsrc 0x18009f000 0x720 0x800 0x9b600 CNT_INITIALIZED_DATA, MEM_READ 3.2
.reloc 0x1800a0000 0x125c 0x1400 0x9be00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.29
Imports (176)
»
GDI32.dll (60)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreatePen 0x0 0x18007e000 0x8a0c8 0x886c8
CreateRectRgn 0x0 0x18007e008 0x8a0d0 0x886d0
CreateSolidBrush 0x0 0x18007e010 0x8a0d8 0x886d8
DeleteObject 0x0 0x18007e018 0x8a0e0 0x886e0
GetCurrentPositionEx 0x0 0x18007e020 0x8a0e8 0x886e8
GetDeviceCaps 0x0 0x18007e028 0x8a0f0 0x886f0
GetStockObject 0x0 0x18007e030 0x8a0f8 0x886f8
GetTextExtentPoint32A 0x0 0x18007e038 0x8a100 0x88700
Rectangle 0x0 0x18007e040 0x8a108 0x88708
SelectClipRgn 0x0 0x18007e048 0x8a110 0x88710
ExtSelectClipRgn 0x0 0x18007e050 0x8a118 0x88718
SelectObject 0x0 0x18007e058 0x8a120 0x88720
SetTextColor 0x0 0x18007e060 0x8a128 0x88728
CloseEnhMetaFile 0x0 0x18007e068 0x8a130 0x88730
CreateEnhMetaFileA 0x0 0x18007e070 0x8a138 0x88738
DeleteEnhMetaFile 0x0 0x18007e078 0x8a140 0x88740
GetEnhMetaFileHeader 0x0 0x18007e080 0x8a148 0x88748
GetWorldTransform 0x0 0x18007e088 0x8a150 0x88750
SetWorldTransform 0x0 0x18007e090 0x8a158 0x88758
SelectClipPath 0x0 0x18007e098 0x8a160 0x88760
SetMiterLimit 0x0 0x18007e0a0 0x8a168 0x88768
StrokeAndFillPath 0x0 0x18007e0a8 0x8a170 0x88770
StrokePath 0x0 0x18007e0b0 0x8a178 0x88778
ExtCreatePen 0x0 0x18007e0b8 0x8a180 0x88780
CreateFontIndirectA 0x0 0x18007e0c0 0x8a188 0x88788
GetOutlineTextMetricsA 0x0 0x18007e0c8 0x8a190 0x88790
MoveToEx 0x0 0x18007e0d0 0x8a198 0x88798
SetTextAlign 0x0 0x18007e0d8 0x8a1a0 0x887a0
GetTextMetricsA 0x0 0x18007e0e0 0x8a1a8 0x887a8
TextOutA 0x0 0x18007e0e8 0x8a1b0 0x887b0
GetTextFaceA 0x0 0x18007e0f0 0x8a1b8 0x887b8
StretchDIBits 0x0 0x18007e0f8 0x8a1c0 0x887c0
CloseMetaFile 0x0 0x18007e100 0x8a1c8 0x887c8
CreateMetaFileA 0x0 0x18007e108 0x8a1d0 0x887d0
PolyPolygon 0x0 0x18007e110 0x8a1d8 0x887d8
SetBkMode 0x0 0x18007e118 0x8a1e0 0x887e0
SetROP2 0x0 0x18007e120 0x8a1e8 0x887e8
SetStretchBltMode 0x0 0x18007e128 0x8a1f0 0x887f0
GetPath 0x0 0x18007e130 0x8a1f8 0x887f8
WidenPath 0x0 0x18007e138 0x8a200 0x88800
Polyline 0x0 0x18007e140 0x8a208 0x88808
SetWindowExtEx 0x0 0x18007e148 0x8a210 0x88810
SetWindowOrgEx 0x0 0x18007e150 0x8a218 0x88818
GetTextExtentPointA 0x0 0x18007e158 0x8a220 0x88820
DeleteMetaFile 0x0 0x18007e160 0x8a228 0x88828
CreateBitmap 0x0 0x18007e168 0x8a230 0x88830
CreateCompatibleDC 0x0 0x18007e170 0x8a238 0x88838
DeleteDC 0x0 0x18007e178 0x8a240 0x88840
GetDIBits 0x0 0x18007e180 0x8a248 0x88848
GetGlyphOutlineA 0x0 0x18007e188 0x8a250 0x88850
GetCharacterPlacementA 0x0 0x18007e190 0x8a258 0x88858
SetMapMode 0x0 0x18007e198 0x8a260 0x88860
PolyDraw 0x0 0x18007e1a0 0x8a268 0x88868
EndPath 0x0 0x18007e1a8 0x8a270 0x88870
CloseFigure 0x0 0x18007e1b0 0x8a278 0x88878
BeginPath 0x0 0x18007e1b8 0x8a280 0x88880
SetPolyFillMode 0x0 0x18007e1c0 0x8a288 0x88888
GdiComment 0x0 0x18007e1c8 0x8a290 0x88890
SetGraphicsMode 0x0 0x18007e1d0 0x8a298 0x88898
Escape 0x0 0x18007e1d8 0x8a2a0 0x888a0
KERNEL32.dll (48)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetTickCount 0x0 0x18007e1e8 0x8a2b0 0x888b0
MapViewOfFileEx 0x0 0x18007e1f0 0x8a2b8 0x888b8
UnmapViewOfFile 0x0 0x18007e1f8 0x8a2c0 0x888c0
CreateFileMappingA 0x0 0x18007e200 0x8a2c8 0x888c8
GlobalAlloc 0x0 0x18007e208 0x8a2d0 0x888d0
GlobalLock 0x0 0x18007e210 0x8a2d8 0x888d8
GlobalUnlock 0x0 0x18007e218 0x8a2e0 0x888e0
GlobalFree 0x0 0x18007e220 0x8a2e8 0x888e8
RaiseFailFastException 0x0 0x18007e228 0x8a2f0 0x888f0
InitializeCriticalSection 0x0 0x18007e230 0x8a2f8 0x888f8
EnterCriticalSection 0x0 0x18007e238 0x8a300 0x88900
LeaveCriticalSection 0x0 0x18007e240 0x8a308 0x88908
DeleteCriticalSection 0x0 0x18007e248 0x8a310 0x88910
VirtualAlloc 0x0 0x18007e250 0x8a318 0x88918
VirtualFree 0x0 0x18007e258 0x8a320 0x88920
LocalAlloc 0x0 0x18007e260 0x8a328 0x88928
RtlCaptureContext 0x0 0x18007e268 0x8a330 0x88930
RtlLookupFunctionEntry 0x0 0x18007e270 0x8a338 0x88938
RtlVirtualUnwind 0x0 0x18007e278 0x8a340 0x88940
IsDebuggerPresent 0x0 0x18007e280 0x8a348 0x88948
SetUnhandledExceptionFilter 0x0 0x18007e288 0x8a350 0x88950
UnhandledExceptionFilter 0x0 0x18007e290 0x8a358 0x88958
GetCurrentProcess 0x0 0x18007e298 0x8a360 0x88960
TerminateProcess 0x0 0x18007e2a0 0x8a368 0x88968
LoadLibraryA 0x0 0x18007e2a8 0x8a370 0x88970
Sleep 0x0 0x18007e2b0 0x8a378 0x88978
DecodePointer 0x0 0x18007e2b8 0x8a380 0x88980
EncodePointer 0x0 0x18007e2c0 0x8a388 0x88988
WerRegisterMemoryBlock 0x0 0x18007e2c8 0x8a390 0x88990
VirtualProtect 0x0 0x18007e2d0 0x8a398 0x88998
GetSystemTimeAsFileTime 0x0 0x18007e2d8 0x8a3a0 0x889a0
GetCurrentThreadId 0x0 0x18007e2e0 0x8a3a8 0x889a8
GetCurrentProcessId 0x0 0x18007e2e8 0x8a3b0 0x889b0
HeapSetInformation 0x0 0x18007e2f0 0x8a3b8 0x889b8
GetProcessHeap 0x0 0x18007e2f8 0x8a3c0 0x889c0
QueryPerformanceCounter 0x0 0x18007e300 0x8a3c8 0x889c8
GetLastError 0x0 0x18007e308 0x8a3d0 0x889d0
GetProcAddress 0x0 0x18007e310 0x8a3d8 0x889d8
GetModuleHandleW 0x0 0x18007e318 0x8a3e0 0x889e0
FreeLibrary 0x0 0x18007e320 0x8a3e8 0x889e8
MulDiv 0x0 0x18007e328 0x8a3f0 0x889f0
CloseHandle 0x0 0x18007e330 0x8a3f8 0x889f8
SetFilePointer 0x0 0x18007e338 0x8a400 0x88a00
ReadFile 0x0 0x18007e340 0x8a408 0x88a08
GetFileSize 0x0 0x18007e348 0x8a410 0x88a10
CreateFileA 0x0 0x18007e350 0x8a418 0x88a18
RaiseException 0x0 0x18007e358 0x8a420 0x88a20
GetSystemInfo 0x0 0x18007e360 0x8a428 0x88a28
MSVCR100.dll (67)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
pow 0x0 0x18007e370 0x8a438 0x88a38
_invalid_parameter_noinfo_noreturn 0x0 0x18007e378 0x8a440 0x88a40
rand 0x0 0x18007e380 0x8a448 0x88a48
atan2 0x0 0x18007e388 0x8a450 0x88a50
ceil 0x0 0x18007e390 0x8a458 0x88a58
floor 0x0 0x18007e398 0x8a460 0x88a60
log 0x0 0x18007e3a0 0x8a468 0x88a68
log10f 0x0 0x18007e3a8 0x8a470 0x88a70
memchr 0x0 0x18007e3b0 0x8a478 0x88a78
strchr 0x0 0x18007e3b8 0x8a480 0x88a80
atof 0x0 0x18007e3c0 0x8a488 0x88a88
ceilf 0x0 0x18007e3c8 0x8a490 0x88a90
floorf 0x0 0x18007e3d0 0x8a498 0x88a98
longjmp 0x0 0x18007e3d8 0x8a4a0 0x88aa0
_setjmp 0x0 0x18007e3e0 0x8a4a8 0x88aa8
atan2f 0x0 0x18007e3e8 0x8a4b0 0x88ab0
_finite 0x0 0x18007e3f0 0x8a4b8 0x88ab8
_malloc_crt 0x0 0x18007e3f8 0x8a4c0 0x88ac0
_initterm 0x0 0x18007e400 0x8a4c8 0x88ac8
_initterm_e 0x0 0x18007e408 0x8a4d0 0x88ad0
_encoded_null 0x0 0x18007e410 0x8a4d8 0x88ad8
_amsg_exit 0x0 0x18007e418 0x8a4e0 0x88ae0
__C_specific_handler 0x0 0x18007e420 0x8a4e8 0x88ae8
__CppXcptFilter 0x0 0x18007e428 0x8a4f0 0x88af0
?terminate@@YAXXZ 0x0 0x18007e430 0x8a4f8 0x88af8
__crt_debugger_hook 0x0 0x18007e438 0x8a500 0x88b00
__clean_type_info_names_internal 0x0 0x18007e440 0x8a508 0x88b08
_unlock 0x0 0x18007e448 0x8a510 0x88b10
__dllonexit 0x0 0x18007e450 0x8a518 0x88b18
_lock 0x0 0x18007e458 0x8a520 0x88b20
_onexit 0x0 0x18007e460 0x8a528 0x88b28
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18007e468 0x8a530 0x88b30
memcpy_s 0x0 0x18007e470 0x8a538 0x88b38
_time64 0x0 0x18007e478 0x8a540 0x88b40
srand 0x0 0x18007e480 0x8a548 0x88b48
strstr 0x0 0x18007e488 0x8a550 0x88b50
isalnum 0x0 0x18007e490 0x8a558 0x88b58
isdigit 0x0 0x18007e498 0x8a560 0x88b60
islower 0x0 0x18007e4a0 0x8a568 0x88b68
isupper 0x0 0x18007e4a8 0x8a570 0x88b70
memcmp 0x0 0x18007e4b0 0x8a578 0x88b78
_msize 0x0 0x18007e4b8 0x8a580 0x88b80
_expand 0x0 0x18007e4c0 0x8a588 0x88b88
realloc 0x0 0x18007e4c8 0x8a590 0x88b90
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z 0x0 0x18007e4d0 0x8a598 0x88b98
??2@YAPEAX_K@Z 0x0 0x18007e4d8 0x8a5a0 0x88ba0
memset 0x0 0x18007e4e0 0x8a5a8 0x88ba8
memmove 0x0 0x18007e4e8 0x8a5b0 0x88bb0
sqrtf 0x0 0x18007e4f0 0x8a5b8 0x88bb8
sinf 0x0 0x18007e4f8 0x8a5c0 0x88bc0
cosf 0x0 0x18007e500 0x8a5c8 0x88bc8
__CxxFrameHandler3 0x0 0x18007e508 0x8a5d0 0x88bd0
??3@YAXPEAX@Z 0x0 0x18007e510 0x8a5d8 0x88bd8
memcpy 0x0 0x18007e518 0x8a5e0 0x88be0
??_V@YAXPEAX@Z 0x0 0x18007e520 0x8a5e8 0x88be8
??_U@YAPEAX_K@Z 0x0 0x18007e528 0x8a5f0 0x88bf0
sqrt 0x0 0x18007e530 0x8a5f8 0x88bf8
sin 0x0 0x18007e538 0x8a600 0x88c00
cos 0x0 0x18007e540 0x8a608 0x88c08
_CxxThrowException 0x0 0x18007e548 0x8a610 0x88c10
malloc 0x0 0x18007e550 0x8a618 0x88c18
free 0x0 0x18007e558 0x8a620 0x88c20
exit 0x0 0x18007e560 0x8a628 0x88c28
_vsnprintf 0x0 0x18007e568 0x8a630 0x88c30
fprintf 0x0 0x18007e570 0x8a638 0x88c38
__iob_func 0x0 0x18007e578 0x8a640 0x88c40
tan 0x0 0x18007e580 0x8a648 0x88c48
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
EventWrite 0x0 0x18007e590 0x8a658 0x88c58
Exports (5)
»
Api name EAT Address Ordinal
GetFilterInfo 0x18002796c 0x1
GetFilterPref 0x180021628 0x3
ImportGr 0x180027a80 0x2
RegisterPercentCallback 0x180027dc8 0x4
SetFilterPref 0x180027e2c 0x5
Digital Signatures (2)
»
Signature Properties
InternalName epsimp32
FileVersion 2012.1500.4420.1017
CompanyName Access Softek, Inc.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 2012.1500.4420.1017
FileDescription Encapsulated PostScript Graphics Filter
OriginalFilename epsimp32.flt
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\grphflt\epsimp32.flt, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\epsimp32.flt (Modified File)
c:\program files\common files\microsoft shared\grphflt\epsimp32.flt.[sepsis@protonmail.com].sepsis (Created File)
Size 635.32 KB
Hash Values MD5: f01a01b90023d35a294d577deded09c4
SHA1: c3c982d90dd4caa3f6dfb2c5c99b815220a1ead8
SHA256: de925baa026e639f8784a60f57e8918e53e8a83eb532eeb17976e133977a08fd
Actions
...
c:\program files\common files\microsoft shared\grphflt\gifimp32.flt
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\gifimp32.flt (Modified File)
Size 250.13 KB
Hash Values MD5: 8ccbfd3c7d29199e24e635aaa40a6915
SHA1: 5e6c74b566ecedf7796a68ac05c7f8d1b8d75906
SHA256: c9a6f70b49d71e1cf02d81c07901d684380d6ddab3850d61066585c21dd6f7ec
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18002b4cc
Size Of Code 0x2c800
Size Of Initialized Data 0x10e00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:46:29
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x2c648 0x2c800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.45
.rdata 0x18002e000 0xc33c 0xc400 0x2cc00 CNT_INITIALIZED_DATA, MEM_READ 5.66
.data 0x18003b000 0x1808 0xe00 0x39000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 5.4
.pdata 0x18003d000 0x2274 0x2400 0x39e00 CNT_INITIALIZED_DATA, MEM_READ 5.23
.rsrc 0x180040000 0x7e8 0x800 0x3c200 CNT_INITIALIZED_DATA, MEM_READ 3.3
.reloc 0x180041000 0x2dc 0x400 0x3ca00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.46
Imports (152)
»
ADVAPI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegCloseKey 0x0 0x18002e000 0x36260 0x34e60
RegOpenKeyExA 0x0 0x18002e008 0x36268 0x34e68
RegQueryValueExA 0x0 0x18002e010 0x36270 0x34e70
RegCreateKeyExA 0x0 0x18002e018 0x36278 0x34e78
RegEnumKeyExA 0x0 0x18002e020 0x36280 0x34e80
RegSetValueExA 0x0 0x18002e028 0x36288 0x34e88
EventWrite 0x0 0x18002e030 0x36290 0x34e90
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x11 0x18002e040 0x362a0 0x34ea0
GDI32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetViewportExtEx 0x0 0x18002e050 0x362b0 0x34eb0
GetWindowExtEx 0x0 0x18002e058 0x362b8 0x34eb8
CreateCompatibleDC 0x0 0x18002e060 0x362c0 0x34ec0
DeleteDC 0x0 0x18002e068 0x362c8 0x34ec8
DeleteObject 0x0 0x18002e070 0x362d0 0x34ed0
GetDeviceCaps 0x0 0x18002e078 0x362d8 0x34ed8
GetMetaFileBitsEx 0x0 0x18002e080 0x362e0 0x34ee0
SelectObject 0x0 0x18002e088 0x362e8 0x34ee8
SetMapMode 0x0 0x18002e090 0x362f0 0x34ef0
PlayMetaFileRecord 0x0 0x18002e098 0x362f8 0x34ef8
EnumMetaFile 0x0 0x18002e0a0 0x36300 0x34f00
CreateMetaFileA 0x0 0x18002e0a8 0x36308 0x34f08
EnumEnhMetaFile 0x0 0x18002e0b0 0x36310 0x34f10
GetEnhMetaFileHeader 0x0 0x18002e0b8 0x36318 0x34f18
PlayEnhMetaFileRecord 0x0 0x18002e0c0 0x36320 0x34f20
GetTextExtentPoint32A 0x0 0x18002e0c8 0x36328 0x34f28
CreateDIBSection 0x0 0x18002e0d0 0x36330 0x34f30
SetViewportExtEx 0x0 0x18002e0d8 0x36338 0x34f38
SetWindowExtEx 0x0 0x18002e0e0 0x36340 0x34f40
SetWindowOrgEx 0x0 0x18002e0e8 0x36348 0x34f48
GetObjectA 0x0 0x18002e0f0 0x36350 0x34f50
SetMetaFileBitsEx 0x0 0x18002e0f8 0x36358 0x34f58
Escape 0x0 0x18002e100 0x36360 0x34f60
GdiComment 0x0 0x18002e108 0x36368 0x34f68
CloseMetaFile 0x0 0x18002e110 0x36370 0x34f70
DeleteMetaFile 0x0 0x18002e118 0x36378 0x34f78
DeleteEnhMetaFile 0x0 0x18002e120 0x36380 0x34f80
RealizePalette 0x0 0x18002e128 0x36388 0x34f88
SelectPalette 0x0 0x18002e130 0x36390 0x34f90
gdiplus.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GdipEmfToWmfBits 0x0 0x18002e140 0x363a0 0x34fa0
GdipRecordMetafile 0x0 0x18002e148 0x363a8 0x34fa8
GdipGetHemfFromMetafile 0x0 0x18002e150 0x363b0 0x34fb0
GdipDrawImageRectRectI 0x0 0x18002e158 0x363b8 0x34fb8
GdipDeleteGraphics 0x0 0x18002e160 0x363c0 0x34fc0
GdipBitmapUnlockBits 0x0 0x18002e168 0x363c8 0x34fc8
GdipBitmapLockBits 0x0 0x18002e170 0x363d0 0x34fd0
GdipCreateBitmapFromFileICM 0x0 0x18002e178 0x363d8 0x34fd8
GdipGetImageFlags 0x0 0x18002e180 0x363e0 0x34fe0
GdipGetImageVerticalResolution 0x0 0x18002e188 0x363e8 0x34fe8
GdipGetImageHorizontalResolution 0x0 0x18002e190 0x363f0 0x34ff0
GdipGetImageHeight 0x0 0x18002e198 0x363f8 0x34ff8
GdipGetImageWidth 0x0 0x18002e1a0 0x36400 0x35000
GdipGetImageBounds 0x0 0x18002e1a8 0x36408 0x35008
GdipGetImageGraphicsContext 0x0 0x18002e1b0 0x36410 0x35010
GdipDisposeImage 0x0 0x18002e1b8 0x36418 0x35018
GdipLoadImageFromFileICM 0x0 0x18002e1c0 0x36420 0x35020
GdiplusShutdown 0x0 0x18002e1c8 0x36428 0x35028
GdiplusStartup 0x0 0x18002e1d0 0x36430 0x35030
KERNEL32.dll (57)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetTickCount 0x0 0x18002e1e0 0x36440 0x35040
GetLastError 0x0 0x18002e1e8 0x36448 0x35048
_llseek 0x0 0x18002e1f0 0x36450 0x35050
MulDiv 0x0 0x18002e1f8 0x36458 0x35058
MultiByteToWideChar 0x0 0x18002e200 0x36460 0x35060
FindClose 0x0 0x18002e208 0x36468 0x35068
FindFirstFileA 0x0 0x18002e210 0x36470 0x35070
FreeLibrary 0x0 0x18002e218 0x36478 0x35078
GetModuleHandleW 0x0 0x18002e220 0x36480 0x35080
GetProcAddress 0x0 0x18002e228 0x36488 0x35088
LoadLibraryExA 0x0 0x18002e230 0x36490 0x35090
lstrcmpA 0x0 0x18002e238 0x36498 0x35098
lstrlenA 0x0 0x18002e240 0x364a0 0x350a0
Sleep 0x0 0x18002e248 0x364a8 0x350a8
DecodePointer 0x0 0x18002e250 0x364b0 0x350b0
EncodePointer 0x0 0x18002e258 0x364b8 0x350b8
LoadLibraryA 0x0 0x18002e260 0x364c0 0x350c0
RaiseFailFastException 0x0 0x18002e268 0x364c8 0x350c8
_lwrite 0x0 0x18002e270 0x364d0 0x350d0
_lread 0x0 0x18002e278 0x364d8 0x350d8
CreateFileMappingA 0x0 0x18002e280 0x364e0 0x350e0
UnmapViewOfFile 0x0 0x18002e288 0x364e8 0x350e8
MapViewOfFile 0x0 0x18002e290 0x364f0 0x350f0
WriteFile 0x0 0x18002e298 0x364f8 0x350f8
SetFilePointer 0x0 0x18002e2a0 0x36500 0x35100
GetFileSize 0x0 0x18002e2a8 0x36508 0x35108
HeapReAlloc 0x0 0x18002e2b0 0x36510 0x35110
CloseHandle 0x0 0x18002e2b8 0x36518 0x35118
ReadFile 0x0 0x18002e2c0 0x36520 0x35120
GetFileAttributesA 0x0 0x18002e2c8 0x36528 0x35128
CreateFileA 0x0 0x18002e2d0 0x36530 0x35130
GlobalFree 0x0 0x18002e2d8 0x36538 0x35138
GlobalAlloc 0x0 0x18002e2e0 0x36540 0x35140
GlobalUnlock 0x0 0x18002e2e8 0x36548 0x35148
GlobalLock 0x0 0x18002e2f0 0x36550 0x35150
DeleteFileA 0x0 0x18002e2f8 0x36558 0x35158
GetProcessHeap 0x0 0x18002e300 0x36560 0x35160
HeapFree 0x0 0x18002e308 0x36568 0x35168
HeapAlloc 0x0 0x18002e310 0x36570 0x35170
RaiseException 0x0 0x18002e318 0x36578 0x35178
GetCurrentThreadId 0x0 0x18002e320 0x36580 0x35180
QueryPerformanceCounter 0x0 0x18002e328 0x36588 0x35188
HeapSetInformation 0x0 0x18002e330 0x36590 0x35190
GetCurrentProcessId 0x0 0x18002e338 0x36598 0x35198
GetSystemTimeAsFileTime 0x0 0x18002e340 0x365a0 0x351a0
VirtualProtect 0x0 0x18002e348 0x365a8 0x351a8
WerRegisterMemoryBlock 0x0 0x18002e350 0x365b0 0x351b0
TerminateProcess 0x0 0x18002e358 0x365b8 0x351b8
GetCurrentProcess 0x0 0x18002e360 0x365c0 0x351c0
UnhandledExceptionFilter 0x0 0x18002e368 0x365c8 0x351c8
SetUnhandledExceptionFilter 0x0 0x18002e370 0x365d0 0x351d0
IsDebuggerPresent 0x0 0x18002e378 0x365d8 0x351d8
RtlVirtualUnwind 0x0 0x18002e380 0x365e0 0x351e0
RtlLookupFunctionEntry 0x0 0x18002e388 0x365e8 0x351e8
RtlCaptureContext 0x0 0x18002e390 0x365f0 0x351f0
LocalAlloc 0x0 0x18002e398 0x365f8 0x351f8
GlobalHandle 0x0 0x18002e3a0 0x36600 0x35200
MSVCR100.dll (39)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18002e3b0 0x36610 0x35210
?terminate@@YAXXZ 0x0 0x18002e3b8 0x36618 0x35218
__clean_type_info_names_internal 0x0 0x18002e3c0 0x36620 0x35220
__crt_debugger_hook 0x0 0x18002e3c8 0x36628 0x35228
_onexit 0x0 0x18002e3d0 0x36630 0x35230
_lock 0x0 0x18002e3d8 0x36638 0x35238
__dllonexit 0x0 0x18002e3e0 0x36640 0x35240
_unlock 0x0 0x18002e3e8 0x36648 0x35248
__CppXcptFilter 0x0 0x18002e3f0 0x36650 0x35250
_amsg_exit 0x0 0x18002e3f8 0x36658 0x35258
_encoded_null 0x0 0x18002e400 0x36660 0x35260
_initterm_e 0x0 0x18002e408 0x36668 0x35268
_initterm 0x0 0x18002e410 0x36670 0x35270
_malloc_crt 0x0 0x18002e418 0x36678 0x35278
__C_specific_handler 0x0 0x18002e420 0x36680 0x35280
strtod 0x0 0x18002e428 0x36688 0x35288
malloc 0x0 0x18002e430 0x36690 0x35290
free 0x0 0x18002e438 0x36698 0x35298
fread 0x0 0x18002e440 0x366a0 0x352a0
pow 0x0 0x18002e448 0x366a8 0x352a8
strncpy 0x0 0x18002e450 0x366b0 0x352b0
longjmp 0x0 0x18002e458 0x366b8 0x352b8
fprintf 0x0 0x18002e460 0x366c0 0x352c0
__iob_func 0x0 0x18002e468 0x366c8 0x352c8
abort 0x0 0x18002e470 0x366d0 0x352d0
memcmp 0x0 0x18002e478 0x366d8 0x352d8
floorf 0x0 0x18002e480 0x366e0 0x352e0
ceilf 0x0 0x18002e488 0x366e8 0x352e8
strstr 0x0 0x18002e490 0x366f0 0x352f0
atol 0x0 0x18002e498 0x366f8 0x352f8
_vsnprintf 0x0 0x18002e4a0 0x36700 0x35300
_setjmp 0x0 0x18002e4a8 0x36708 0x35308
_CxxThrowException 0x0 0x18002e4b0 0x36710 0x35310
__CxxFrameHandler3 0x0 0x18002e4b8 0x36718 0x35318
memset 0x0 0x18002e4c0 0x36720 0x35320
memcpy 0x0 0x18002e4c8 0x36728 0x35328
strcat_s 0x0 0x18002e4d0 0x36730 0x35330
strcpy_s 0x0 0x18002e4d8 0x36738 0x35338
sprintf 0x0 0x18002e4e0 0x36740 0x35340
Exports (12)
»
Api name EAT Address Ordinal
ExportGr 0x1800037bc 0x4
GetFilterInfo 0x180004060 0x1
GetFilterPref 0x180016ef4 0x3
ImportGr 0x180004354 0x2
MSFFClose 0x1800012a4 0x8
MSFFControl 0x180001d5c 0xc
MSFFGetLine 0x180001720 0x9
MSFFOpen 0x180001000 0x7
MSFFPutLine 0x180001ab8 0xa
MSFFSeek 0x180001cb8 0xb
RegisterPercentCallback 0x180003ff8 0x6
SetFilterPref 0x180004434 0x5
Digital Signatures (2)
»
Signature Properties
InternalName gifimp32
FileVersion 2012.1500.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 2012.1500.4420.1017
FileDescription GIF Import/Export Graphic Filter
OriginalFilename gifimp32.flt
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\grphflt\gifimp32.flt, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\gifimp32.flt (Modified File)
c:\program files\common files\microsoft shared\grphflt\gifimp32.flt.[sepsis@protonmail.com].sepsis (Created File)
Size 250.31 KB
Hash Values MD5: 6ac34efd31c14552b76654152f935c00
SHA1: d70d77b43532c14ae4090ed8e0a22643ff865916
SHA256: 506607a15f783ff167521d4fcd6f23246d4017f0d63db885e81a9729d72b5b9f
Actions
...
c:\program files\common files\microsoft shared\grphflt\jpegim32.flt
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\jpegim32.flt (Modified File)
Size 228.14 KB
Hash Values MD5: 3ea451c27cf508eb310fbed92948e58e
SHA1: 36ad524136d710d094c9de0cf0070901383d69e6
SHA256: 15d659e67d300d340db898395d9f77a4b93eec7a7402c8a91a160bfd46589427
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180029630
Size Of Code 0x2ac00
Size Of Initialized Data 0xd200
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:36:01
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x2aa40 0x2ac00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.4
.rdata 0x18002c000 0x8948 0x8a00 0x2b000 CNT_INITIALIZED_DATA, MEM_READ 4.93
.data 0x180035000 0x14c8 0xa00 0x33a00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.18
.pdata 0x180037000 0x2430 0x2600 0x34400 CNT_INITIALIZED_DATA, MEM_READ 5.25
.rsrc 0x18003a000 0x7e8 0x800 0x36a00 CNT_INITIALIZED_DATA, MEM_READ 3.28
.reloc 0x18003b000 0x3c4 0x400 0x37200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.19
Imports (135)
»
ADVAPI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegCloseKey 0x0 0x18002c000 0x30f20 0x2ff20
RegOpenKeyExA 0x0 0x18002c008 0x30f28 0x2ff28
RegQueryValueExA 0x0 0x18002c010 0x30f30 0x2ff30
RegCreateKeyExA 0x0 0x18002c018 0x30f38 0x2ff38
RegEnumKeyExA 0x0 0x18002c020 0x30f40 0x2ff40
RegSetValueExA 0x0 0x18002c028 0x30f48 0x2ff48
EventWrite 0x0 0x18002c030 0x30f50 0x2ff50
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x11 0x18002c040 0x30f60 0x2ff60
GDI32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateCompatibleDC 0x0 0x18002c050 0x30f70 0x2ff70
DeleteDC 0x0 0x18002c058 0x30f78 0x2ff78
DeleteMetaFile 0x0 0x18002c060 0x30f80 0x2ff80
DeleteObject 0x0 0x18002c068 0x30f88 0x2ff88
GetDeviceCaps 0x0 0x18002c070 0x30f90 0x2ff90
GetMetaFileBitsEx 0x0 0x18002c078 0x30f98 0x2ff98
SelectObject 0x0 0x18002c080 0x30fa0 0x2ffa0
SetMapMode 0x0 0x18002c088 0x30fa8 0x2ffa8
PlayMetaFileRecord 0x0 0x18002c090 0x30fb0 0x2ffb0
EnumMetaFile 0x0 0x18002c098 0x30fb8 0x2ffb8
DeleteEnhMetaFile 0x0 0x18002c0a0 0x30fc0 0x2ffc0
EnumEnhMetaFile 0x0 0x18002c0a8 0x30fc8 0x2ffc8
GetEnhMetaFileHeader 0x0 0x18002c0b0 0x30fd0 0x2ffd0
PlayEnhMetaFileRecord 0x0 0x18002c0b8 0x30fd8 0x2ffd8
GetViewportExtEx 0x0 0x18002c0c0 0x30fe0 0x2ffe0
CreateDIBSection 0x0 0x18002c0c8 0x30fe8 0x2ffe8
SetViewportExtEx 0x0 0x18002c0d0 0x30ff0 0x2fff0
SetWindowExtEx 0x0 0x18002c0d8 0x30ff8 0x2fff8
SetWindowOrgEx 0x0 0x18002c0e0 0x31000 0x30000
GetObjectA 0x0 0x18002c0e8 0x31008 0x30008
SetMetaFileBitsEx 0x0 0x18002c0f0 0x31010 0x30010
Escape 0x0 0x18002c0f8 0x31018 0x30018
GdiComment 0x0 0x18002c100 0x31020 0x30020
GetTextExtentPoint32A 0x0 0x18002c108 0x31028 0x30028
GetWindowExtEx 0x0 0x18002c110 0x31030 0x30030
SelectPalette 0x0 0x18002c118 0x31038 0x30038
RealizePalette 0x0 0x18002c120 0x31040 0x30040
gdiplus.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GdipEmfToWmfBits 0x0 0x18002c130 0x31050 0x30050
GdipRecordMetafile 0x0 0x18002c138 0x31058 0x30058
GdipGetHemfFromMetafile 0x0 0x18002c140 0x31060 0x30060
GdipDrawImageRectRectI 0x0 0x18002c148 0x31068 0x30068
GdipDeleteGraphics 0x0 0x18002c150 0x31070 0x30070
GdipBitmapUnlockBits 0x0 0x18002c158 0x31078 0x30078
GdipBitmapLockBits 0x0 0x18002c160 0x31080 0x30080
GdipCreateBitmapFromFileICM 0x0 0x18002c168 0x31088 0x30088
GdipGetImageFlags 0x0 0x18002c170 0x31090 0x30090
GdipGetImageVerticalResolution 0x0 0x18002c178 0x31098 0x30098
GdipGetImageHorizontalResolution 0x0 0x18002c180 0x310a0 0x300a0
GdipGetImageHeight 0x0 0x18002c188 0x310a8 0x300a8
GdipGetImageWidth 0x0 0x18002c190 0x310b0 0x300b0
GdipGetImageBounds 0x0 0x18002c198 0x310b8 0x300b8
GdipGetImageGraphicsContext 0x0 0x18002c1a0 0x310c0 0x300c0
GdipDisposeImage 0x0 0x18002c1a8 0x310c8 0x300c8
GdipLoadImageFromFileICM 0x0 0x18002c1b0 0x310d0 0x300d0
GdiplusShutdown 0x0 0x18002c1b8 0x310d8 0x300d8
GdiplusStartup 0x0 0x18002c1c0 0x310e0 0x300e0
KERNEL32.dll (49)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
FindClose 0x0 0x18002c1d0 0x310f0 0x300f0
FindFirstFileA 0x0 0x18002c1d8 0x310f8 0x300f8
FreeLibrary 0x0 0x18002c1e0 0x31100 0x30100
GetModuleHandleW 0x0 0x18002c1e8 0x31108 0x30108
GetProcAddress 0x0 0x18002c1f0 0x31110 0x30110
LoadLibraryExA 0x0 0x18002c1f8 0x31118 0x30118
lstrcmpA 0x0 0x18002c200 0x31120 0x30120
lstrlenA 0x0 0x18002c208 0x31128 0x30128
Sleep 0x0 0x18002c210 0x31130 0x30130
LoadLibraryA 0x0 0x18002c218 0x31138 0x30138
DecodePointer 0x0 0x18002c220 0x31140 0x30140
EncodePointer 0x0 0x18002c228 0x31148 0x30148
RaiseFailFastException 0x0 0x18002c230 0x31150 0x30150
HeapReAlloc 0x0 0x18002c238 0x31158 0x30158
MultiByteToWideChar 0x0 0x18002c240 0x31160 0x30160
MulDiv 0x0 0x18002c248 0x31168 0x30168
GlobalHandle 0x0 0x18002c250 0x31170 0x30170
GetLastError 0x0 0x18002c258 0x31178 0x30178
GetTickCount 0x0 0x18002c260 0x31180 0x30180
_llseek 0x0 0x18002c268 0x31188 0x30188
_lwrite 0x0 0x18002c270 0x31190 0x30190
_lread 0x0 0x18002c278 0x31198 0x30198
CloseHandle 0x0 0x18002c280 0x311a0 0x301a0
CreateFileA 0x0 0x18002c288 0x311a8 0x301a8
GlobalFree 0x0 0x18002c290 0x311b0 0x301b0
GlobalAlloc 0x0 0x18002c298 0x311b8 0x301b8
GlobalUnlock 0x0 0x18002c2a0 0x311c0 0x301c0
GlobalLock 0x0 0x18002c2a8 0x311c8 0x301c8
DeleteFileA 0x0 0x18002c2b0 0x311d0 0x301d0
RaiseException 0x0 0x18002c2b8 0x311d8 0x301d8
GetProcessHeap 0x0 0x18002c2c0 0x311e0 0x301e0
HeapFree 0x0 0x18002c2c8 0x311e8 0x301e8
HeapAlloc 0x0 0x18002c2d0 0x311f0 0x301f0
GetCurrentThreadId 0x0 0x18002c2d8 0x311f8 0x301f8
QueryPerformanceCounter 0x0 0x18002c2e0 0x31200 0x30200
HeapSetInformation 0x0 0x18002c2e8 0x31208 0x30208
GetCurrentProcessId 0x0 0x18002c2f0 0x31210 0x30210
GetSystemTimeAsFileTime 0x0 0x18002c2f8 0x31218 0x30218
VirtualProtect 0x0 0x18002c300 0x31220 0x30220
WerRegisterMemoryBlock 0x0 0x18002c308 0x31228 0x30228
TerminateProcess 0x0 0x18002c310 0x31230 0x30230
GetCurrentProcess 0x0 0x18002c318 0x31238 0x30238
UnhandledExceptionFilter 0x0 0x18002c320 0x31240 0x30240
SetUnhandledExceptionFilter 0x0 0x18002c328 0x31248 0x30248
IsDebuggerPresent 0x0 0x18002c330 0x31250 0x30250
RtlVirtualUnwind 0x0 0x18002c338 0x31258 0x30258
RtlLookupFunctionEntry 0x0 0x18002c340 0x31260 0x30260
RtlCaptureContext 0x0 0x18002c348 0x31268 0x30268
LocalAlloc 0x0 0x18002c350 0x31270 0x30270
MSVCR100.dll (32)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18002c360 0x31280 0x30280
?terminate@@YAXXZ 0x0 0x18002c368 0x31288 0x30288
__clean_type_info_names_internal 0x0 0x18002c370 0x31290 0x30290
_onexit 0x0 0x18002c378 0x31298 0x30298
_lock 0x0 0x18002c380 0x312a0 0x302a0
__dllonexit 0x0 0x18002c388 0x312a8 0x302a8
_unlock 0x0 0x18002c390 0x312b0 0x302b0
__crt_debugger_hook 0x0 0x18002c398 0x312b8 0x302b8
__CppXcptFilter 0x0 0x18002c3a0 0x312c0 0x302c0
_amsg_exit 0x0 0x18002c3a8 0x312c8 0x302c8
_encoded_null 0x0 0x18002c3b0 0x312d0 0x302d0
_initterm_e 0x0 0x18002c3b8 0x312d8 0x302d8
_initterm 0x0 0x18002c3c0 0x312e0 0x302e0
_malloc_crt 0x0 0x18002c3c8 0x312e8 0x302e8
__C_specific_handler 0x0 0x18002c3d0 0x312f0 0x302f0
floorf 0x0 0x18002c3d8 0x312f8 0x302f8
ceilf 0x0 0x18002c3e0 0x31300 0x30300
_CxxThrowException 0x0 0x18002c3e8 0x31308 0x30308
strstr 0x0 0x18002c3f0 0x31310 0x30310
atol 0x0 0x18002c3f8 0x31318 0x30318
_vsnprintf 0x0 0x18002c400 0x31320 0x30320
strcpy_s 0x0 0x18002c408 0x31328 0x30328
malloc 0x0 0x18002c410 0x31330 0x30330
sscanf_s 0x0 0x18002c418 0x31338 0x30338
free 0x0 0x18002c420 0x31340 0x30340
_dupenv_s 0x0 0x18002c428 0x31348 0x30348
longjmp 0x0 0x18002c430 0x31350 0x30350
sprintf_s 0x0 0x18002c438 0x31358 0x30358
memcpy 0x0 0x18002c440 0x31360 0x30360
memset 0x0 0x18002c448 0x31368 0x30368
_setjmp 0x0 0x18002c450 0x31370 0x30370
__CxxFrameHandler3 0x0 0x18002c458 0x31378 0x30378
Exports (12)
»
Api name EAT Address Ordinal
ExportGr 0x18001337c 0x4
GetFilterInfo 0x180013a58 0x1
GetFilterPref 0x180025b8c 0x3
ImportGr 0x180013c18 0x2
MSFFClose 0x1800012a0 0x8
MSFFControl 0x1800015d4 0xc
MSFFGetLine 0x180001358 0x9
MSFFOpen 0x180001000 0x7
MSFFPutLine 0x180001480 0xa
MSFFSeek 0x180001590 0xb
RegisterPercentCallback 0x1800139f0 0x6
SetFilterPref 0x180013cf8 0x5
Digital Signatures (2)
»
Signature Properties
InternalName jpegim32
FileVersion 2012.1500.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 2012.1500.4420.1017
FileDescription JPEG Import/Export Graphic Filter
OriginalFilename jpegim32.flt
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\grphflt\jpegim32.flt, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\jpegim32.flt (Modified File)
c:\program files\common files\microsoft shared\grphflt\jpegim32.flt.[sepsis@protonmail.com].sepsis (Created File)
Size 228.32 KB
Hash Values MD5: c185e0cfcb57b9a1866fc3e1ecbc94e0
SHA1: f95072cd0eef0145ae595554494e0d172ed6ced4
SHA256: 5118411007a7bc2795b566400c3994cae10b9d6960bfff4c1cd6d6b657333bd5
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.eps
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.eps (Modified File)
Size 14.71 KB
Hash Values MD5: 2d6e9b31482030d4fef06bce9365cc76
SHA1: 4058b74ba434624ebfea89962382dc10c3751f7d
SHA256: 984fc67b15e46d58020e218e7b63d4b07130410e456c38e15c180c1abedea377
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.eps, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.eps (Modified File)
c:\program files\common files\microsoft shared\grphflt\ms.eps.[sepsis@protonmail.com].sepsis (Created File)
Size 14.89 KB
Hash Values MD5: b89c66ae83ee319c47ef70aea07d4f6f
SHA1: 1657ceb6734e2283b199173665836d951c1b5ccb
SHA256: 2830f64ece6ec6cfe9a8350cb8e36fc6d7c4075a92f6af8739b3e21da3e36622
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.gif
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.gif (Modified File)
Size 1.04 KB
Hash Values MD5: 6936f4ee421c9242c660de4dfd7191b6
SHA1: 0ba478de375a06803fe995b44fe647ecb9343ad3
SHA256: 827f3149a54c5bcd6fc435953dca7a7806f76d6f9da89409d8763859233df933
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.gif, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.gif (Modified File)
c:\program files\common files\microsoft shared\grphflt\ms.gif.[sepsis@protonmail.com].sepsis (Created File)
Size 1.22 KB
Hash Values MD5: e8b4fcad81b1fc2f77bc2bbc86c74428
SHA1: 0edf6d2383163920e473e19114109abf26916aa8
SHA256: 3ba1141f77ad6cb0631528a39cfdebd4783ac5e957792c9c94f3a4db916cfc54
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.jpg
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.jpg (Modified File)
Size 1.04 KB
Hash Values MD5: a1b434ea0c57b8f8b234d7dddfd67d5f
SHA1: 96076c20a1ef80baff7f0ff7e8d5804133425735
SHA256: ffb1a4dd4b6da771d46def621cf71421051203606aa1d3b64b73e92606328ecb
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.jpg, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.jpg (Modified File)
c:\program files\common files\microsoft shared\grphflt\ms.jpg.[sepsis@protonmail.com].sepsis (Created File)
Size 1.21 KB
Hash Values MD5: bab08a48799d6bceabd6ffa69a45adff
SHA1: 912f5ceb4061fe42b901d97c5af31c4cb06350d0
SHA256: 4ff4728b8d7f3e8a7722a88f24d613b286cc5e79662ec763ea72fde87b60e90d
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.png
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.png (Modified File)
Size 1.64 KB
Hash Values MD5: 3a4407be2afbd8b0348459d72f94127d
SHA1: 15e832c2647e3b819fffe933bc19a4e22a64ad3e
SHA256: 39d247ae0014a175ec24ce5207b08f4017328cb1aae8916b046b5ac954899442
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.png, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.png (Modified File)
c:\program files\common files\microsoft shared\grphflt\ms.png.[sepsis@protonmail.com].sepsis (Created File)
Size 1.82 KB
Hash Values MD5: 0cfca8e12b1969e69a50d379d1e0b0a4
SHA1: d4940905210412d428d32beb2bdb4bcbaed3a583
SHA256: 756e173f860c789ec89215b77998efef4319aca90f3b0b570ec8c362c8314792
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.wpg
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.wpg (Modified File)
Size 1.35 KB
Hash Values MD5: ed21686acf6f81430b47aadd809139bf
SHA1: 5c02852a8b28fa336c273d0787a49641259f38a5
SHA256: beb31af1581af2866335bd0ad03d916b24c7bf6aeb707c703b6f40cfc8f0bced
Actions
...
c:\program files\common files\microsoft shared\grphflt\ms.wpg, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\ms.wpg (Modified File)
c:\program files\common files\microsoft shared\grphflt\ms.wpg.[sepsis@protonmail.com].sepsis (Created File)
Size 1.53 KB
Hash Values MD5: f8e664a4cdddccdd94a2e001a154d7c3
SHA1: 3b8d80d7538aaff83fd35ce50bdecfc965189c95
SHA256: 7b4b523dfb131121c8aa23cd3fc71dcd2fb2c2b6d6f7eb8537151d8499a48e0e
Actions
...
c:\program files\common files\microsoft shared\grphflt\pictim32.flt
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\pictim32.flt (Modified File)
Size 74.65 KB
Hash Values MD5: 54a242b8e991dcc59204db3001d6cc24
SHA1: 4d8d59da07b8d81046b0cab6758465127b0116ca
SHA256: 356c9cc04da8de17db7fbc3e8e5c980ea6a2b013cb99cdd4403462a5de2623e7
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18000be58
Size Of Code 0xb800
Size Of Initialized Data 0x6800
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:50:45
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xb79c 0xb800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.38
.rdata 0x18000d000 0x20b8 0x2200 0xbc00 CNT_INITIALIZED_DATA, MEM_READ 4.66
.data 0x180010000 0x30a8 0x1e00 0xde00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.89
.pdata 0x180014000 0x840 0xa00 0xfc00 CNT_INITIALIZED_DATA, MEM_READ 3.78
.rsrc 0x180015000 0x640 0x800 0x10600 CNT_INITIALIZED_DATA, MEM_READ 2.75
.reloc 0x180016000 0x50 0x200 0x10e00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 1.01
Imports (129)
»
ADVAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegCloseKey 0x0 0x18000d000 0xdba0 0xc7a0
RegCreateKeyExA 0x0 0x18000d008 0xdba8 0xc7a8
RegQueryValueExA 0x0 0x18000d010 0xdbb0 0xc7b0
RegSetValueExA 0x0 0x18000d018 0xdbb8 0xc7b8
RegOpenKeyExA 0x0 0x18000d020 0xdbc0 0xc7c0
EventWrite 0x0 0x18000d028 0xdbc8 0xc7c8
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x11 0x18000d038 0xdbd8 0xc7d8
GDI32.dll (51)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreatePenIndirect 0x0 0x18000d048 0xdbe8 0xc7e8
CreatePatternBrush 0x0 0x18000d050 0xdbf0 0xc7f0
DeleteObject 0x0 0x18000d058 0xdbf8 0xc7f8
Ellipse 0x0 0x18000d060 0xdc00 0xc800
GetStockObject 0x0 0x18000d068 0xdc08 0xc808
IntersectClipRect 0x0 0x18000d070 0xdc10 0xc810
LineTo 0x0 0x18000d078 0xdc18 0xc818
Pie 0x0 0x18000d080 0xdc20 0xc820
Rectangle 0x0 0x18000d088 0xdc28 0xc828
RestoreDC 0x0 0x18000d090 0xdc30 0xc830
RoundRect 0x0 0x18000d098 0xdc38 0xc838
SaveDC 0x0 0x18000d0a0 0xdc40 0xc840
SelectObject 0x0 0x18000d0a8 0xdc48 0xc848
SetBkColor 0x0 0x18000d0b0 0xdc50 0xc850
SetBkMode 0x0 0x18000d0b8 0xdc58 0xc858
SetROP2 0x0 0x18000d0c0 0xdc60 0xc860
SetStretchBltMode 0x0 0x18000d0c8 0xdc68 0xc868
SetTextCharacterExtra 0x0 0x18000d0d0 0xdc70 0xc870
SetTextColor 0x0 0x18000d0d8 0xdc78 0xc878
SetTextAlign 0x0 0x18000d0e0 0xdc80 0xc880
MoveToEx 0x0 0x18000d0e8 0xdc88 0xc888
Polygon 0x0 0x18000d0f0 0xdc90 0xc890
Polyline 0x0 0x18000d0f8 0xdc98 0xc898
CreatePen 0x0 0x18000d100 0xdca0 0xc8a0
CreateCompatibleBitmap 0x0 0x18000d108 0xdca8 0xc8a8
CreateCompatibleDC 0x0 0x18000d110 0xdcb0 0xc8b0
CreateDIBitmap 0x0 0x18000d118 0xdcb8 0xc8b8
CreateICA 0x0 0x18000d120 0xdcc0 0xc8c0
CreateMetaFileA 0x0 0x18000d128 0xdcc8 0xc8c8
DeleteDC 0x0 0x18000d130 0xdcd0 0xc8d0
DeleteMetaFile 0x0 0x18000d138 0xdcd8 0xc8d8
EnumFontsA 0x0 0x18000d140 0xdce0 0xc8e0
Escape 0x0 0x18000d148 0xdce8 0xc8e8
ExcludeClipRect 0x0 0x18000d150 0xdcf0 0xc8f0
PolyPolygon 0x0 0x18000d158 0xdcf8 0xc8f8
StretchDIBits 0x0 0x18000d160 0xdd00 0xc900
TextOutA 0x0 0x18000d168 0xdd08 0xc908
SetWindowExtEx 0x0 0x18000d170 0xdd10 0xc910
SetWindowOrgEx 0x0 0x18000d178 0xdd18 0xc918
GetDeviceCaps 0x0 0x18000d180 0xdd20 0xc920
PlayMetaFile 0x0 0x18000d188 0xdd28 0xc928
CloseEnhMetaFile 0x0 0x18000d190 0xdd30 0xc930
CreateEnhMetaFileA 0x0 0x18000d198 0xdd38 0xc938
DeleteEnhMetaFile 0x0 0x18000d1a0 0xdd40 0xc940
CreateBrushIndirect 0x0 0x18000d1a8 0xdd48 0xc948
GetViewportExtEx 0x0 0x18000d1b0 0xdd50 0xc950
GetWindowExtEx 0x0 0x18000d1b8 0xdd58 0xc958
CloseMetaFile 0x0 0x18000d1c0 0xdd60 0xc960
GetTextExtentPoint32A 0x0 0x18000d1c8 0xdd68 0xc968
CreateFontIndirectA 0x0 0x18000d1d0 0xdd70 0xc970
Arc 0x0 0x18000d1d8 0xdd78 0xc978
KERNEL32.dll (46)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GlobalUnlock 0x0 0x18000d1e8 0xdd88 0xc988
GlobalAlloc 0x0 0x18000d1f0 0xdd90 0xc990
GlobalReAlloc 0x0 0x18000d1f8 0xdd98 0xc998
GlobalFree 0x0 0x18000d200 0xdda0 0xc9a0
lstrcmpA 0x0 0x18000d208 0xdda8 0xc9a8
CreateFileA 0x0 0x18000d210 0xddb0 0xc9b0
CloseHandle 0x0 0x18000d218 0xddb8 0xc9b8
_lread 0x0 0x18000d220 0xddc0 0xc9c0
_llseek 0x0 0x18000d228 0xddc8 0xc9c8
GetVersionExA 0x0 0x18000d230 0xddd0 0xc9d0
lstrcmpiA 0x0 0x18000d238 0xddd8 0xc9d8
lstrlenA 0x0 0x18000d240 0xdde0 0xc9e0
IsDBCSLeadByte 0x0 0x18000d248 0xdde8 0xc9e8
GetSystemDefaultLangID 0x0 0x18000d250 0xddf0 0xc9f0
RaiseFailFastException 0x0 0x18000d258 0xddf8 0xc9f8
HeapAlloc 0x0 0x18000d260 0xde00 0xca00
HeapFree 0x0 0x18000d268 0xde08 0xca08
GetProcessHeap 0x0 0x18000d270 0xde10 0xca10
GetTickCount 0x0 0x18000d278 0xde18 0xca18
LocalAlloc 0x0 0x18000d280 0xde20 0xca20
RtlCaptureContext 0x0 0x18000d288 0xde28 0xca28
RtlLookupFunctionEntry 0x0 0x18000d290 0xde30 0xca30
RtlVirtualUnwind 0x0 0x18000d298 0xde38 0xca38
IsDebuggerPresent 0x0 0x18000d2a0 0xde40 0xca40
SetUnhandledExceptionFilter 0x0 0x18000d2a8 0xde48 0xca48
UnhandledExceptionFilter 0x0 0x18000d2b0 0xde50 0xca50
GetCurrentProcess 0x0 0x18000d2b8 0xde58 0xca58
TerminateProcess 0x0 0x18000d2c0 0xde60 0xca60
Sleep 0x0 0x18000d2c8 0xde68 0xca68
DecodePointer 0x0 0x18000d2d0 0xde70 0xca70
EncodePointer 0x0 0x18000d2d8 0xde78 0xca78
WerRegisterMemoryBlock 0x0 0x18000d2e0 0xde80 0xca80
VirtualProtect 0x0 0x18000d2e8 0xde88 0xca88
GetSystemTimeAsFileTime 0x0 0x18000d2f0 0xde90 0xca90
GetCurrentThreadId 0x0 0x18000d2f8 0xde98 0xca98
GetCurrentProcessId 0x0 0x18000d300 0xdea0 0xcaa0
HeapSetInformation 0x0 0x18000d308 0xdea8 0xcaa8
QueryPerformanceCounter 0x0 0x18000d310 0xdeb0 0xcab0
GetProcAddress 0x0 0x18000d318 0xdeb8 0xcab8
GetModuleHandleW 0x0 0x18000d320 0xdec0 0xcac0
FreeLibrary 0x0 0x18000d328 0xdec8 0xcac8
GlobalLock 0x0 0x18000d330 0xded0 0xcad0
GlobalSize 0x0 0x18000d338 0xded8 0xcad8
RaiseException 0x0 0x18000d340 0xdee0 0xcae0
GetLastError 0x0 0x18000d348 0xdee8 0xcae8
LoadLibraryA 0x0 0x18000d350 0xdef0 0xcaf0
MSVCR100.dll (25)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x18000d360 0xdf00 0xcb00
_lock 0x0 0x18000d368 0xdf08 0xcb08
__dllonexit 0x0 0x18000d370 0xdf10 0xcb10
_unlock 0x0 0x18000d378 0xdf18 0xcb18
__clean_type_info_names_internal 0x0 0x18000d380 0xdf20 0xcb20
__crt_debugger_hook 0x0 0x18000d388 0xdf28 0xcb28
__CppXcptFilter 0x0 0x18000d390 0xdf30 0xcb30
__C_specific_handler 0x0 0x18000d398 0xdf38 0xcb38
_amsg_exit 0x0 0x18000d3a0 0xdf40 0xcb40
_encoded_null 0x0 0x18000d3a8 0xdf48 0xcb48
free 0x0 0x18000d3b0 0xdf50 0xcb50
_initterm_e 0x0 0x18000d3b8 0xdf58 0xcb58
_initterm 0x0 0x18000d3c0 0xdf60 0xcb60
_malloc_crt 0x0 0x18000d3c8 0xdf68 0xcb68
strcpy_s 0x0 0x18000d3d0 0xdf70 0xcb70
strncmp 0x0 0x18000d3d8 0xdf78 0xcb78
isdigit 0x0 0x18000d3e0 0xdf80 0xcb80
sqrt 0x0 0x18000d3e8 0xdf88 0xcb88
sin 0x0 0x18000d3f0 0xdf90 0xcb90
memset 0x0 0x18000d3f8 0xdf98 0xcb98
floor 0x0 0x18000d400 0xdfa0 0xcba0
cos 0x0 0x18000d408 0xdfa8 0xcba8
ceil 0x0 0x18000d410 0xdfb0 0xcbb0
_vsnprintf 0x0 0x18000d418 0xdfb8 0xcbb8
memcpy 0x0 0x18000d420 0xdfc0 0xcbc0
Exports (8)
»
Api name EAT Address Ordinal
EnumFontFunc 0x180004194 0x7
GetFilterInfo 0x18000733c 0x1
GetFilterPref 0x180007460 0x3
ImportEmbeddedGr 0x1800075a4 0x5
ImportGr 0x180007468 0x2
QD2GDI 0x180007ec0 0x6
SetFilterPref 0x1800076e0 0x4
WEP 0x180007eb4 0x8
Digital Signatures (2)
»
Signature Properties
InternalName PICTIM32
FileVersion 2012.1500.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 2012.1500.4420.1017
FileDescription Microsoft PICT Import Filter
OriginalFilename PICTIM32.FLT
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-09-04 21:12
Valid to 2013-12-04 21:12
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\grphflt\pictim32.flt, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\pictim32.flt (Modified File)
c:\program files\common files\microsoft shared\grphflt\pictim32.flt.[sepsis@protonmail.com].sepsis (Created File)
Size 74.82 KB
Hash Values MD5: 8b806f7da233198cbec9960a05c1aafe
SHA1: b217f887daf47143da6375f76b17845caaa07383
SHA256: 040644b7a36c09f68d25f524e15f81c97ebced94342ad5d1cd3b07b6a4d24cef
Actions
...
c:\program files\common files\microsoft shared\grphflt\png32.flt
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\png32.flt (Modified File)
Size 271.66 KB
Hash Values MD5: 4bbfc518967193c7be4a6d7838bd3999
SHA1: 4f7fe874ad2827dc11340e8ecfb83a844aa502d2
SHA256: 7bdd886c4abc19050d69dc8d0ffa51228d9237884cd438331865b87262c8016c
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18002fd8c
Size Of Code 0x31000
Size Of Initialized Data 0x11a00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:50:45
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x30e38 0x31000 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.44
.rdata 0x180032000 0xce74 0xd000 0x31400 CNT_INITIALIZED_DATA, MEM_READ 5.72
.data 0x18003f000 0x1708 0xe00 0x3e400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 5.51
.pdata 0x180041000 0x25bc 0x2600 0x3f200 CNT_INITIALIZED_DATA, MEM_READ 5.43
.rsrc 0x180044000 0x7e8 0x800 0x41800 CNT_INITIALIZED_DATA, MEM_READ 3.27
.reloc 0x180045000 0x324 0x400 0x42000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.73
Imports (146)
»
ADVAPI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegCloseKey 0x0 0x180032000 0x3ad60 0x3a160
RegOpenKeyExA 0x0 0x180032008 0x3ad68 0x3a168
RegQueryValueExA 0x0 0x180032010 0x3ad70 0x3a170
RegCreateKeyExA 0x0 0x180032018 0x3ad78 0x3a178
RegEnumKeyExA 0x0 0x180032020 0x3ad80 0x3a180
RegSetValueExA 0x0 0x180032028 0x3ad88 0x3a188
EventWrite 0x0 0x180032030 0x3ad90 0x3a190
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x11 0x180032040 0x3ada0 0x3a1a0
GDI32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetViewportExtEx 0x0 0x180032050 0x3adb0 0x3a1b0
GetWindowExtEx 0x0 0x180032058 0x3adb8 0x3a1b8
CreateCompatibleDC 0x0 0x180032060 0x3adc0 0x3a1c0
DeleteDC 0x0 0x180032068 0x3adc8 0x3a1c8
DeleteObject 0x0 0x180032070 0x3add0 0x3a1d0
GetDeviceCaps 0x0 0x180032078 0x3add8 0x3a1d8
GetMetaFileBitsEx 0x0 0x180032080 0x3ade0 0x3a1e0
SelectObject 0x0 0x180032088 0x3ade8 0x3a1e8
SetMapMode 0x0 0x180032090 0x3adf0 0x3a1f0
PlayMetaFileRecord 0x0 0x180032098 0x3adf8 0x3a1f8
EnumMetaFile 0x0 0x1800320a0 0x3ae00 0x3a200
DeleteEnhMetaFile 0x0 0x1800320a8 0x3ae08 0x3a208
CreateMetaFileA 0x0 0x1800320b0 0x3ae10 0x3a210
GetEnhMetaFileHeader 0x0 0x1800320b8 0x3ae18 0x3a218
PlayEnhMetaFileRecord 0x0 0x1800320c0 0x3ae20 0x3a220
GetTextExtentPoint32A 0x0 0x1800320c8 0x3ae28 0x3a228
CreateDIBSection 0x0 0x1800320d0 0x3ae30 0x3a230
SetViewportExtEx 0x0 0x1800320d8 0x3ae38 0x3a238
SetWindowExtEx 0x0 0x1800320e0 0x3ae40 0x3a240
SetWindowOrgEx 0x0 0x1800320e8 0x3ae48 0x3a248
GetObjectA 0x0 0x1800320f0 0x3ae50 0x3a250
SetMetaFileBitsEx 0x0 0x1800320f8 0x3ae58 0x3a258
Escape 0x0 0x180032100 0x3ae60 0x3a260
GdiComment 0x0 0x180032108 0x3ae68 0x3a268
CloseMetaFile 0x0 0x180032110 0x3ae70 0x3a270
DeleteMetaFile 0x0 0x180032118 0x3ae78 0x3a278
EnumEnhMetaFile 0x0 0x180032120 0x3ae80 0x3a280
RealizePalette 0x0 0x180032128 0x3ae88 0x3a288
SelectPalette 0x0 0x180032130 0x3ae90 0x3a290
gdiplus.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GdipEmfToWmfBits 0x0 0x180032140 0x3aea0 0x3a2a0
GdipRecordMetafile 0x0 0x180032148 0x3aea8 0x3a2a8
GdipGetHemfFromMetafile 0x0 0x180032150 0x3aeb0 0x3a2b0
GdipDrawImageRectRectI 0x0 0x180032158 0x3aeb8 0x3a2b8
GdipDeleteGraphics 0x0 0x180032160 0x3aec0 0x3a2c0
GdipBitmapUnlockBits 0x0 0x180032168 0x3aec8 0x3a2c8
GdipBitmapLockBits 0x0 0x180032170 0x3aed0 0x3a2d0
GdipCreateBitmapFromFileICM 0x0 0x180032178 0x3aed8 0x3a2d8
GdipGetImageFlags 0x0 0x180032180 0x3aee0 0x3a2e0
GdipGetImageVerticalResolution 0x0 0x180032188 0x3aee8 0x3a2e8
GdipGetImageHorizontalResolution 0x0 0x180032190 0x3aef0 0x3a2f0
GdipGetImageHeight 0x0 0x180032198 0x3aef8 0x3a2f8
GdipGetImageWidth 0x0 0x1800321a0 0x3af00 0x3a300
GdipGetImageBounds 0x0 0x1800321a8 0x3af08 0x3a308
GdipGetImageGraphicsContext 0x0 0x1800321b0 0x3af10 0x3a310
GdipDisposeImage 0x0 0x1800321b8 0x3af18 0x3a318
GdipLoadImageFromFileICM 0x0 0x1800321c0 0x3af20 0x3a320
GdiplusShutdown 0x0 0x1800321c8 0x3af28 0x3a328
GdiplusStartup 0x0 0x1800321d0 0x3af30 0x3a330
KERNEL32.dll (49)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
FindClose 0x0 0x1800321e0 0x3af40 0x3a340
FindFirstFileA 0x0 0x1800321e8 0x3af48 0x3a348
FreeLibrary 0x0 0x1800321f0 0x3af50 0x3a350
GetModuleHandleW 0x0 0x1800321f8 0x3af58 0x3a358
GetProcAddress 0x0 0x180032200 0x3af60 0x3a360
LoadLibraryExA 0x0 0x180032208 0x3af68 0x3a368
lstrcmpA 0x0 0x180032210 0x3af70 0x3a370
lstrlenA 0x0 0x180032218 0x3af78 0x3a378
Sleep 0x0 0x180032220 0x3af80 0x3a380
DecodePointer 0x0 0x180032228 0x3af88 0x3a388
EncodePointer 0x0 0x180032230 0x3af90 0x3a390
LoadLibraryA 0x0 0x180032238 0x3af98 0x3a398
RaiseFailFastException 0x0 0x180032240 0x3afa0 0x3a3a0
HeapReAlloc 0x0 0x180032248 0x3afa8 0x3a3a8
MultiByteToWideChar 0x0 0x180032250 0x3afb0 0x3a3b0
MulDiv 0x0 0x180032258 0x3afb8 0x3a3b8
GlobalHandle 0x0 0x180032260 0x3afc0 0x3a3c0
GetLastError 0x0 0x180032268 0x3afc8 0x3a3c8
GetTickCount 0x0 0x180032270 0x3afd0 0x3a3d0
_llseek 0x0 0x180032278 0x3afd8 0x3a3d8
_lwrite 0x0 0x180032280 0x3afe0 0x3a3e0
_lread 0x0 0x180032288 0x3afe8 0x3a3e8
CloseHandle 0x0 0x180032290 0x3aff0 0x3a3f0
CreateFileA 0x0 0x180032298 0x3aff8 0x3a3f8
GlobalFree 0x0 0x1800322a0 0x3b000 0x3a400
GlobalAlloc 0x0 0x1800322a8 0x3b008 0x3a408
GlobalUnlock 0x0 0x1800322b0 0x3b010 0x3a410
GlobalLock 0x0 0x1800322b8 0x3b018 0x3a418
DeleteFileA 0x0 0x1800322c0 0x3b020 0x3a420
GetProcessHeap 0x0 0x1800322c8 0x3b028 0x3a428
HeapFree 0x0 0x1800322d0 0x3b030 0x3a430
HeapAlloc 0x0 0x1800322d8 0x3b038 0x3a438
RaiseException 0x0 0x1800322e0 0x3b040 0x3a440
GetCurrentThreadId 0x0 0x1800322e8 0x3b048 0x3a448
QueryPerformanceCounter 0x0 0x1800322f0 0x3b050 0x3a450
HeapSetInformation 0x0 0x1800322f8 0x3b058 0x3a458
GetCurrentProcessId 0x0 0x180032300 0x3b060 0x3a460
GetSystemTimeAsFileTime 0x0 0x180032308 0x3b068 0x3a468
VirtualProtect 0x0 0x180032310 0x3b070 0x3a470
WerRegisterMemoryBlock 0x0 0x180032318 0x3b078 0x3a478
TerminateProcess 0x0 0x180032320 0x3b080 0x3a480
GetCurrentProcess 0x0 0x180032328 0x3b088 0x3a488
UnhandledExceptionFilter 0x0 0x180032330 0x3b090 0x3a490
SetUnhandledExceptionFilter 0x0 0x180032338 0x3b098 0x3a498
IsDebuggerPresent 0x0 0x180032340 0x3b0a0 0x3a4a0
RtlVirtualUnwind 0x0 0x180032348 0x3b0a8 0x3a4a8
RtlLookupFunctionEntry 0x0 0x180032350 0x3b0b0 0x3a4b0
RtlCaptureContext 0x0 0x180032358 0x3b0b8 0x3a4b8
LocalAlloc 0x0 0x180032360 0x3b0c0 0x3a4c0
MSVCR100.dll (41)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x180032370 0x3b0d0 0x3a4d0
?terminate@@YAXXZ 0x0 0x180032378 0x3b0d8 0x3a4d8
__clean_type_info_names_internal 0x0 0x180032380 0x3b0e0 0x3a4e0
__crt_debugger_hook 0x0 0x180032388 0x3b0e8 0x3a4e8
_onexit 0x0 0x180032390 0x3b0f0 0x3a4f0
_lock 0x0 0x180032398 0x3b0f8 0x3a4f8
__dllonexit 0x0 0x1800323a0 0x3b100 0x3a500
_unlock 0x0 0x1800323a8 0x3b108 0x3a508
__CppXcptFilter 0x0 0x1800323b0 0x3b110 0x3a510
_amsg_exit 0x0 0x1800323b8 0x3b118 0x3a518
_encoded_null 0x0 0x1800323c0 0x3b120 0x3a520
_initterm_e 0x0 0x1800323c8 0x3b128 0x3a528
_initterm 0x0 0x1800323d0 0x3b130 0x3a530
_malloc_crt 0x0 0x1800323d8 0x3b138 0x3a538
__C_specific_handler 0x0 0x1800323e0 0x3b140 0x3a540
strtod 0x0 0x1800323e8 0x3b148 0x3a548
malloc 0x0 0x1800323f0 0x3b150 0x3a550
free 0x0 0x1800323f8 0x3b158 0x3a558
pow 0x0 0x180032400 0x3b160 0x3a560
abort 0x0 0x180032408 0x3b168 0x3a568
strncpy 0x0 0x180032410 0x3b170 0x3a570
longjmp 0x0 0x180032418 0x3b178 0x3a578
fprintf 0x0 0x180032420 0x3b180 0x3a580
__iob_func 0x0 0x180032428 0x3b188 0x3a588
fread 0x0 0x180032430 0x3b190 0x3a590
fwrite 0x0 0x180032438 0x3b198 0x3a598
sprintf 0x0 0x180032440 0x3b1a0 0x3a5a0
memcmp 0x0 0x180032448 0x3b1a8 0x3a5a8
floorf 0x0 0x180032450 0x3b1b0 0x3a5b0
ceilf 0x0 0x180032458 0x3b1b8 0x3a5b8
__CxxFrameHandler3 0x0 0x180032460 0x3b1c0 0x3a5c0
_CxxThrowException 0x0 0x180032468 0x3b1c8 0x3a5c8
strstr 0x0 0x180032470 0x3b1d0 0x3a5d0
atol 0x0 0x180032478 0x3b1d8 0x3a5d8
_vsnprintf 0x0 0x180032480 0x3b1e0 0x3a5e0
_setjmp 0x0 0x180032488 0x3b1e8 0x3a5e8
memset 0x0 0x180032490 0x3b1f0 0x3a5f0
memcpy 0x0 0x180032498 0x3b1f8 0x3a5f8
ceil 0x0 0x1800324a0 0x3b200 0x3a600
strcpy_s 0x0 0x1800324a8 0x3b208 0x3a608
fflush 0x0 0x1800324b0 0x3b210 0x3a610
Exports (12)
»
Api name EAT Address Ordinal
ExportGr 0x18000413c 0x4
GetFilterInfo 0x1800048a0 0x1
GetFilterPref 0x1800150f4 0x3
ImportGr 0x180004a44 0x2
MSFFClose 0x1800013d0 0x8
MSFFControl 0x180001900 0xc
MSFFGetLine 0x1800014e4 0x9
MSFFOpen 0x180001000 0x7
MSFFPutLine 0x180001648 0xa
MSFFSeek 0x1800018bc 0xb
RegisterPercentCallback 0x180004838 0x6
SetFilterPref 0x180004b24 0x5
Digital Signatures (2)
»
Signature Properties
InternalName png32
FileVersion 2012.1500.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 2012.1500.4420.1017
FileDescription PNG Import/Export Graphic Filter
OriginalFilename png32.flt
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-09-04 21:12
Valid to 2013-12-04 21:12
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\grphflt\png32.flt, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\png32.flt (Modified File)
c:\program files\common files\microsoft shared\grphflt\png32.flt.[sepsis@protonmail.com].sepsis (Created File)
Size 271.83 KB
Hash Values MD5: 8a86d7d639eb0ec65fa33f7c3bf3caec
SHA1: 88f03253366b74e934d6e8a075488e4d9de2f52e
SHA256: f3ed9aa3e03b266572274e6ee73e3608435015169625402032a03a2ec09129be
Actions
...
c:\program files\common files\microsoft shared\grphflt\wpgimp32.flt
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\wpgimp32.flt (Modified File)
Size 263.66 KB
Hash Values MD5: bcc1e13f8993204b6939b1d153fe3c44
SHA1: 313c4e1ad1507068beee561e0378fb491b871944
SHA256: a70572beede87eb6d3fc42d33d2dcffac69049e2d9f592ed330cd7e9c6e0aa87
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18002d238
Size Of Code 0x2d600
Size Of Initialized Data 0x13800
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:41:22
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x2d550 0x2d600 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.29
.rdata 0x18002f000 0xf428 0xf600 0x2da00 CNT_INITIALIZED_DATA, MEM_READ 3.14
.data 0x18003f000 0x23c0 0x1600 0x3d000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.21
.pdata 0x180042000 0x108c 0x1200 0x3e600 CNT_INITIALIZED_DATA, MEM_READ 4.9
.rsrc 0x180044000 0x948 0xa00 0x3f800 CNT_INITIALIZED_DATA, MEM_READ 3.35
.reloc 0x180045000 0x1f8 0x200 0x40200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.24
Imports (104)
»
ADVAPI32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegOpenKeyExA 0x0 0x18002f000 0x3c5a0 0x3afa0
RegQueryValueExA 0x0 0x18002f008 0x3c5a8 0x3afa8
EventWrite 0x0 0x18002f010 0x3c5b0 0x3afb0
GDI32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetStockObject 0x0 0x18002f020 0x3c5c0 0x3afc0
PolyPolygon 0x0 0x18002f028 0x3c5c8 0x3afc8
SelectObject 0x0 0x18002f030 0x3c5d0 0x3afd0
SetBkColor 0x0 0x18002f038 0x3c5d8 0x3afd8
SetBkMode 0x0 0x18002f040 0x3c5e0 0x3afe0
SetPolyFillMode 0x0 0x18002f048 0x3c5e8 0x3afe8
StretchDIBits 0x0 0x18002f050 0x3c5f0 0x3aff0
SetTextColor 0x0 0x18002f058 0x3c5f8 0x3aff8
Polygon 0x0 0x18002f060 0x3c600 0x3b000
Polyline 0x0 0x18002f068 0x3c608 0x3b008
CreateCompatibleDC 0x0 0x18002f070 0x3c610 0x3b010
CreateFontA 0x0 0x18002f078 0x3c618 0x3b018
DeleteDC 0x0 0x18002f080 0x3c620 0x3b020
EnumFontFamiliesA 0x0 0x18002f088 0x3c628 0x3b028
GetGlyphOutlineA 0x0 0x18002f090 0x3c630 0x3b030
CloseMetaFile 0x0 0x18002f098 0x3c638 0x3b038
CreateMetaFileA 0x0 0x18002f0a0 0x3c640 0x3b040
DeleteMetaFile 0x0 0x18002f0a8 0x3c648 0x3b048
PlayMetaFile 0x0 0x18002f0b0 0x3c650 0x3b050
Rectangle 0x0 0x18002f0b8 0x3c658 0x3b058
SetWindowExtEx 0x0 0x18002f0c0 0x3c660 0x3b060
SetWindowOrgEx 0x0 0x18002f0c8 0x3c668 0x3b068
CreatePen 0x0 0x18002f0d0 0x3c670 0x3b070
CreatePatternBrush 0x0 0x18002f0d8 0x3c678 0x3b078
CreateSolidBrush 0x0 0x18002f0e0 0x3c680 0x3b080
CreateBitmap 0x0 0x18002f0e8 0x3c688 0x3b088
DeleteObject 0x0 0x18002f0f0 0x3c690 0x3b090
KERNEL32.dll (41)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
lstrlenA 0x0 0x18002f100 0x3c6a0 0x3b0a0
GlobalHandle 0x0 0x18002f108 0x3c6a8 0x3b0a8
GlobalFree 0x0 0x18002f110 0x3c6b0 0x3b0b0
GetProfileStringA 0x0 0x18002f118 0x3c6b8 0x3b0b8
MulDiv 0x0 0x18002f120 0x3c6c0 0x3b0c0
GlobalSize 0x0 0x18002f128 0x3c6c8 0x3b0c8
_lopen 0x0 0x18002f130 0x3c6d0 0x3b0d0
GlobalUnlock 0x0 0x18002f138 0x3c6d8 0x3b0d8
_lclose 0x0 0x18002f140 0x3c6e0 0x3b0e0
_llseek 0x0 0x18002f148 0x3c6e8 0x3b0e8
LocalAlloc 0x0 0x18002f150 0x3c6f0 0x3b0f0
RtlCaptureContext 0x0 0x18002f158 0x3c6f8 0x3b0f8
RtlLookupFunctionEntry 0x0 0x18002f160 0x3c700 0x3b100
RtlVirtualUnwind 0x0 0x18002f168 0x3c708 0x3b108
IsDebuggerPresent 0x0 0x18002f170 0x3c710 0x3b110
SetUnhandledExceptionFilter 0x0 0x18002f178 0x3c718 0x3b118
UnhandledExceptionFilter 0x0 0x18002f180 0x3c720 0x3b120
GetCurrentProcess 0x0 0x18002f188 0x3c728 0x3b128
TerminateProcess 0x0 0x18002f190 0x3c730 0x3b130
Sleep 0x0 0x18002f198 0x3c738 0x3b138
LoadLibraryA 0x0 0x18002f1a0 0x3c740 0x3b140
DecodePointer 0x0 0x18002f1a8 0x3c748 0x3b148
EncodePointer 0x0 0x18002f1b0 0x3c750 0x3b150
WerRegisterMemoryBlock 0x0 0x18002f1b8 0x3c758 0x3b158
VirtualProtect 0x0 0x18002f1c0 0x3c760 0x3b160
GetTickCount 0x0 0x18002f1c8 0x3c768 0x3b168
GetSystemTimeAsFileTime 0x0 0x18002f1d0 0x3c770 0x3b170
GetCurrentThreadId 0x0 0x18002f1d8 0x3c778 0x3b178
GetCurrentProcessId 0x0 0x18002f1e0 0x3c780 0x3b180
HeapSetInformation 0x0 0x18002f1e8 0x3c788 0x3b188
GetProcessHeap 0x0 0x18002f1f0 0x3c790 0x3b190
QueryPerformanceCounter 0x0 0x18002f1f8 0x3c798 0x3b198
GetLastError 0x0 0x18002f200 0x3c7a0 0x3b1a0
GetProcAddress 0x0 0x18002f208 0x3c7a8 0x3b1a8
GetModuleHandleW 0x0 0x18002f210 0x3c7b0 0x3b1b0
FreeLibrary 0x0 0x18002f218 0x3c7b8 0x3b1b8
GlobalLock 0x0 0x18002f220 0x3c7c0 0x3b1c0
GlobalAlloc 0x0 0x18002f228 0x3c7c8 0x3b1c8
RaiseException 0x0 0x18002f230 0x3c7d0 0x3b1d0
_lread 0x0 0x18002f238 0x3c7d8 0x3b1d8
lstrcmpA 0x0 0x18002f240 0x3c7e0 0x3b1e0
MSVCR100.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?terminate@@YAXXZ 0x0 0x18002f250 0x3c7f0 0x3b1f0
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18002f258 0x3c7f8 0x3b1f8
_onexit 0x0 0x18002f260 0x3c800 0x3b200
_lock 0x0 0x18002f268 0x3c808 0x3b208
__dllonexit 0x0 0x18002f270 0x3c810 0x3b210
_unlock 0x0 0x18002f278 0x3c818 0x3b218
__clean_type_info_names_internal 0x0 0x18002f280 0x3c820 0x3b220
__crt_debugger_hook 0x0 0x18002f288 0x3c828 0x3b228
__CppXcptFilter 0x0 0x18002f290 0x3c830 0x3b230
__C_specific_handler 0x0 0x18002f298 0x3c838 0x3b238
_amsg_exit 0x0 0x18002f2a0 0x3c840 0x3b240
_encoded_null 0x0 0x18002f2a8 0x3c848 0x3b248
free 0x0 0x18002f2b0 0x3c850 0x3b250
_initterm_e 0x0 0x18002f2b8 0x3c858 0x3b258
_initterm 0x0 0x18002f2c0 0x3c860 0x3b260
_malloc_crt 0x0 0x18002f2c8 0x3c868 0x3b268
_setjmp 0x0 0x18002f2d0 0x3c870 0x3b270
??3@YAXPEAX@Z 0x0 0x18002f2d8 0x3c878 0x3b278
??2@YAPEAX_K@Z 0x0 0x18002f2e0 0x3c880 0x3b280
atan2f 0x0 0x18002f2e8 0x3c888 0x3b288
sqrt 0x0 0x18002f2f0 0x3c890 0x3b290
strcpy_s 0x0 0x18002f2f8 0x3c898 0x3b298
memset 0x0 0x18002f300 0x3c8a0 0x3b2a0
sqrtf 0x0 0x18002f308 0x3c8a8 0x3b2a8
sin 0x0 0x18002f310 0x3c8b0 0x3b2b0
cos 0x0 0x18002f318 0x3c8b8 0x3b2b8
__CxxFrameHandler3 0x0 0x18002f320 0x3c8c0 0x3b2c0
sinf 0x0 0x18002f328 0x3c8c8 0x3b2c8
memcpy 0x0 0x18002f330 0x3c8d0 0x3b2d0
cosf 0x0 0x18002f338 0x3c8d8 0x3b2d8
_invalid_parameter_noinfo_noreturn 0x0 0x18002f340 0x3c8e0 0x3b2e0
atan2 0x0 0x18002f348 0x3c8e8 0x3b2e8
longjmp 0x0 0x18002f350 0x3c8f0 0x3b2f0
Exports (5)
»
Api name EAT Address Ordinal
DllMain 0x18002c564 0xc
GetFilterInfo 0x18002c588 0x1
GetFilterPref 0x180004fb0 0x3
ImportEmbeddedGr 0x18002b710 0x4
ImportGr 0x18002b6ec 0x2
Digital Signatures (2)
»
Signature Properties
InternalName wpgimp32
FileVersion 2012.1500.4420.1017
CompanyName Access Softek, Inc.
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 2012.1500.4420.1017
FileDescription WordPerfect Graphic Import Filter
OriginalFilename WPGIMP32.FLT
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-09-04 21:12
Valid to 2013-12-04 21:12
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\grphflt\wpgimp32.flt, ...
»
File Properties
Names c:\program files\common files\microsoft shared\grphflt\wpgimp32.flt (Modified File)
c:\program files\common files\microsoft shared\grphflt\wpgimp32.flt.[sepsis@protonmail.com].sepsis (Created File)
Size 263.83 KB
Hash Values MD5: 31d015ed828cc0b1709be03f1683e558
SHA1: 5e4b26033a9a29e2121387bc461ae02e3ac8a8b2
SHA256: b9109453cf2bfbb128159f934a3e67faff1a4ee8f38b76d1bf3b22e3a5987550
Actions
...
c:\program files\common files\microsoft shared\help\hx.hxc
»
File Properties
Names c:\program files\common files\microsoft shared\help\hx.hxc (Modified File)
Size 0.78 KB
Hash Values MD5: fc6f9e1fd2cd944dffd548bae8ab2fc3
SHA1: 18ea2e4bde2874472efcc16a43c8c9774acd37fa
SHA256: 24f3d1d585a06151ddacbfb1ee9512f554348d1e2bd8f8e3bd1bce3f0501f919
Actions
...
c:\program files\common files\microsoft shared\help\hx.hxc, ...
»
File Properties
Names c:\program files\common files\microsoft shared\help\hx.hxc (Modified File)
c:\program files\common files\microsoft shared\help\hx.hxc.[sepsis@protonmail.com].sepsis (Created File)
Size 0.96 KB
Hash Values MD5: 5a910a305d21654241d1881dd6b2ca98
SHA1: fac1e073a5820950c7805fac75380def45b93976
SHA256: 52f465b6655509ec4d8dd902ed101d69f88fc5160ba515357c5b2e8035c7a306
Actions
...
c:\program files\common files\microsoft shared\help\hx.hxt
»
File Properties
Names c:\program files\common files\microsoft shared\help\hx.hxt (Modified File)
Size 0.17 KB
Hash Values MD5: 868dec059e20c7f28ba2805e6b047e44
SHA1: ed0f824a2319e2009dd8cd66cb3bfdb4035177e4
SHA256: 137bf5ec736bd430929690afc8fc92e999c8cfe08a4235d599cd1fdec9075762
Actions
...
c:\program files\common files\microsoft shared\help\hx.hxt, ...
»
File Properties
Names c:\program files\common files\microsoft shared\help\hx.hxt (Modified File)
c:\program files\common files\microsoft shared\help\hx.hxt.[sepsis@protonmail.com].sepsis (Created File)
Size 0.34 KB
Hash Values MD5: 332f8938a6dde0047ebf514b38118915
SHA1: 11258317cb082042b126f9d0a4d1332b98a52f6e
SHA256: 3729ee9975b714fef76a42b4d77fd4242fc8489f3c84c87f5088b3e4c7c45b55
Actions
...
c:\program files\common files\microsoft shared\help\hxds.dll
»
File Properties
Names c:\program files\common files\microsoft shared\help\hxds.dll (Modified File)
Size 1.18 MB
Hash Values MD5: 33061148aeaadf431d0580d42dad55bb
SHA1: a02a0e367bf58098c05031739050e8d64b02001c
SHA256: d839ddc0780bdb9a01632a79d065fa5e050ebd45961ac3c73039c522248b624c
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x1800645f8
Size Of Code 0x93c00
Size Of Initialized Data 0x9ae00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:49:24
Compiler/Packer Unknown
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x9374c 0x93800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.38
.rdata 0x180095000 0x406a8 0x40800 0x93c00 CNT_INITIALIZED_DATA, MEM_READ 4.16
.data 0x1800d6000 0xe910 0xbc00 0xd4400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.46
.pdata 0x1800e5000 0x9390 0x9400 0xe0000 CNT_INITIALIZED_DATA, MEM_READ 5.88
text 0x1800ef000 0x2a1 0x400 0xe9400 CNT_CODE, CNT_INITIALIZED_DATA, MEM_EXECUTE 4.05
data 0x1800f0000 0x19e0 0x1a00 0xe9800 CNT_INITIALIZED_DATA, MEM_READ 6.78
.rsrc 0x1800f2000 0x3eb78 0x3ec00 0xeb200 CNT_INITIALIZED_DATA, MEM_READ 5.43
.reloc 0x180131000 0x2078 0x2200 0x129e00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.39
Imports (249)
»
KERNEL32.dll (158)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RaiseException 0x0 0x180095000 0xb5780 0xb4380
SetLastError 0x0 0x180095008 0xb5788 0xb4388
ReleaseSemaphore 0x0 0x180095010 0xb5790 0xb4390
WaitForSingleObject 0x0 0x180095018 0xb5798 0xb4398
GetCurrentProcess 0x0 0x180095020 0xb57a0 0xb43a0
GetCurrentThreadId 0x0 0x180095028 0xb57a8 0xb43a8
FlushInstructionCache 0x0 0x180095030 0xb57b0 0xb43b0
GetVersionExW 0x0 0x180095038 0xb57b8 0xb43b8
GlobalAlloc 0x0 0x180095040 0xb57c0 0xb43c0
GlobalLock 0x0 0x180095048 0xb57c8 0xb43c8
GlobalUnlock 0x0 0x180095050 0xb57d0 0xb43d0
GlobalFree 0x0 0x180095058 0xb57d8 0xb43d8
MulDiv 0x0 0x180095060 0xb57e0 0xb43e0
lstrcmpW 0x0 0x180095068 0xb57e8 0xb43e8
CreateSemaphoreW 0x0 0x180095070 0xb57f0 0xb43f0
GetTempFileNameA 0x0 0x180095078 0xb57f8 0xb43f8
GetEnvironmentVariableA 0x0 0x180095080 0xb5800 0xb4400
GetEnvironmentVariableW 0x0 0x180095088 0xb5808 0xb4408
GetWindowsDirectoryA 0x0 0x180095090 0xb5810 0xb4410
GetWindowsDirectoryW 0x0 0x180095098 0xb5818 0xb4418
MoveFileExW 0x0 0x1800950a0 0xb5820 0xb4420
CreateFileA 0x0 0x1800950a8 0xb5828 0xb4428
GetFileAttributesA 0x0 0x1800950b0 0xb5830 0xb4430
SetFileAttributesA 0x0 0x1800950b8 0xb5838 0xb4438
GetFullPathNameW 0x0 0x1800950c0 0xb5840 0xb4440
GetFileInformationByHandle 0x0 0x1800950c8 0xb5848 0xb4448
OutputDebugStringW 0x0 0x1800950d0 0xb5850 0xb4450
InitializeCriticalSectionAndSpinCount 0x0 0x1800950d8 0xb5858 0xb4458
DisableThreadLibraryCalls 0x0 0x1800950e0 0xb5860 0xb4460
LoadLibraryExW 0x0 0x1800950e8 0xb5868 0xb4468
LoadResource 0x0 0x1800950f0 0xb5870 0xb4470
SizeofResource 0x0 0x1800950f8 0xb5878 0xb4478
lstrcmpiW 0x0 0x180095100 0xb5880 0xb4480
FindResourceW 0x0 0x180095108 0xb5888 0xb4488
GetSystemDirectoryA 0x0 0x180095110 0xb5890 0xb4490
LocalAlloc 0x0 0x180095118 0xb5898 0xb4498
LocalFree 0x0 0x180095120 0xb58a0 0xb44a0
GlobalSize 0x0 0x180095128 0xb58a8 0xb44a8
LockResource 0x0 0x180095130 0xb58b0 0xb44b0
GetCurrentThread 0x0 0x180095138 0xb58b8 0xb44b8
GetUserDefaultLCID 0x0 0x180095140 0xb58c0 0xb44c0
FlsSetValue 0x0 0x180095148 0xb58c8 0xb44c8
GetCommandLineA 0x0 0x180095150 0xb58d0 0xb44d0
EncodePointer 0x0 0x180095158 0xb58d8 0xb44d8
DecodePointer 0x0 0x180095160 0xb58e0 0xb44e0
TerminateProcess 0x0 0x180095168 0xb58e8 0xb44e8
UnhandledExceptionFilter 0x0 0x180095170 0xb58f0 0xb44f0
SetUnhandledExceptionFilter 0x0 0x180095178 0xb58f8 0xb44f8
GetTempPathW 0x0 0x180095180 0xb5900 0xb4500
RtlVirtualUnwind 0x0 0x180095188 0xb5908 0xb4508
RtlLookupFunctionEntry 0x0 0x180095190 0xb5910 0xb4510
RtlCaptureContext 0x0 0x180095198 0xb5918 0xb4518
RtlUnwindEx 0x0 0x1800951a0 0xb5920 0xb4520
HeapFree 0x0 0x1800951a8 0xb5928 0xb4528
HeapAlloc 0x0 0x1800951b0 0xb5930 0xb4530
HeapReAlloc 0x0 0x1800951b8 0xb5938 0xb4538
RtlPcToFileHeader 0x0 0x1800951c0 0xb5940 0xb4540
VirtualProtect 0x0 0x1800951c8 0xb5948 0xb4548
VirtualAlloc 0x0 0x1800951d0 0xb5950 0xb4550
SetThreadStackGuarantee 0x0 0x1800951d8 0xb5958 0xb4558
GetSystemInfo 0x0 0x1800951e0 0xb5960 0xb4560
VirtualQuery 0x0 0x1800951e8 0xb5968 0xb4568
FlsGetValue 0x0 0x1800951f0 0xb5970 0xb4570
FlsFree 0x0 0x1800951f8 0xb5978 0xb4578
FlsAlloc 0x0 0x180095200 0xb5980 0xb4580
ExitProcess 0x0 0x180095208 0xb5988 0xb4588
SetHandleCount 0x0 0x180095210 0xb5990 0xb4590
GetStdHandle 0x0 0x180095218 0xb5998 0xb4598
GetStartupInfoW 0x0 0x180095220 0xb59a0 0xb45a0
GetModuleFileNameA 0x0 0x180095228 0xb59a8 0xb45a8
FreeEnvironmentStringsW 0x0 0x180095230 0xb59b0 0xb45b0
GetEnvironmentStringsW 0x0 0x180095238 0xb59b8 0xb45b8
HeapSetInformation 0x0 0x180095240 0xb59c0 0xb45c0
GetVersion 0x0 0x180095248 0xb59c8 0xb45c8
HeapCreate 0x0 0x180095250 0xb59d0 0xb45d0
HeapDestroy 0x0 0x180095258 0xb59d8 0xb45d8
QueryPerformanceCounter 0x0 0x180095260 0xb59e0 0xb45e0
GetCurrentProcessId 0x0 0x180095268 0xb59e8 0xb45e8
HeapSize 0x0 0x180095270 0xb59f0 0xb45f0
GetCPInfo 0x0 0x180095278 0xb59f8 0xb45f8
GetACP 0x0 0x180095280 0xb5a00 0xb4600
GetOEMCP 0x0 0x180095288 0xb5a08 0xb4608
IsValidCodePage 0x0 0x180095290 0xb5a10 0xb4610
GetStringTypeW 0x0 0x180095298 0xb5a18 0xb4618
LoadLibraryW 0x0 0x1800952a0 0xb5a20 0xb4620
LCMapStringW 0x0 0x1800952a8 0xb5a28 0xb4628
GetLocaleInfoA 0x0 0x1800952b0 0xb5a30 0xb4630
GetConsoleCP 0x0 0x1800952b8 0xb5a38 0xb4638
GetConsoleMode 0x0 0x1800952c0 0xb5a40 0xb4640
SetStdHandle 0x0 0x1800952c8 0xb5a48 0xb4648
FlushFileBuffers 0x0 0x1800952d0 0xb5a50 0xb4650
WriteConsoleW 0x0 0x1800952d8 0xb5a58 0xb4658
GetProcessHeap 0x0 0x1800952e0 0xb5a60 0xb4660
RemoveDirectoryW 0x0 0x1800952e8 0xb5a68 0xb4668
RemoveDirectoryA 0x0 0x1800952f0 0xb5a70 0xb4670
GetTempFileNameW 0x0 0x1800952f8 0xb5a78 0xb4678
GetFileType 0x0 0x180095300 0xb5a80 0xb4680
GetFileSize 0x0 0x180095308 0xb5a88 0xb4688
DeleteFileW 0x0 0x180095310 0xb5a90 0xb4690
DeleteFileA 0x0 0x180095318 0xb5a98 0xb4698
CreateFileW 0x0 0x180095320 0xb5aa0 0xb46a0
CreateDirectoryW 0x0 0x180095328 0xb5aa8 0xb46a8
CreateDirectoryA 0x0 0x180095330 0xb5ab0 0xb46b0
IsValidLocale 0x0 0x180095338 0xb5ab8 0xb46b8
CopyFileW 0x0 0x180095340 0xb5ac0 0xb46c0
CopyFileA 0x0 0x180095348 0xb5ac8 0xb46c8
GetSystemTimeAsFileTime 0x0 0x180095350 0xb5ad0 0xb46d0
Sleep 0x0 0x180095358 0xb5ad8 0xb46d8
CloseHandle 0x0 0x180095360 0xb5ae0 0xb46e0
WriteFile 0x0 0x180095368 0xb5ae8 0xb46e8
SetFilePointer 0x0 0x180095370 0xb5af0 0xb46f0
SetEndOfFile 0x0 0x180095378 0xb5af8 0xb46f8
ReadFile 0x0 0x180095380 0xb5b00 0xb4700
FindNextFileW 0x0 0x180095388 0xb5b08 0xb4708
FindFirstFileW 0x0 0x180095390 0xb5b10 0xb4710
FindClose 0x0 0x180095398 0xb5b18 0xb4718
SetFileAttributesW 0x0 0x1800953a0 0xb5b20 0xb4720
GetFileAttributesW 0x0 0x1800953a8 0xb5b28 0xb4728
GetTickCount 0x0 0x1800953b0 0xb5b30 0xb4730
GetModuleFileNameW 0x0 0x1800953b8 0xb5b38 0xb4738
DeleteCriticalSection 0x0 0x1800953c0 0xb5b40 0xb4740
LeaveCriticalSection 0x0 0x1800953c8 0xb5b48 0xb4748
EnterCriticalSection 0x0 0x1800953d0 0xb5b50 0xb4750
InitializeCriticalSection 0x0 0x1800953d8 0xb5b58 0xb4758
GetSystemDefaultLangID 0x0 0x1800953e0 0xb5b60 0xb4760
OutputDebugStringA 0x0 0x1800953e8 0xb5b68 0xb4768
MultiByteToWideChar 0x0 0x1800953f0 0xb5b70 0xb4770
lstrlenW 0x0 0x1800953f8 0xb5b78 0xb4778
lstrlenA 0x0 0x180095400 0xb5b80 0xb4780
FormatMessageW 0x0 0x180095408 0xb5b88 0xb4788
FormatMessageA 0x0 0x180095410 0xb5b90 0xb4790
LoadLibraryExA 0x0 0x180095418 0xb5b98 0xb4798
GetProcAddress 0x0 0x180095420 0xb5ba0 0xb47a0
GetModuleHandleW 0x0 0x180095428 0xb5ba8 0xb47a8
FreeLibrary 0x0 0x180095430 0xb5bb0 0xb47b0
GetLastError 0x0 0x180095438 0xb5bb8 0xb47b8
WideCharToMultiByte 0x0 0x180095440 0xb5bc0 0xb47c0
SetErrorMode 0x0 0x180095448 0xb5bc8 0xb47c8
IsDebuggerPresent 0x0 0x180095450 0xb5bd0 0xb47d0
GetDriveTypeA 0x0 0x180095458 0xb5bd8 0xb47d8
SetCurrentDirectoryW 0x0 0x180095460 0xb5be0 0xb47e0
SetEnvironmentVariableW 0x0 0x180095468 0xb5be8 0xb47e8
LoadLibraryA 0x0 0x180095470 0xb5bf0 0xb47f0
InterlockedPopEntrySList 0x0 0x180095478 0xb5bf8 0xb47f8
VirtualFree 0x0 0x180095480 0xb5c00 0xb4800
InterlockedPushEntrySList 0x0 0x180095488 0xb5c08 0xb4808
UnmapViewOfFile 0x0 0x180095490 0xb5c10 0xb4810
MapViewOfFile 0x0 0x180095498 0xb5c18 0xb4818
CreateFileMappingW 0x0 0x1800954a0 0xb5c20 0xb4820
GetCurrentDirectoryW 0x0 0x1800954a8 0xb5c28 0xb4828
CompareStringA 0x0 0x1800954b0 0xb5c30 0xb4830
CompareStringW 0x0 0x1800954b8 0xb5c38 0xb4838
GetSystemDefaultLCID 0x0 0x1800954c0 0xb5c40 0xb4840
GetVersionExA 0x0 0x1800954c8 0xb5c48 0xb4848
GetTempPathA 0x0 0x1800954d0 0xb5c50 0xb4850
GetModuleHandleA 0x0 0x1800954d8 0xb5c58 0xb4858
FindResourceExW 0x0 0x1800954e0 0xb5c60 0xb4860
GetDiskFreeSpaceA 0x0 0x1800954e8 0xb5c68 0xb4868
GDI32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetObjectW 0x0 0x1800954f8 0xb5c78 0xb4878
SelectObject 0x0 0x180095500 0xb5c80 0xb4880
GetStockObject 0x0 0x180095508 0xb5c88 0xb4888
GetDeviceCaps 0x0 0x180095510 0xb5c90 0xb4890
DeleteObject 0x0 0x180095518 0xb5c98 0xb4898
DeleteDC 0x0 0x180095520 0xb5ca0 0xb48a0
CreateSolidBrush 0x0 0x180095528 0xb5ca8 0xb48a8
CreateCompatibleDC 0x0 0x180095530 0xb5cb0 0xb48b0
CreateCompatibleBitmap 0x0 0x180095538 0xb5cb8 0xb48b8
BitBlt 0x0 0x180095540 0xb5cc0 0xb48c0
GetTextExtentExPointW 0x0 0x180095548 0xb5cc8 0xb48c8
GetTextExtentExPointA 0x0 0x180095550 0xb5cd0 0xb48d0
VERSION.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VerQueryValueW 0x0 0x180095560 0xb5ce0 0xb48e0
VerQueryValueA 0x0 0x180095568 0xb5ce8 0xb48e8
GetFileVersionInfoA 0x0 0x180095570 0xb5cf0 0xb48f0
GetFileVersionInfoSizeA 0x0 0x180095578 0xb5cf8 0xb48f8
ADVAPI32.dll (26)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetNamedSecurityInfoW 0x0 0x180095588 0xb5d08 0xb4908
RevertToSelf 0x0 0x180095590 0xb5d10 0xb4910
MapGenericMask 0x0 0x180095598 0xb5d18 0xb4918
ImpersonateSelf 0x0 0x1800955a0 0xb5d20 0xb4920
AccessCheck 0x0 0x1800955a8 0xb5d28 0xb4928
OpenThreadToken 0x0 0x1800955b0 0xb5d30 0xb4930
OpenProcessToken 0x0 0x1800955b8 0xb5d38 0xb4938
SetEntriesInAclW 0x0 0x1800955c0 0xb5d40 0xb4940
SetSecurityDescriptorDacl 0x0 0x1800955c8 0xb5d48 0xb4948
InitializeSecurityDescriptor 0x0 0x1800955d0 0xb5d50 0xb4950
FreeSid 0x0 0x1800955d8 0xb5d58 0xb4958
AllocateAndInitializeSid 0x0 0x1800955e0 0xb5d60 0xb4960
RegQueryInfoKeyW 0x0 0x1800955e8 0xb5d68 0xb4968
RegEnumKeyExW 0x0 0x1800955f0 0xb5d70 0xb4970
RegDeleteKeyW 0x0 0x1800955f8 0xb5d78 0xb4978
RegQueryValueExA 0x0 0x180095600 0xb5d80 0xb4980
RegOpenKeyExA 0x0 0x180095608 0xb5d88 0xb4988
RegSetValueExW 0x0 0x180095610 0xb5d90 0xb4990
RegSetValueExA 0x0 0x180095618 0xb5d98 0xb4998
RegQueryValueExW 0x0 0x180095620 0xb5da0 0xb49a0
RegOpenKeyExW 0x0 0x180095628 0xb5da8 0xb49a8
RegDeleteValueW 0x0 0x180095630 0xb5db0 0xb49b0
RegDeleteValueA 0x0 0x180095638 0xb5db8 0xb49b8
RegCreateKeyExW 0x0 0x180095640 0xb5dc0 0xb49c0
RegCreateKeyExA 0x0 0x180095648 0xb5dc8 0xb49c8
RegCloseKey 0x0 0x180095650 0xb5dd0 0xb49d0
ole32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
OleLockRunning 0x0 0x180095660 0xb5de0 0xb49e0
OleUninitialize 0x0 0x180095668 0xb5de8 0xb49e8
CoCreateGuid 0x0 0x180095670 0xb5df0 0xb49f0
CoTaskMemAlloc 0x0 0x180095678 0xb5df8 0xb49f8
StringFromGUID2 0x0 0x180095680 0xb5e00 0xb4a00
CLSIDFromProgID 0x0 0x180095688 0xb5e08 0xb4a08
CLSIDFromString 0x0 0x180095690 0xb5e10 0xb4a10
CoCreateInstance 0x0 0x180095698 0xb5e18 0xb4a18
CoGetClassObject 0x0 0x1800956a0 0xb5e20 0xb4a20
CreateStreamOnHGlobal 0x0 0x1800956a8 0xb5e28 0xb4a28
CoRegisterMessageFilter 0x0 0x1800956b0 0xb5e30 0xb4a30
CoTaskMemFree 0x0 0x1800956b8 0xb5e38 0xb4a38
CoDisconnectObject 0x0 0x1800956c0 0xb5e40 0xb4a40
CoTaskMemRealloc 0x0 0x1800956c8 0xb5e48 0xb4a48
CoGetMalloc 0x0 0x1800956d0 0xb5e50 0xb4a50
CreateBindCtx 0x0 0x1800956d8 0xb5e58 0xb4a58
CreateItemMoniker 0x0 0x1800956e0 0xb5e60 0xb4a60
StringFromCLSID 0x0 0x1800956e8 0xb5e68 0xb4a68
CreatePointerMoniker 0x0 0x1800956f0 0xb5e70 0xb4a70
OleInitialize 0x0 0x1800956f8 0xb5e78 0xb4a78
OLEAUT32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VariantInit 0x8 0x180095708 0xb5e88 0xb4a88
VariantClear 0x9 0x180095710 0xb5e90 0xb4a90
SysStringLen 0x7 0x180095718 0xb5e98 0xb4a98
LoadTypeLib 0xa1 0x180095720 0xb5ea0 0xb4aa0
LoadRegTypeLib 0xa2 0x180095728 0xb5ea8 0xb4aa8
SysAllocStringLen 0x4 0x180095730 0xb5eb0 0xb4ab0
OleCreateFontIndirect 0x1a4 0x180095738 0xb5eb8 0xb4ab8
SetErrorInfo 0xc9 0x180095740 0xb5ec0 0xb4ac0
GetErrorInfo 0xc8 0x180095748 0xb5ec8 0xb4ac8
VarUI4FromStr 0x115 0x180095750 0xb5ed0 0xb4ad0
RegisterTypeLib 0xa3 0x180095758 0xb5ed8 0xb4ad8
UnRegisterTypeLib 0xba 0x180095760 0xb5ee0 0xb4ae0
SafeArrayAccessData 0x17 0x180095768 0xb5ee8 0xb4ae8
SafeArrayUnaccessData 0x18 0x180095770 0xb5ef0 0xb4af0
SafeArrayCreateVector 0x19b 0x180095778 0xb5ef8 0xb4af8
SysStringByteLen 0x95 0x180095780 0xb5f00 0xb4b00
SysAllocStringByteLen 0x96 0x180095788 0xb5f08 0xb4b08
CreateErrorInfo 0xca 0x180095790 0xb5f10 0xb4b10
SysFreeString 0x6 0x180095798 0xb5f18 0xb4b18
SysAllocString 0x2 0x1800957a0 0xb5f20 0xb4b20
WINSPOOL.DRV (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StartDocPrinterW 0x0 0x1800957b0 0xb5f30 0xb4b30
OpenPrinterA 0x0 0x1800957b8 0xb5f38 0xb4b38
OpenPrinterW 0x0 0x1800957c0 0xb5f40 0xb4b40
ClosePrinter 0x0 0x1800957c8 0xb5f48 0xb4b48
EndDocPrinter 0x0 0x1800957d0 0xb5f50 0xb4b50
EndPagePrinter 0x0 0x1800957d8 0xb5f58 0xb4b58
WritePrinter 0x0 0x1800957e0 0xb5f60 0xb4b60
StartDocPrinterA 0x0 0x1800957e8 0xb5f68 0xb4b68
StartPagePrinter 0x0 0x1800957f0 0xb5f70 0xb4b70
Exports (5)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x180042068 0x1
DllGetClassObject 0x180042044 0x2
DllRegisterServer 0x180042108 0x3
DllUnregisterServer 0x180042130 0x4
HxGetObjectCA 0x180050d60 0x5
Icons (110)
»
Digital Signatures (2)
»
Signature Properties
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName HXDS.DLL
FileVersion 5.70.51021.0
CompanyName Microsoft Corporation
ProductName Microsoft ® Help 2.7
ProductVersion 5.70.51021.0
FileDescription Microsoft® Help Data Services Module
OriginalFilename HXDS.DLL
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\help\hxds.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\help\hxds.dll (Modified File)
c:\program files\common files\microsoft shared\help\hxds.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 1.18 MB
Hash Values MD5: 667f6c344628b16b732846a33ef8729a
SHA1: b6813117ca3e3964cbda66d36123878616f8b285
SHA256: ce71b282e803bb143ce10e680678de427e9e6373d8625f046a7e877c4e2d2a4c
Actions
...
c:\program files\common files\microsoft shared\help\hxruntime.hxs
»
File Properties
Names c:\program files\common files\microsoft shared\help\hxruntime.hxs (Modified File)
Size 27.23 KB
Hash Values MD5: 382c886fd239f3df7e8b8d6958df8f2c
SHA1: 68772e09e649eca0b229976dce85d4e1c1c9b96e
SHA256: fe9702b0ec12b5d86a079f753c9e9cfe29f30714c34eb38904ea3d6a27a60961
Actions
...
PE Information
»
Information Value
Image Base 0x400000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0x0
Size Of Uninitialized Data 0x0
Format x86
Type Unknown
Subsystem IMAGE_SUBSYSTEM_UNKNOWN
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00:00
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rsrc 0x400188 0x374 0x400 0x188 CNT_INITIALIZED_DATA, MEM_READ 2.27
.its 0x40055c 0x18 0x200 0x55c CNT_INITIALIZED_DATA, MEM_READ 3.18
c:\program files\common files\microsoft shared\help\hxruntime.hxs, ...
»
File Properties
Names c:\program files\common files\microsoft shared\help\hxruntime.hxs (Modified File)
c:\program files\common files\microsoft shared\help\hxruntime.hxs.[sepsis@protonmail.com].sepsis (Created File)
Size 27.40 KB
Hash Values MD5: 69b22a0aa6b2e57404fc7f60f7de9894
SHA1: 94197a64b2dcf3c09550efd309060754b0de9398
SHA256: 156fc56ce03ae51a79ef0743bdfb5fc1336717d899a6f813446dc26d75cbadbc
Actions
...
c:\program files\common files\microsoft shared\help\itircl55.dll
»
File Properties
Names c:\program files\common files\microsoft shared\help\itircl55.dll (Modified File)
Size 1.72 MB
Hash Values MD5: f92f9c6dafe390da792c63d84b927672
SHA1: 8eee9b85789becb184ff6576ccc1113152cf5da1
SHA256: 7804a26e4e6e682fdf642c18a3dd7bd05aea429868f0c200b061cb62afdb0729
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18001a22c
Size Of Code 0x46800
Size Of Initialized Data 0x172600
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:43:41
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x466d0 0x46800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.38
.rdata 0x180048000 0x196ac 0x19800 0x46c00 CNT_INITIALIZED_DATA, MEM_READ 3.95
.data 0x180062000 0x14d150 0x14ae00 0x60400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 5.8
.pdata 0x1801b0000 0x40bc 0x4200 0x1ab200 CNT_INITIALIZED_DATA, MEM_READ 5.51
.rsrc 0x1801b5000 0x6148 0x6200 0x1af400 CNT_INITIALIZED_DATA, MEM_READ 5.42
.reloc 0x1801bc000 0x16e0 0x1800 0x1b5600 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.39
Imports (137)
»
KERNEL32.dll (111)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadLibraryExW 0x0 0x180048000 0x59940 0x58540
LoadResource 0x0 0x180048008 0x59948 0x58548
SizeofResource 0x0 0x180048010 0x59950 0x58550
lstrcmpiW 0x0 0x180048018 0x59958 0x58558
lstrlenW 0x0 0x180048020 0x59960 0x58560
FindResourceW 0x0 0x180048028 0x59968 0x58568
MultiByteToWideChar 0x0 0x180048030 0x59970 0x58570
GetLocaleInfoA 0x0 0x180048038 0x59978 0x58578
GetUserDefaultLCID 0x0 0x180048040 0x59980 0x58580
GlobalAlloc 0x0 0x180048048 0x59988 0x58588
GlobalReAlloc 0x0 0x180048050 0x59990 0x58590
GlobalLock 0x0 0x180048058 0x59998 0x58598
GlobalUnlock 0x0 0x180048060 0x599a0 0x585a0
GlobalFree 0x0 0x180048068 0x599a8 0x585a8
lstrlenA 0x0 0x180048070 0x599b0 0x585b0
WideCharToMultiByte 0x0 0x180048078 0x599b8 0x585b8
GetACP 0x0 0x180048080 0x599c0 0x585c0
CompareStringA 0x0 0x180048088 0x599c8 0x585c8
LCMapStringW 0x0 0x180048090 0x599d0 0x585d0
lstrcmpiA 0x0 0x180048098 0x599d8 0x585d8
GetCurrentThreadId 0x0 0x1800480a0 0x599e0 0x585e0
FlsSetValue 0x0 0x1800480a8 0x599e8 0x585e8
GetCommandLineA 0x0 0x1800480b0 0x599f0 0x585f0
DecodePointer 0x0 0x1800480b8 0x599f8 0x585f8
EncodePointer 0x0 0x1800480c0 0x59a00 0x58600
RtlPcToFileHeader 0x0 0x1800480c8 0x59a08 0x58608
RtlLookupFunctionEntry 0x0 0x1800480d0 0x59a10 0x58610
RtlUnwindEx 0x0 0x1800480d8 0x59a18 0x58618
TerminateProcess 0x0 0x1800480e0 0x59a20 0x58620
GetCurrentProcess 0x0 0x1800480e8 0x59a28 0x58628
UnhandledExceptionFilter 0x0 0x1800480f0 0x59a30 0x58630
SetUnhandledExceptionFilter 0x0 0x1800480f8 0x59a38 0x58638
IsDebuggerPresent 0x0 0x180048100 0x59a40 0x58640
RtlVirtualUnwind 0x0 0x180048108 0x59a48 0x58648
RtlCaptureContext 0x0 0x180048110 0x59a50 0x58650
HeapFree 0x0 0x180048118 0x59a58 0x58658
HeapAlloc 0x0 0x180048120 0x59a60 0x58660
FlsGetValue 0x0 0x180048128 0x59a68 0x58668
FlsFree 0x0 0x180048130 0x59a70 0x58670
SetLastError 0x0 0x180048138 0x59a78 0x58678
FlsAlloc 0x0 0x180048140 0x59a80 0x58680
Sleep 0x0 0x180048148 0x59a88 0x58688
ExitProcess 0x0 0x180048150 0x59a90 0x58690
SetHandleCount 0x0 0x180048158 0x59a98 0x58698
GetStdHandle 0x0 0x180048160 0x59aa0 0x586a0
GetFileType 0x0 0x180048168 0x59aa8 0x586a8
GetStartupInfoW 0x0 0x180048170 0x59ab0 0x586b0
GetModuleFileNameA 0x0 0x180048178 0x59ab8 0x586b8
FreeEnvironmentStringsW 0x0 0x180048180 0x59ac0 0x586c0
GetEnvironmentStringsW 0x0 0x180048188 0x59ac8 0x586c8
HeapSetInformation 0x0 0x180048190 0x59ad0 0x586d0
GetVersion 0x0 0x180048198 0x59ad8 0x586d8
HeapCreate 0x0 0x1800481a0 0x59ae0 0x586e0
HeapDestroy 0x0 0x1800481a8 0x59ae8 0x586e8
QueryPerformanceCounter 0x0 0x1800481b0 0x59af0 0x586f0
GetTickCount 0x0 0x1800481b8 0x59af8 0x586f8
GetCurrentProcessId 0x0 0x1800481c0 0x59b00 0x58700
GetProcAddress 0x0 0x1800481c8 0x59b08 0x58708
WriteFile 0x0 0x1800481d0 0x59b10 0x58710
HeapSize 0x0 0x1800481d8 0x59b18 0x58718
HeapReAlloc 0x0 0x1800481e0 0x59b20 0x58720
GetCPInfo 0x0 0x1800481e8 0x59b28 0x58728
GetOEMCP 0x0 0x1800481f0 0x59b30 0x58730
IsValidCodePage 0x0 0x1800481f8 0x59b38 0x58738
LoadLibraryW 0x0 0x180048200 0x59b40 0x58740
SetFilePointer 0x0 0x180048208 0x59b48 0x58748
GetConsoleCP 0x0 0x180048210 0x59b50 0x58750
GetConsoleMode 0x0 0x180048218 0x59b58 0x58758
GetStringTypeW 0x0 0x180048220 0x59b60 0x58760
SetStdHandle 0x0 0x180048228 0x59b68 0x58768
WriteConsoleW 0x0 0x180048230 0x59b70 0x58770
CreateFileW 0x0 0x180048238 0x59b78 0x58778
CloseHandle 0x0 0x180048240 0x59b80 0x58780
FlushFileBuffers 0x0 0x180048248 0x59b88 0x58788
GetModuleHandleW 0x0 0x180048250 0x59b90 0x58790
GetModuleFileNameW 0x0 0x180048258 0x59b98 0x58798
FreeLibrary 0x0 0x180048260 0x59ba0 0x587a0
DisableThreadLibraryCalls 0x0 0x180048268 0x59ba8 0x587a8
GetVersionExW 0x0 0x180048270 0x59bb0 0x587b0
RaiseException 0x0 0x180048278 0x59bb8 0x587b8
DeleteCriticalSection 0x0 0x180048280 0x59bc0 0x587c0
InitializeCriticalSectionAndSpinCount 0x0 0x180048288 0x59bc8 0x587c8
LeaveCriticalSection 0x0 0x180048290 0x59bd0 0x587d0
GlobalHandle 0x0 0x180048298 0x59bd8 0x587d8
GetWindowsDirectoryA 0x0 0x1800482a0 0x59be0 0x587e0
GetFullPathNameA 0x0 0x1800482a8 0x59be8 0x587e8
GetCurrentDirectoryA 0x0 0x1800482b0 0x59bf0 0x587f0
ReadFile 0x0 0x1800482b8 0x59bf8 0x587f8
EnterCriticalSection 0x0 0x1800482c0 0x59c00 0x58800
CreateFileA 0x0 0x1800482c8 0x59c08 0x58808
GetFileSize 0x0 0x1800482d0 0x59c10 0x58810
CreateFileMappingW 0x0 0x1800482d8 0x59c18 0x58818
MapViewOfFile 0x0 0x1800482e0 0x59c20 0x58820
InitializeCriticalSection 0x0 0x1800482e8 0x59c28 0x58828
SetEvent 0x0 0x1800482f0 0x59c30 0x58830
ResetEvent 0x0 0x1800482f8 0x59c38 0x58838
WaitForSingleObject 0x0 0x180048300 0x59c40 0x58840
CreateEventW 0x0 0x180048308 0x59c48 0x58848
VirtualAlloc 0x0 0x180048310 0x59c50 0x58850
VirtualFree 0x0 0x180048318 0x59c58 0x58858
DeleteFileA 0x0 0x180048320 0x59c60 0x58860
UnmapViewOfFile 0x0 0x180048328 0x59c68 0x58868
GetTempPathA 0x0 0x180048330 0x59c70 0x58870
GetTempFileNameA 0x0 0x180048338 0x59c78 0x58878
HeapValidate 0x0 0x180048340 0x59c80 0x58880
GetProcessHeap 0x0 0x180048348 0x59c88 0x58888
GetSystemDefaultLCID 0x0 0x180048350 0x59c90 0x58890
LocalAlloc 0x0 0x180048358 0x59c98 0x58898
LoadLibraryA 0x0 0x180048360 0x59ca0 0x588a0
GetSystemTimeAsFileTime 0x0 0x180048368 0x59ca8 0x588a8
GetLastError 0x0 0x180048370 0x59cb0 0x588b0
ADVAPI32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegQueryValueExA 0x0 0x180048380 0x59cc0 0x588c0
RegQueryValueExW 0x0 0x180048388 0x59cc8 0x588c8
RegSetValueExW 0x0 0x180048390 0x59cd0 0x588d0
RegQueryInfoKeyW 0x0 0x180048398 0x59cd8 0x588d8
RegOpenKeyExW 0x0 0x1800483a0 0x59ce0 0x588e0
RegEnumKeyExW 0x0 0x1800483a8 0x59ce8 0x588e8
RegDeleteValueW 0x0 0x1800483b0 0x59cf0 0x588f0
RegDeleteKeyW 0x0 0x1800483b8 0x59cf8 0x588f8
RegCreateKeyExW 0x0 0x1800483c0 0x59d00 0x58900
RegCloseKey 0x0 0x1800483c8 0x59d08 0x58908
RegOpenKeyExA 0x0 0x1800483d0 0x59d10 0x58910
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StringFromCLSID 0x0 0x1800483e0 0x59d20 0x58920
CoGetClassObject 0x0 0x1800483e8 0x59d28 0x58928
CoTaskMemFree 0x0 0x1800483f0 0x59d30 0x58930
CoTaskMemRealloc 0x0 0x1800483f8 0x59d38 0x58938
CoTaskMemAlloc 0x0 0x180048400 0x59d40 0x58940
StringFromGUID2 0x0 0x180048408 0x59d48 0x58948
CoCreateInstance 0x0 0x180048410 0x59d50 0x58950
CLSIDFromProgID 0x0 0x180048418 0x59d58 0x58958
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysFreeString 0x6 0x180048428 0x59d68 0x58968
SysAllocString 0x2 0x180048430 0x59d70 0x58970
SysStringLen 0x7 0x180048438 0x59d78 0x58978
UnRegisterTypeLib 0xba 0x180048440 0x59d80 0x58980
RegisterTypeLib 0xa3 0x180048448 0x59d88 0x58988
LoadTypeLib 0xa1 0x180048450 0x59d90 0x58990
VarUI4FromStr 0x115 0x180048458 0x59d98 0x58998
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x180003e4c 0x1
DllGetClassObject 0x180003e28 0x2
DllRegisterServer 0x180003e98 0x3
DllUnregisterServer 0x180003eb8 0x4
Digital Signatures (2)
»
Signature Properties
LegalCopyright Copyright © Microsoft Corp.
InternalName ITIRCL55
FileVersion 5.70.51021.0
CompanyName Microsoft Corporation
ProductName Microsoft ® Infotech Technology Library
ProductVersion 5.70.51021.0
FileDescription Microsoft® InfoTech IR Local DLL
OriginalFilename ITIRCL55.DLL
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\help\itircl55.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\help\itircl55.dll (Modified File)
c:\program files\common files\microsoft shared\help\itircl55.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 1.72 MB
Hash Values MD5: f24d563717ee2f63156fb105458c05a6
SHA1: 4a998e2f9733e243fda92b335f5d8ca35264dde5
SHA256: 27388703598ba072ce4802e4405458cc1a6a04bf11b8f8afe3d67aa62414e201
Actions
...
c:\program files\common files\microsoft shared\help\keywords.hxk
»
File Properties
Names c:\program files\common files\microsoft shared\help\keywords.hxk (Modified File)
Size 0.13 KB
Hash Values MD5: 9543c1e9a5d5f39bcfbebe1a07b76826
SHA1: dc38edfb5a39e3ac7e6d42810656ec888a24146e
SHA256: ecaa81ff698af2f4d795128d0d218b4171a69cc0c6a9bdcf52c92e0fc2454ad0
Actions
...
c:\program files\common files\microsoft shared\help\keywords.hxk, ...
»
File Properties
Names c:\program files\common files\microsoft shared\help\keywords.hxk (Modified File)
c:\program files\common files\microsoft shared\help\keywords.hxk.[sepsis@protonmail.com].sepsis (Created File)
Size 0.31 KB
Hash Values MD5: a090c1a1b74ff8085781f2b8e9924887
SHA1: a74ae3151765acf4ea9e0b7849e8d80c9aa100e6
SHA256: b20c0c3677553e1cc34f680aa1f13e7e10650cae310f1a594290967dd16f4a60
Actions
...
c:\program files\common files\microsoft shared\help\msitss55.dll
»
File Properties
Names c:\program files\common files\microsoft shared\help\msitss55.dll (Modified File)
Size 434.17 KB
Hash Values MD5: a74679c355958740b5165736414df2d2
SHA1: ef5e79accbf25fb1096345ed92fcac223d4a73b6
SHA256: cbd70817a676fff0dc1d70587f28313867f9e9783bdbae2b7191301d4cbe210b
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001ecc
Size Of Code 0x45800
Size Of Initialized Data 0x26a00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:52:07
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x45700 0x45800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.32
.rdata 0x180047000 0x196e8 0x19800 0x45c00 CNT_INITIALIZED_DATA, MEM_READ 4.37
.data 0x180061000 0x4f78 0x3800 0x5f400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.16
.pdata 0x180066000 0x408c 0x4200 0x62c00 CNT_INITIALIZED_DATA, MEM_READ 5.57
.rsrc 0x18006b000 0x31c8 0x3200 0x66e00 CNT_INITIALIZED_DATA, MEM_READ 3.98
.reloc 0x18006f000 0xc10 0xe00 0x6a000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.15
Imports (147)
»
KERNEL32.dll (115)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetProcAddress 0x0 0x180047000 0x53480 0x52080
GetModuleHandleW 0x0 0x180047008 0x53488 0x52088
ExitProcess 0x0 0x180047010 0x53490 0x52090
DecodePointer 0x0 0x180047018 0x53498 0x52098
SetHandleCount 0x0 0x180047020 0x534a0 0x520a0
GetStdHandle 0x0 0x180047028 0x534a8 0x520a8
InitializeCriticalSectionAndSpinCount 0x0 0x180047030 0x534b0 0x520b0
GetFileType 0x0 0x180047038 0x534b8 0x520b8
GetStartupInfoW 0x0 0x180047040 0x534c0 0x520c0
DeleteCriticalSection 0x0 0x180047048 0x534c8 0x520c8
FreeEnvironmentStringsW 0x0 0x180047050 0x534d0 0x520d0
GetEnvironmentStringsW 0x0 0x180047058 0x534d8 0x520d8
HeapSetInformation 0x0 0x180047060 0x534e0 0x520e0
GetVersion 0x0 0x180047068 0x534e8 0x520e8
HeapCreate 0x0 0x180047070 0x534f0 0x520f0
HeapDestroy 0x0 0x180047078 0x534f8 0x520f8
QueryPerformanceCounter 0x0 0x180047080 0x53500 0x52100
GetTickCount 0x0 0x180047088 0x53508 0x52108
GetCurrentProcessId 0x0 0x180047090 0x53510 0x52110
GetSystemTimeAsFileTime 0x0 0x180047098 0x53518 0x52118
UnhandledExceptionFilter 0x0 0x1800470a0 0x53520 0x52120
SetUnhandledExceptionFilter 0x0 0x1800470a8 0x53528 0x52128
IsDebuggerPresent 0x0 0x1800470b0 0x53530 0x52130
RtlVirtualUnwind 0x0 0x1800470b8 0x53538 0x52138
RtlLookupFunctionEntry 0x0 0x1800470c0 0x53540 0x52140
RtlCaptureContext 0x0 0x1800470c8 0x53548 0x52148
TerminateProcess 0x0 0x1800470d0 0x53550 0x52150
GetCurrentProcess 0x0 0x1800470d8 0x53558 0x52158
LeaveCriticalSection 0x0 0x1800470e0 0x53560 0x52160
EnterCriticalSection 0x0 0x1800470e8 0x53568 0x52168
GetCPInfo 0x0 0x1800470f0 0x53570 0x52170
GetACP 0x0 0x1800470f8 0x53578 0x52178
GetOEMCP 0x0 0x180047100 0x53580 0x52180
IsValidCodePage 0x0 0x180047108 0x53588 0x52188
HeapAlloc 0x0 0x180047110 0x53590 0x52190
HeapReAlloc 0x0 0x180047118 0x53598 0x52198
FreeLibrary 0x0 0x180047120 0x535a0 0x521a0
LoadLibraryW 0x0 0x180047128 0x535a8 0x521a8
WriteFile 0x0 0x180047130 0x535b0 0x521b0
GetModuleFileNameW 0x0 0x180047138 0x535b8 0x521b8
LCMapStringW 0x0 0x180047140 0x535c0 0x521c0
MultiByteToWideChar 0x0 0x180047148 0x535c8 0x521c8
GetStringTypeW 0x0 0x180047150 0x535d0 0x521d0
HeapSize 0x0 0x180047158 0x535d8 0x521d8
Sleep 0x0 0x180047160 0x535e0 0x521e0
HeapFree 0x0 0x180047168 0x535e8 0x521e8
FlsAlloc 0x0 0x180047170 0x535f0 0x521f0
GetLastError 0x0 0x180047178 0x535f8 0x521f8
SetLastError 0x0 0x180047180 0x53600 0x52200
FlsFree 0x0 0x180047188 0x53608 0x52208
FlsGetValue 0x0 0x180047190 0x53610 0x52210
CreateEventW 0x0 0x180047198 0x53618 0x52218
WaitForSingleObject 0x0 0x1800471a0 0x53620 0x52220
RaiseException 0x0 0x1800471a8 0x53628 0x52228
InitializeCriticalSection 0x0 0x1800471b0 0x53630 0x52230
LoadLibraryExA 0x0 0x1800471b8 0x53638 0x52238
LoadLibraryExW 0x0 0x1800471c0 0x53640 0x52240
LoadResource 0x0 0x1800471c8 0x53648 0x52248
SizeofResource 0x0 0x1800471d0 0x53650 0x52250
lstrcmpiW 0x0 0x1800471d8 0x53658 0x52258
lstrlenW 0x0 0x1800471e0 0x53660 0x52260
FindResourceW 0x0 0x1800471e8 0x53668 0x52268
GetLocaleInfoA 0x0 0x1800471f0 0x53670 0x52270
GetUserDefaultLCID 0x0 0x1800471f8 0x53678 0x52278
GetFileAttributesA 0x0 0x180047200 0x53680 0x52280
GetFileAttributesW 0x0 0x180047208 0x53688 0x52288
GetFullPathNameA 0x0 0x180047210 0x53690 0x52290
GetFullPathNameW 0x0 0x180047218 0x53698 0x52298
DeleteFileA 0x0 0x180047220 0x536a0 0x522a0
GetTempPathA 0x0 0x180047228 0x536a8 0x522a8
GetTempFileNameA 0x0 0x180047230 0x536b0 0x522b0
MoveFileA 0x0 0x180047238 0x536b8 0x522b8
FlushFileBuffers 0x0 0x180047240 0x536c0 0x522c0
GetFileSize 0x0 0x180047248 0x536c8 0x522c8
GetFileTime 0x0 0x180047250 0x536d0 0x522d0
LockFile 0x0 0x180047258 0x536d8 0x522d8
ReadFile 0x0 0x180047260 0x536e0 0x522e0
SetEndOfFile 0x0 0x180047268 0x536e8 0x522e8
SetFilePointer 0x0 0x180047270 0x536f0 0x522f0
SetFileTime 0x0 0x180047278 0x536f8 0x522f8
UnlockFile 0x0 0x180047280 0x53700 0x52300
CloseHandle 0x0 0x180047288 0x53708 0x52308
CreateFileA 0x0 0x180047290 0x53710 0x52310
DeleteFileW 0x0 0x180047298 0x53718 0x52318
GetDriveTypeA 0x0 0x1800472a0 0x53720 0x52320
CreateFileMappingW 0x0 0x1800472a8 0x53728 0x52328
MapViewOfFile 0x0 0x1800472b0 0x53730 0x52330
UnmapViewOfFile 0x0 0x1800472b8 0x53738 0x52338
MoveFileW 0x0 0x1800472c0 0x53740 0x52340
GetVolumeInformationA 0x0 0x1800472c8 0x53748 0x52348
GetCurrentDirectoryA 0x0 0x1800472d0 0x53750 0x52350
CreateDirectoryA 0x0 0x1800472d8 0x53758 0x52358
FindClose 0x0 0x1800472e0 0x53760 0x52360
FindFirstFileA 0x0 0x1800472e8 0x53768 0x52368
FindNextFileA 0x0 0x1800472f0 0x53770 0x52370
GlobalMemoryStatus 0x0 0x1800472f8 0x53778 0x52378
LocalAlloc 0x0 0x180047300 0x53780 0x52380
LoadLibraryA 0x0 0x180047308 0x53788 0x52388
RtlPcToFileHeader 0x0 0x180047310 0x53790 0x52390
EncodePointer 0x0 0x180047318 0x53798 0x52398
RtlUnwindEx 0x0 0x180047320 0x537a0 0x523a0
GetCommandLineA 0x0 0x180047328 0x537a8 0x523a8
FlsSetValue 0x0 0x180047330 0x537b0 0x523b0
GetCurrentThreadId 0x0 0x180047338 0x537b8 0x523b8
WideCharToMultiByte 0x0 0x180047340 0x537c0 0x523c0
lstrlenA 0x0 0x180047348 0x537c8 0x523c8
GetModuleFileNameA 0x0 0x180047350 0x537d0 0x523d0
ResetEvent 0x0 0x180047358 0x537d8 0x523d8
SetEvent 0x0 0x180047360 0x537e0 0x523e0
GetVersionExW 0x0 0x180047368 0x537e8 0x523e8
GetFileAttributesExW 0x0 0x180047370 0x537f0 0x523f0
GetFileAttributesExA 0x0 0x180047378 0x537f8 0x523f8
CreateFileW 0x0 0x180047380 0x53800 0x52400
GetProcessHeap 0x0 0x180047388 0x53808 0x52408
HeapValidate 0x0 0x180047390 0x53810 0x52410
ADVAPI32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegCreateKeyExA 0x0 0x1800473a0 0x53820 0x52420
RegSetValueExW 0x0 0x1800473a8 0x53828 0x52428
RegQueryInfoKeyW 0x0 0x1800473b0 0x53830 0x52430
RegOpenKeyExW 0x0 0x1800473b8 0x53838 0x52438
RegEnumKeyExW 0x0 0x1800473c0 0x53840 0x52440
RegDeleteValueW 0x0 0x1800473c8 0x53848 0x52448
RegDeleteKeyW 0x0 0x1800473d0 0x53850 0x52450
RegCreateKeyExW 0x0 0x1800473d8 0x53858 0x52458
RegSetValueExA 0x0 0x1800473e0 0x53860 0x52460
RegQueryValueExA 0x0 0x1800473e8 0x53868 0x52468
RegOpenKeyExA 0x0 0x1800473f0 0x53870 0x52470
RegEnumKeyExA 0x0 0x1800473f8 0x53878 0x52478
RegDeleteKeyA 0x0 0x180047400 0x53880 0x52480
RegQueryValueExW 0x0 0x180047408 0x53888 0x52488
RegCloseKey 0x0 0x180047410 0x53890 0x52490
ole32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CLSIDFromString 0x0 0x180047420 0x538a0 0x524a0
CreateBindCtx 0x0 0x180047428 0x538a8 0x524a8
CoTaskMemFree 0x0 0x180047430 0x538b0 0x524b0
CoTaskMemRealloc 0x0 0x180047438 0x538b8 0x524b8
CoTaskMemAlloc 0x0 0x180047440 0x538c0 0x524c0
CoCreateInstance 0x0 0x180047448 0x538c8 0x524c8
CoGetMalloc 0x0 0x180047450 0x538d0 0x524d0
StringFromGUID2 0x0 0x180047458 0x538d8 0x524d8
CoGetClassObject 0x0 0x180047460 0x538e0 0x524e0
StringFromCLSID 0x0 0x180047468 0x538e8 0x524e8
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadTypeLib 0xa1 0x180047478 0x538f8 0x524f8
RegisterTypeLib 0xa3 0x180047480 0x53900 0x52500
UnRegisterTypeLib 0xba 0x180047488 0x53908 0x52508
SysStringLen 0x7 0x180047490 0x53910 0x52510
SysFreeString 0x6 0x180047498 0x53918 0x52518
SysAllocString 0x2 0x1800474a0 0x53920 0x52520
VarUI4FromStr 0x115 0x1800474a8 0x53928 0x52528
Exports (6)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x1800014a4 0x2
DllGetClassObject 0x1800014b8 0x3
DllMain 0x180001000 0x4
DllRegisterServer 0x180001074 0x5
DllUnregisterServer 0x1800013d4 0x6
WMCreateStreamForURL 0x180001c48 0x1
Icons (6)
»
Digital Signatures (2)
»
Signature Properties
LegalCopyright Copyright © Microsoft Corp.
InternalName MSITSS
FileVersion 5.70.51021.0
CompanyName Microsoft Corporation
ProductName Microsoft(R) Infotech Information Storage System Library
ProductVersion 5.70.51021.0
FileDescription Microsoft® InfoTech Storage System Library
OriginalFilename MSITSS.DLL
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-09-04 21:12
Valid to 2013-12-04 21:12
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\help\msitss55.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\help\msitss55.dll (Modified File)
c:\program files\common files\microsoft shared\help\msitss55.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 434.35 KB
Hash Values MD5: 1764fad1c166cb87ce23f9a2a73b5b5f
SHA1: a358df20202c117d1a93b654a9e4f1ff236f66f4
SHA256: f1e1d4301138e16d80d1e208185c0a622c6f4a818d9b8c95d78b23cd3c9b1114
Actions
...
c:\program files\common files\microsoft shared\help\namedurls.hxk
»
File Properties
Names c:\program files\common files\microsoft shared\help\namedurls.hxk (Modified File)
Size 0.14 KB
Hash Values MD5: 67d7183cf742812fe8f2466eebdb114c
SHA1: 465770f3be0a5a578e0a1776f4c4e7238caceeac
SHA256: 7ac8ae8fbf69e7dcba2dfc3b74c7f1ea9ca1fe85b73d0c096b8cf5d80e036931
Actions
...
c:\program files\common files\microsoft shared\help\namedurls.hxk, ...
»
File Properties
Names c:\program files\common files\microsoft shared\help\namedurls.hxk (Modified File)
c:\program files\common files\microsoft shared\help\namedurls.hxk.[sepsis@protonmail.com].sepsis (Created File)
Size 0.31 KB
Hash Values MD5: c29d9f7f3aff22bc50b2e2bf802b5fc2
SHA1: 90b22a9ecfb0de25572bbb448c91bff1c2eff84d
SHA256: f27c7a2b9e3653570e783d532f65b1818eee9dc4f550f35e036d03b91eb88e17
Actions
...
c:\program files\common files\microsoft shared\msclientdatamgr\mscdm.dll
»
File Properties
Names c:\program files\common files\microsoft shared\msclientdatamgr\mscdm.dll (Modified File)
Size 474.17 KB
Hash Values MD5: 5b80f96d7c2f1bab0df4a29f6761f9af
SHA1: 3254803fe75a88b45fc9f728c7bf00990167b607
SHA256: 28fafc6faf5765db748c736ac82c49d9cc8c32b5a6cab842dd7357484f9878b4
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x1800484d0
Size Of Code 0x4a400
Size Of Initialized Data 0x2ae00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:48:15
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x4a21c 0x4a400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.18
.rdata 0x18004c000 0x203c8 0x20400 0x4a800 CNT_INITIALIZED_DATA, MEM_READ 4.05
.data 0x18006d000 0x3cb0 0x3600 0x6ac00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.37
.pdata 0x180071000 0x4110 0x4200 0x6e200 CNT_INITIALIZED_DATA, MEM_READ 5.45
.rsrc 0x180076000 0x1148 0x1200 0x72400 CNT_INITIALIZED_DATA, MEM_READ 4.17
.reloc 0x180078000 0x1678 0x1800 0x73600 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.36
Imports (145)
»
MSVCR100.dll (40)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18004c000 0x5f968 0x5e168
__clean_type_info_names_internal 0x0 0x18004c008 0x5f970 0x5e170
__crt_debugger_hook 0x0 0x18004c010 0x5f978 0x5e178
_onexit 0x0 0x18004c018 0x5f980 0x5e180
_lock 0x0 0x18004c020 0x5f988 0x5e188
__dllonexit 0x0 0x18004c028 0x5f990 0x5e190
_unlock 0x0 0x18004c030 0x5f998 0x5e198
?terminate@@YAXXZ 0x0 0x18004c038 0x5f9a0 0x5e1a0
__CppXcptFilter 0x0 0x18004c040 0x5f9a8 0x5e1a8
__C_specific_handler 0x0 0x18004c048 0x5f9b0 0x5e1b0
_amsg_exit 0x0 0x18004c050 0x5f9b8 0x5e1b8
_encoded_null 0x0 0x18004c058 0x5f9c0 0x5e1c0
_initterm_e 0x0 0x18004c060 0x5f9c8 0x5e1c8
_initterm 0x0 0x18004c068 0x5f9d0 0x5e1d0
_malloc_crt 0x0 0x18004c070 0x5f9d8 0x5e1d8
vswprintf_s 0x0 0x18004c078 0x5f9e0 0x5e1e0
calloc 0x0 0x18004c080 0x5f9e8 0x5e1e8
_vsnwprintf_s 0x0 0x18004c088 0x5f9f0 0x5e1f0
_wtol 0x0 0x18004c090 0x5f9f8 0x5e1f8
??_V@YAXPEAX@Z 0x0 0x18004c098 0x5fa00 0x5e200
??2@YAPEAX_K@Z 0x0 0x18004c0a0 0x5fa08 0x5e208
memcpy_s 0x0 0x18004c0a8 0x5fa10 0x5e210
wcscat_s 0x0 0x18004c0b0 0x5fa18 0x5e218
wcscpy_s 0x0 0x18004c0b8 0x5fa20 0x5e220
wcsncpy_s 0x0 0x18004c0c0 0x5fa28 0x5e228
wcsstr 0x0 0x18004c0c8 0x5fa30 0x5e230
free 0x0 0x18004c0d0 0x5fa38 0x5e238
malloc 0x0 0x18004c0d8 0x5fa40 0x5e240
_recalloc 0x0 0x18004c0e0 0x5fa48 0x5e248
??_U@YAPEAX_K@Z 0x0 0x18004c0e8 0x5fa50 0x5e250
__CxxFrameHandler3 0x0 0x18004c0f0 0x5fa58 0x5e258
memset 0x0 0x18004c0f8 0x5fa60 0x5e260
iswspace 0x0 0x18004c100 0x5fa68 0x5e268
memcpy 0x0 0x18004c108 0x5fa70 0x5e270
realloc 0x0 0x18004c110 0x5fa78 0x5e278
memcmp 0x0 0x18004c118 0x5fa80 0x5e280
memmove 0x0 0x18004c120 0x5fa88 0x5e288
wcschr 0x0 0x18004c128 0x5fa90 0x5e290
wcscspn 0x0 0x18004c130 0x5fa98 0x5e298
??3@YAXPEAX@Z 0x0 0x18004c138 0x5faa0 0x5e2a0
KERNEL32.dll (51)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetSystemTimeAsFileTime 0x0 0x18004c148 0x5fab0 0x5e2b0
LocalAlloc 0x0 0x18004c150 0x5fab8 0x5e2b8
RtlCaptureContext 0x0 0x18004c158 0x5fac0 0x5e2c0
RtlLookupFunctionEntry 0x0 0x18004c160 0x5fac8 0x5e2c8
RtlVirtualUnwind 0x0 0x18004c168 0x5fad0 0x5e2d0
IsDebuggerPresent 0x0 0x18004c170 0x5fad8 0x5e2d8
SetUnhandledExceptionFilter 0x0 0x18004c178 0x5fae0 0x5e2e0
UnhandledExceptionFilter 0x0 0x18004c180 0x5fae8 0x5e2e8
GetCurrentProcess 0x0 0x18004c188 0x5faf0 0x5e2f0
TerminateProcess 0x0 0x18004c190 0x5faf8 0x5e2f8
DecodePointer 0x0 0x18004c198 0x5fb00 0x5e300
EncodePointer 0x0 0x18004c1a0 0x5fb08 0x5e308
HeapFree 0x0 0x18004c1a8 0x5fb10 0x5e310
HeapAlloc 0x0 0x18004c1b0 0x5fb18 0x5e318
WerRegisterMemoryBlock 0x0 0x18004c1b8 0x5fb20 0x5e320
VirtualProtect 0x0 0x18004c1c0 0x5fb28 0x5e328
GetTickCount 0x0 0x18004c1c8 0x5fb30 0x5e330
LoadLibraryA 0x0 0x18004c1d0 0x5fb38 0x5e338
GetCurrentProcessId 0x0 0x18004c1d8 0x5fb40 0x5e340
HeapSetInformation 0x0 0x18004c1e0 0x5fb48 0x5e348
GetProcessHeap 0x0 0x18004c1e8 0x5fb50 0x5e350
QueryPerformanceCounter 0x0 0x18004c1f0 0x5fb58 0x5e358
RaiseException 0x0 0x18004c1f8 0x5fb60 0x5e360
GetLastError 0x0 0x18004c200 0x5fb68 0x5e368
EnterCriticalSection 0x0 0x18004c208 0x5fb70 0x5e370
LeaveCriticalSection 0x0 0x18004c210 0x5fb78 0x5e378
InitializeCriticalSectionAndSpinCount 0x0 0x18004c218 0x5fb80 0x5e380
DeleteCriticalSection 0x0 0x18004c220 0x5fb88 0x5e388
DisableThreadLibraryCalls 0x0 0x18004c228 0x5fb90 0x5e390
FreeLibrary 0x0 0x18004c230 0x5fb98 0x5e398
GetModuleFileNameW 0x0 0x18004c238 0x5fba0 0x5e3a0
GetModuleHandleW 0x0 0x18004c240 0x5fba8 0x5e3a8
GetProcAddress 0x0 0x18004c248 0x5fbb0 0x5e3b0
LoadLibraryExW 0x0 0x18004c250 0x5fbb8 0x5e3b8
LoadResource 0x0 0x18004c258 0x5fbc0 0x5e3c0
SizeofResource 0x0 0x18004c260 0x5fbc8 0x5e3c8
lstrcmpiW 0x0 0x18004c268 0x5fbd0 0x5e3d0
lstrlenW 0x0 0x18004c270 0x5fbd8 0x5e3d8
FindResourceW 0x0 0x18004c278 0x5fbe0 0x5e3e0
MultiByteToWideChar 0x0 0x18004c280 0x5fbe8 0x5e3e8
WaitForSingleObject 0x0 0x18004c288 0x5fbf0 0x5e3f0
GetCurrentThreadId 0x0 0x18004c290 0x5fbf8 0x5e3f8
GetSystemDefaultLCID 0x0 0x18004c298 0x5fc00 0x5e400
SetEvent 0x0 0x18004c2a0 0x5fc08 0x5e408
WaitForMultipleObjects 0x0 0x18004c2a8 0x5fc10 0x5e410
Sleep 0x0 0x18004c2b0 0x5fc18 0x5e418
CompareStringW 0x0 0x18004c2b8 0x5fc20 0x5e420
WideCharToMultiByte 0x0 0x18004c2c0 0x5fc28 0x5e428
GetUserDefaultLCID 0x0 0x18004c2c8 0x5fc30 0x5e430
InitializeCriticalSection 0x0 0x18004c2d0 0x5fc38 0x5e438
GetModuleFileNameA 0x0 0x18004c2d8 0x5fc40 0x5e440
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoCreateGuid 0x0 0x18004c2e8 0x5fc50 0x5e450
CoTaskMemFree 0x0 0x18004c2f0 0x5fc58 0x5e458
CoTaskMemRealloc 0x0 0x18004c2f8 0x5fc60 0x5e460
StringFromCLSID 0x0 0x18004c300 0x5fc68 0x5e468
CoGetMalloc 0x0 0x18004c308 0x5fc70 0x5e470
CoCreateInstance 0x0 0x18004c310 0x5fc78 0x5e478
CoTaskMemAlloc 0x0 0x18004c318 0x5fc80 0x5e480
StringFromGUID2 0x0 0x18004c320 0x5fc88 0x5e488
OLEAUT32.dll (25)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VariantClear 0x9 0x18004c330 0x5fc98 0x5e498
VariantCopy 0xa 0x18004c338 0x5fca0 0x5e4a0
VariantInit 0x8 0x18004c340 0x5fca8 0x5e4a8
VarCmp 0xb0 0x18004c348 0x5fcb0 0x5e4b0
SysAllocStringLen 0x4 0x18004c350 0x5fcb8 0x5e4b8
SysStringByteLen 0x95 0x18004c358 0x5fcc0 0x5e4c0
SysAllocStringByteLen 0x96 0x18004c360 0x5fcc8 0x5e4c8
VariantChangeType 0xc 0x18004c368 0x5fcd0 0x5e4d0
VarSub 0x9f 0x18004c370 0x5fcd8 0x5e4d8
SafeArrayDestroy 0x10 0x18004c378 0x5fce0 0x5e4e0
SafeArrayGetUBound 0x13 0x18004c380 0x5fce8 0x5e4e8
SafeArrayGetElement 0x19 0x18004c388 0x5fcf0 0x5e4f0
VarBstrCmp 0x13a 0x18004c390 0x5fcf8 0x5e4f8
SetErrorInfo 0xc9 0x18004c398 0x5fd00 0x5e500
GetErrorInfo 0xc8 0x18004c3a0 0x5fd08 0x5e508
CreateErrorInfo 0xca 0x18004c3a8 0x5fd10 0x5e510
VariantChangeTypeEx 0x93 0x18004c3b0 0x5fd18 0x5e518
UnRegisterTypeLib 0xba 0x18004c3b8 0x5fd20 0x5e520
RegisterTypeLib 0xa3 0x18004c3c0 0x5fd28 0x5e528
LoadTypeLib 0xa1 0x18004c3c8 0x5fd30 0x5e530
VarUI4FromStr 0x115 0x18004c3d0 0x5fd38 0x5e538
SysStringLen 0x7 0x18004c3d8 0x5fd40 0x5e540
SysAllocString 0x2 0x18004c3e0 0x5fd48 0x5e548
SysFreeString 0x6 0x18004c3e8 0x5fd50 0x5e550
VarAdd 0x8d 0x18004c3f0 0x5fd58 0x5e558
ADVAPI32.dll (17)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegOpenKeyExA 0x0 0x18004c400 0x5fd68 0x5e568
RegCreateKeyExW 0x0 0x18004c408 0x5fd70 0x5e570
RegDeleteKeyW 0x0 0x18004c410 0x5fd78 0x5e578
ReportEventW 0x0 0x18004c418 0x5fd80 0x5e580
RegisterEventSourceW 0x0 0x18004c420 0x5fd88 0x5e588
DeregisterEventSource 0x0 0x18004c428 0x5fd90 0x5e590
RegSetValueExA 0x0 0x18004c430 0x5fd98 0x5e598
RegQueryValueExW 0x0 0x18004c438 0x5fda0 0x5e5a0
RegQueryValueExA 0x0 0x18004c440 0x5fda8 0x5e5a8
RegCloseKey 0x0 0x18004c448 0x5fdb0 0x5e5b0
RegDeleteKeyA 0x0 0x18004c450 0x5fdb8 0x5e5b8
RegCreateKeyExA 0x0 0x18004c458 0x5fdc0 0x5e5c0
RegSetValueExW 0x0 0x18004c460 0x5fdc8 0x5e5c8
RegQueryInfoKeyW 0x0 0x18004c468 0x5fdd0 0x5e5d0
RegOpenKeyExW 0x0 0x18004c470 0x5fdd8 0x5e5d8
RegEnumKeyExW 0x0 0x18004c478 0x5fde0 0x5e5e0
RegDeleteValueW 0x0 0x18004c480 0x5fde8 0x5e5e8
mfc100u.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0xcdc 0x18004c490 0x5fdf8 0x5e5f8
(by ordinal) 0x7ed 0x18004c498 0x5fe00 0x5e600
(by ordinal) 0x7e7 0x18004c4a0 0x5fe08 0x5e608
(by ordinal) 0x7e9 0x18004c4a8 0x5fe10 0x5e610
Exports (5)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x180034618 0xd
DllGetClassObject 0x180034370 0xe
DllMain 0x1800348e0 0xc
DllRegisterServer 0x180034670 0xf
DllUnregisterServer 0x180034824 0x10
Digital Signatures (2)
»
Signature Properties
InternalName Microsoft Client Data Manager
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsot Office System 2007 Client Data Manager
OriginalFilename MSCDM.DLL
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\msclientdatamgr\mscdm.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\msclientdatamgr\mscdm.dll (Modified File)
c:\program files\common files\microsoft shared\msclientdatamgr\mscdm.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 474.35 KB
Hash Values MD5: 1e53c61737cdd277038516efce7e5a2f
SHA1: 93e625cd64dbf7459de2e5be89263bbf37199ccc
SHA256: 662dbbcd37052dbe3271e56f84a0796cd5d957e51de199c29b90ab2a5e245d8e
Actions
...
c:\program files\common files\microsoft shared\office15\1033\aceintl.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\aceintl.dll (Modified File)
Size 196.70 KB
Hash Values MD5: ed0f71ba2445385829287a632e7c8c5f
SHA1: bb28e5d9f397cba17fa0f3eac30b9383ed1f4c49
SHA256: 65cceebd453d0ccf88114f4db6d17bbf4580d41197a83ccb19b812be88da24a6
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x1800010f8
Size Of Code 0xe00
Size Of Initialized Data 0x2ea00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:50:10
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xc60 0xe00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 5.55
.rdata 0x180002000 0x78c 0x800 0x1200 CNT_INITIALIZED_DATA, MEM_READ 4.31
.data 0x180003000 0x5c0 0x200 0x1a00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.23
.pdata 0x180004000 0x120 0x200 0x1c00 CNT_INITIALIZED_DATA, MEM_READ 2.37
.rsrc 0x180005000 0x2d73c 0x2d800 0x1e00 CNT_INITIALIZED_DATA, MEM_READ 3.42
.reloc 0x180033000 0x10 0x200 0x2f600 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.15
Imports (39)
»
MSVCR100.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x180002000 0x2260 0x1460
_lock 0x0 0x180002008 0x2268 0x1468
__dllonexit 0x0 0x180002010 0x2270 0x1470
_unlock 0x0 0x180002018 0x2278 0x1478
__clean_type_info_names_internal 0x0 0x180002020 0x2280 0x1480
__crt_debugger_hook 0x0 0x180002028 0x2288 0x1488
__CppXcptFilter 0x0 0x180002030 0x2290 0x1490
__C_specific_handler 0x0 0x180002038 0x2298 0x1498
_amsg_exit 0x0 0x180002040 0x22a0 0x14a0
_encoded_null 0x0 0x180002048 0x22a8 0x14a8
free 0x0 0x180002050 0x22b0 0x14b0
_initterm_e 0x0 0x180002058 0x22b8 0x14b8
_initterm 0x0 0x180002060 0x22c0 0x14c0
_malloc_crt 0x0 0x180002068 0x22c8 0x14c8
memcpy 0x0 0x180002070 0x22d0 0x14d0
KERNEL32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
QueryPerformanceCounter 0x0 0x180002080 0x22e0 0x14e0
RtlCaptureContext 0x0 0x180002088 0x22e8 0x14e8
RtlLookupFunctionEntry 0x0 0x180002090 0x22f0 0x14f0
RtlVirtualUnwind 0x0 0x180002098 0x22f8 0x14f8
IsDebuggerPresent 0x0 0x1800020a0 0x2300 0x1500
SetUnhandledExceptionFilter 0x0 0x1800020a8 0x2308 0x1508
UnhandledExceptionFilter 0x0 0x1800020b0 0x2310 0x1510
GetCurrentProcess 0x0 0x1800020b8 0x2318 0x1518
TerminateProcess 0x0 0x1800020c0 0x2320 0x1520
Sleep 0x0 0x1800020c8 0x2328 0x1528
DecodePointer 0x0 0x1800020d0 0x2330 0x1530
EncodePointer 0x0 0x1800020d8 0x2338 0x1538
WerRegisterMemoryBlock 0x0 0x1800020e0 0x2340 0x1540
VirtualProtect 0x0 0x1800020e8 0x2348 0x1548
GetTickCount 0x0 0x1800020f0 0x2350 0x1550
GetSystemTimeAsFileTime 0x0 0x1800020f8 0x2358 0x1558
DisableThreadLibraryCalls 0x0 0x180002100 0x2360 0x1560
LoadResource 0x0 0x180002108 0x2368 0x1568
LockResource 0x0 0x180002110 0x2370 0x1570
FindResourceA 0x0 0x180002118 0x2378 0x1578
GetProcessHeap 0x0 0x180002120 0x2380 0x1580
HeapSetInformation 0x0 0x180002128 0x2388 0x1588
GetCurrentProcessId 0x0 0x180002130 0x2390 0x1590
GetCurrentThreadId 0x0 0x180002138 0x2398 0x1598
Exports (1)
»
Api name EAT Address Ordinal
CchLszOfId2 0x180001000 0x2
Digital Signatures (2)
»
Signature Properties
InternalName aceintl
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Access database engine International DLL
OriginalFilename aceintl.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-09-04 21:12
Valid to 2013-12-04 21:12
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\aceintl.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\aceintl.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\aceintl.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 196.87 KB
Hash Values MD5: be8c8fea5988a4e1f7f26d8eea4edfcf
SHA1: ac03db4447aebce19ecaf6d371c6c7d10442255e
SHA256: 6238344ffc7f7d2338349d4b4447ed5331e3a0cd0caaa8dae58a7dec6b0d8a11
Actions
...
c:\program files\common files\microsoft shared\office15\1033\aceodbci.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\aceodbci.dll (Modified File)
Size 52.19 KB
Hash Values MD5: 10544b35237102a985b5f53d666424d4
SHA1: bb00a347c06c3408c2c7d7314a582cd5da09c272
SHA256: ab8a0622e935c69e8d4ba839f06153e5230dcd684939270630dc2fddebb87d5a
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001538
Size Of Code 0xc00
Size Of Initialized Data 0xaa00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:33:48
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xaf8 0xc00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 5.62
.rdata 0x180002000 0xea4 0x1000 0x1000 CNT_INITIALIZED_DATA, MEM_READ 2.27
.data 0x180003000 0x5c0 0x200 0x2000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.23
.pdata 0x180004000 0xe4 0x200 0x2200 CNT_INITIALIZED_DATA, MEM_READ 1.87
.rsrc 0x180005000 0x8e28 0x9000 0x2400 CNT_INITIALIZED_DATA, MEM_READ 3.66
.reloc 0x18000e000 0x10 0x200 0xb400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.15
Imports (34)
»
MSVCR100.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x180002000 0x2a18 0x1a18
_lock 0x0 0x180002008 0x2a20 0x1a20
__dllonexit 0x0 0x180002010 0x2a28 0x1a28
_unlock 0x0 0x180002018 0x2a30 0x1a30
__clean_type_info_names_internal 0x0 0x180002020 0x2a38 0x1a38
__crt_debugger_hook 0x0 0x180002028 0x2a40 0x1a40
__CppXcptFilter 0x0 0x180002030 0x2a48 0x1a48
__C_specific_handler 0x0 0x180002038 0x2a50 0x1a50
_amsg_exit 0x0 0x180002040 0x2a58 0x1a58
_encoded_null 0x0 0x180002048 0x2a60 0x1a60
free 0x0 0x180002050 0x2a68 0x1a68
_initterm_e 0x0 0x180002058 0x2a70 0x1a70
_initterm 0x0 0x180002060 0x2a78 0x1a78
_malloc_crt 0x0 0x180002068 0x2a80 0x1a80
KERNEL32.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetCurrentProcessId 0x0 0x180002078 0x2a90 0x1a90
RtlCaptureContext 0x0 0x180002080 0x2a98 0x1a98
RtlLookupFunctionEntry 0x0 0x180002088 0x2aa0 0x1aa0
RtlVirtualUnwind 0x0 0x180002090 0x2aa8 0x1aa8
IsDebuggerPresent 0x0 0x180002098 0x2ab0 0x1ab0
SetUnhandledExceptionFilter 0x0 0x1800020a0 0x2ab8 0x1ab8
UnhandledExceptionFilter 0x0 0x1800020a8 0x2ac0 0x1ac0
GetCurrentProcess 0x0 0x1800020b0 0x2ac8 0x1ac8
TerminateProcess 0x0 0x1800020b8 0x2ad0 0x1ad0
Sleep 0x0 0x1800020c0 0x2ad8 0x1ad8
DecodePointer 0x0 0x1800020c8 0x2ae0 0x1ae0
EncodePointer 0x0 0x1800020d0 0x2ae8 0x1ae8
WerRegisterMemoryBlock 0x0 0x1800020d8 0x2af0 0x1af0
VirtualProtect 0x0 0x1800020e0 0x2af8 0x1af8
GetTickCount 0x0 0x1800020e8 0x2b00 0x1b00
QueryPerformanceCounter 0x0 0x1800020f0 0x2b08 0x1b08
GetProcessHeap 0x0 0x1800020f8 0x2b10 0x1b10
HeapSetInformation 0x0 0x180002100 0x2b18 0x1b18
GetCurrentThreadId 0x0 0x180002108 0x2b20 0x1b20
GetSystemTimeAsFileTime 0x0 0x180002110 0x2b28 0x1b28
Exports (2)
»
Api name EAT Address Ordinal
DllMain 0x180001000 0x1f4
IntlLibHinst 0x180001018 0x1
Digital Signatures (2)
»
Signature Properties
InternalName aceodbci
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Access database engine ODBC International DLL
OriginalFilename aceodbci.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\aceodbci.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\aceodbci.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\aceodbci.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 52.36 KB
Hash Values MD5: 9e9e7daf3a4499bf1a0b01b5a0b31d24
SHA1: db30fdf794c98a834239bd948b6ca328df366b74
SHA256: 1a80a33aaad3e641ea485158a127bfc2ba07c55aae05e823b71226ea6b96bf95
Actions
...
c:\program files\common files\microsoft shared\office15\1033\acewstr.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\acewstr.dll (Modified File)
Size 839.17 KB
Hash Values MD5: 10ed6c90286e20b5775f08ce51dab3fc
SHA1: 5aef92733452f766d524fc2f9433e02db6e5fb98
SHA256: b6e6ca83d7c32093ad31db94e75b4837f2851a7e21c4467bf37f26d268830606
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x1800021f0
Size Of Code 0x6600
Size Of Initialized Data 0xc9e00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:39:20
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x65a4 0x6600 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.45
.rdata 0x180008000 0x122c 0x1400 0x6a00 CNT_INITIALIZED_DATA, MEM_READ 3.97
.data 0x18000a000 0xc7640 0xc7200 0x7e00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.81
.pdata 0x1800d2000 0x318 0x400 0xcf000 CNT_INITIALIZED_DATA, MEM_READ 3.53
.rsrc 0x1800d3000 0xb64 0xc00 0xcf400 CNT_INITIALIZED_DATA, MEM_READ 3.39
.reloc 0x1800d4000 0x80 0x200 0xd0000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 1.71
Imports (58)
»
MSVCR100.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x180008000 0x8980 0x7380
_lock 0x0 0x180008008 0x8988 0x7388
__dllonexit 0x0 0x180008010 0x8990 0x7390
_unlock 0x0 0x180008018 0x8998 0x7398
__clean_type_info_names_internal 0x0 0x180008020 0x89a0 0x73a0
__crt_debugger_hook 0x0 0x180008028 0x89a8 0x73a8
__CppXcptFilter 0x0 0x180008030 0x89b0 0x73b0
_amsg_exit 0x0 0x180008038 0x89b8 0x73b8
_encoded_null 0x0 0x180008040 0x89c0 0x73c0
_initterm_e 0x0 0x180008048 0x89c8 0x73c8
_initterm 0x0 0x180008050 0x89d0 0x73d0
_malloc_crt 0x0 0x180008058 0x89d8 0x73d8
__C_specific_handler 0x0 0x180008060 0x89e0 0x73e0
wcsrchr 0x0 0x180008068 0x89e8 0x73e8
memmove 0x0 0x180008070 0x89f0 0x73f0
memset 0x0 0x180008078 0x89f8 0x73f8
memcpy 0x0 0x180008080 0x8a00 0x7400
malloc 0x0 0x180008088 0x8a08 0x7408
free 0x0 0x180008090 0x8a10 0x7410
wcsncat_s 0x0 0x180008098 0x8a18 0x7418
KERNEL32.dll (38)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GlobalAlloc 0x0 0x1800080a8 0x8a28 0x7428
RtlCaptureContext 0x0 0x1800080b0 0x8a30 0x7430
RtlLookupFunctionEntry 0x0 0x1800080b8 0x8a38 0x7438
RtlVirtualUnwind 0x0 0x1800080c0 0x8a40 0x7440
IsDebuggerPresent 0x0 0x1800080c8 0x8a48 0x7448
SetUnhandledExceptionFilter 0x0 0x1800080d0 0x8a50 0x7450
UnhandledExceptionFilter 0x0 0x1800080d8 0x8a58 0x7458
GetCurrentProcess 0x0 0x1800080e0 0x8a60 0x7460
TerminateProcess 0x0 0x1800080e8 0x8a68 0x7468
Sleep 0x0 0x1800080f0 0x8a70 0x7470
DecodePointer 0x0 0x1800080f8 0x8a78 0x7478
EncodePointer 0x0 0x180008100 0x8a80 0x7480
WerRegisterMemoryBlock 0x0 0x180008108 0x8a88 0x7488
VirtualProtect 0x0 0x180008110 0x8a90 0x7490
GetTickCount 0x0 0x180008118 0x8a98 0x7498
GetSystemTimeAsFileTime 0x0 0x180008120 0x8aa0 0x74a0
GetCurrentThreadId 0x0 0x180008128 0x8aa8 0x74a8
GetCurrentProcessId 0x0 0x180008130 0x8ab0 0x74b0
HeapSetInformation 0x0 0x180008138 0x8ab8 0x74b8
GetProcessHeap 0x0 0x180008140 0x8ac0 0x74c0
QueryPerformanceCounter 0x0 0x180008148 0x8ac8 0x74c8
InitializeCriticalSection 0x0 0x180008150 0x8ad0 0x74d0
EnterCriticalSection 0x0 0x180008158 0x8ad8 0x74d8
LeaveCriticalSection 0x0 0x180008160 0x8ae0 0x74e0
DeleteCriticalSection 0x0 0x180008168 0x8ae8 0x74e8
FreeLibrary 0x0 0x180008170 0x8af0 0x74f0
GetModuleFileNameW 0x0 0x180008178 0x8af8 0x74f8
GetProcAddress 0x0 0x180008180 0x8b00 0x7500
LoadResource 0x0 0x180008188 0x8b08 0x7508
LockResource 0x0 0x180008190 0x8b10 0x7510
GlobalFree 0x0 0x180008198 0x8b18 0x7518
FindResourceA 0x0 0x1800081a0 0x8b20 0x7520
GetSystemDefaultLCID 0x0 0x1800081a8 0x8b28 0x7528
GetUserDefaultLCID 0x0 0x1800081b0 0x8b30 0x7530
RaiseException 0x0 0x1800081b8 0x8b38 0x7538
GetLastError 0x0 0x1800081c0 0x8b40 0x7540
GetModuleHandleW 0x0 0x1800081c8 0x8b48 0x7548
LoadLibraryExW 0x0 0x1800081d0 0x8b50 0x7550
Exports (7)
»
Api name EAT Address Ordinal
None 0x18000193c 0x1
None 0x180001c48 0x2
None 0x1800044bc 0x3
None 0x180006754 0x4
None 0x180004620 0x5
None 0x1800060e0 0x6
None 0x1800044d4 0x7
Digital Signatures (2)
»
Signature Properties
InternalName acewstr
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Access database engine Sort DLL
OriginalFilename acewstr.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-09-04 21:12
Valid to 2013-12-04 21:12
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\acewstr.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\acewstr.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\acewstr.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 839.35 KB
Hash Values MD5: 9ebcdfa5720d1b4d0676a1b90d6050c6
SHA1: 9f1303873f9bcf255949c5ae47ff7ff0a8018247
SHA256: dfa0841cae6fb52b0d14a78dad5bb7db6bb9e5e9b8d9cbb0813629c53e83257e
Actions
...
c:\program files\common files\microsoft shared\office15\1033\ado210.chm
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\ado210.chm (Modified File)
Size 1.60 MB
Hash Values MD5: 07f24da6c320ab7b6dfe820fb68b676a
SHA1: 1ee30ea1e0ba5d1e06bf1e9b0ee6139adbd5d8ad
SHA256: b8d6e8020044e60b44c22c45d64b6c9ee13606c612ea0da946ee05d0d01e4b41
Actions
...
c:\program files\common files\microsoft shared\office15\1033\ado210.chm, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\ado210.chm (Modified File)
c:\program files\common files\microsoft shared\office15\1033\ado210.chm.[sepsis@protonmail.com].sepsis (Created File)
Size 1.60 MB
Hash Values MD5: 53fa6ab167d4cf68f5485a827c9f5426
SHA1: 1d38d51435d660e62f23a3aa851401bb1092bdff
SHA256: 798c229d9384dc338d2bdbe1163b4bec541137c700e9e148953c447ae97971a2
Actions
...
c:\program files\common files\microsoft shared\office15\1033\alrtintl.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\alrtintl.dll (Modified File)
Size 150.59 KB
Hash Values MD5: 89ce4d1c870ab754d6a197c042466942
SHA1: 98d89cf3573c2fe86786837e0a1e6e21c798136e
SHA256: d8ad0522a2cafd00fc360177b7102f9fe1c8a5243a8b00de377d971fdff763d0
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0x23c00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 18:36:54
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rdata 0x180001000 0x170 0x200 0x400 CNT_INITIALIZED_DATA, MEM_READ 1.77
.rsrc 0x180002000 0x23964 0x23a00 0x600 CNT_INITIALIZED_DATA, MEM_READ 7.43
Digital Signatures (2)
»
Signature Properties
InternalName alrtintl
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Alert Intl
OriginalFilename AlrtIntl.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\alrtintl.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\alrtintl.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\alrtintl.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 150.77 KB
Hash Values MD5: e4e7bfa9e0b14f5ead56a1e7b5d6f436
SHA1: b6054cc98f146519f3bb00a044f85b85ae2e2de4
SHA256: 1929c76bbbf9f8252ccdb2d16d5ab1e5c62a76b4acb04787386ffcdf6f9c10d0
Actions
...
c:\program files\common files\microsoft shared\office15\1033\msointl.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\msointl.dll (Modified File)
Size 3.46 MB
Hash Values MD5: 8f9811db3ddd440e2601027eb756a42d
SHA1: 7f763efda83358603474804c53ebc6f318931263
SHA256: fa56b4f2c40eb59d3d29fea8644024d500bf79b15e1c5d8266372887f8a01e09
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0x373400
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 18:35:55
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rdata 0x180001000 0x16c 0x200 0x400 CNT_INITIALIZED_DATA, MEM_READ 1.68
.rsrc 0x180002000 0x3731b0 0x373200 0x600 CNT_INITIALIZED_DATA, MEM_READ Unknown
Digital Signatures (2)
»
Signature Properties
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\msointl.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\msointl.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\msointl.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 3.46 MB
Hash Values MD5: ef3ce4d94d705066ae8d508bb577fc8f
SHA1: e79f6cf9b060cb29a46d51e308b4d49de2532f8b
SHA256: a9e19978f5270b2ae51ba2eeac974a7ab6c7d2c1653a11142cbb0a647af37a09
Actions
...
c:\program files\common files\microsoft shared\office15\1033\msointl.dll.idx_dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\msointl.dll.idx_dll (Modified File)
Size 51.64 KB
Hash Values MD5: 7b34955960ff21d45655ac01ec973d14
SHA1: a25e476316e50892c84b7e5030bb19d177338cba
SHA256: 47ad666d0f101d1b6365997c7e18a66752d5addbbd2c53eff1a9ff1bc83f7eb6
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0xb000
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 18:39:20
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rdata 0x180001000 0x16c 0x200 0x400 CNT_INITIALIZED_DATA, MEM_READ 1.86
.rsrc 0x180002000 0xad28 0xae00 0x600 CNT_INITIALIZED_DATA, MEM_READ 4.48
Digital Signatures (2)
»
Signature Properties
InternalName 4.0
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription UICaptions Support File Template
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\msointl.dll.idx_dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\msointl.dll.idx_dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\msointl.dll.idx_dll.[sepsis@protonmail.com].sepsis (Created File)
Size 51.82 KB
Hash Values MD5: c08256ba876262809f3fe1fcc583d069
SHA1: 198e1495c5a6ab7a7e935bde35029b34e813f3d4
SHA256: 84d57e8229377a7d8564767b5a288a3192f63c67fa6f5e1423fcd6c6b5c4cb2f
Actions
...
c:\program files\common files\microsoft shared\office15\1033\msointl.rest.idx_dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\msointl.rest.idx_dll (Modified File)
Size 1.42 MB
Hash Values MD5: 0025bc172206303fe3a5f4ba25ccebb8
SHA1: 27eee98511e2edbb75ee6a4b9658471d13335ffd
SHA256: a4d5e4c35782ac8e62e56c10358f2681b5637ac5b2e31631eac6dee5a35a3f94
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0x168800
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 18:39:20
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rdata 0x180001000 0x16c 0x200 0x400 CNT_INITIALIZED_DATA, MEM_READ 1.86
.rsrc 0x180002000 0x1684dc 0x168600 0x600 CNT_INITIALIZED_DATA, MEM_READ 5.12
Digital Signatures (2)
»
Signature Properties
InternalName 4.0
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription UICaptions Support File Template
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\msointl.rest.idx_dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\msointl.rest.idx_dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\msointl.rest.idx_dll.[sepsis@protonmail.com].sepsis (Created File)
Size 1.42 MB
Hash Values MD5: 3ea4252fab4c5db8789d25072c3ae5da
SHA1: 4747cb0ba11394894f1c469be496c7948b5d3a97
SHA256: 139172e558815fe78d405bb31fde49d82d927b78f91a7bcd0c606b82321393a8
Actions
...
c:\program files\common files\microsoft shared\office15\1033\mssoapr3.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\mssoapr3.dll (Modified File)
Size 41.15 KB
Hash Values MD5: cecc0e57e5af5293aa27cafa6eec027e
SHA1: dfc1204e28a7e82433d098f137b22339b5e88e34
SHA256: 7eef8f4b6ab046ea737c8d1408941b2107f72d24a14bde7b80ac6d7fd453d68d
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001548
Size Of Code 0xc00
Size Of Initialized Data 0x7e00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 20:36:52
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xb10 0xc00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 5.65
.rdata 0x180002000 0x750 0x800 0x1000 CNT_INITIALIZED_DATA, MEM_READ 4.2
.data 0x180003000 0x5c8 0x200 0x1800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.23
.pdata 0x180004000 0xe4 0x200 0x1a00 CNT_INITIALIZED_DATA, MEM_READ 1.9
.rsrc 0x180005000 0x6b10 0x6c00 0x1c00 CNT_INITIALIZED_DATA, MEM_READ 3.36
.reloc 0x18000c000 0x10 0x200 0x8800 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.15
Imports (35)
»
KERNEL32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DisableThreadLibraryCalls 0x0 0x180002000 0x2298 0x1298
RtlLookupFunctionEntry 0x0 0x180002008 0x22a0 0x12a0
RtlVirtualUnwind 0x0 0x180002010 0x22a8 0x12a8
IsDebuggerPresent 0x0 0x180002018 0x22b0 0x12b0
SetUnhandledExceptionFilter 0x0 0x180002020 0x22b8 0x12b8
UnhandledExceptionFilter 0x0 0x180002028 0x22c0 0x12c0
GetCurrentProcess 0x0 0x180002030 0x22c8 0x12c8
TerminateProcess 0x0 0x180002038 0x22d0 0x12d0
Sleep 0x0 0x180002040 0x22d8 0x12d8
DecodePointer 0x0 0x180002048 0x22e0 0x12e0
EncodePointer 0x0 0x180002050 0x22e8 0x12e8
WerRegisterMemoryBlock 0x0 0x180002058 0x22f0 0x12f0
VirtualProtect 0x0 0x180002060 0x22f8 0x12f8
GetTickCount 0x0 0x180002068 0x2300 0x1300
GetSystemTimeAsFileTime 0x0 0x180002070 0x2308 0x1308
GetCurrentThreadId 0x0 0x180002078 0x2310 0x1310
QueryPerformanceCounter 0x0 0x180002080 0x2318 0x1318
GetProcessHeap 0x0 0x180002088 0x2320 0x1320
HeapSetInformation 0x0 0x180002090 0x2328 0x1328
GetCurrentProcessId 0x0 0x180002098 0x2330 0x1330
RtlCaptureContext 0x0 0x1800020a0 0x2338 0x1338
MSVCR100.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x1800020b0 0x2348 0x1348
_lock 0x0 0x1800020b8 0x2350 0x1350
__dllonexit 0x0 0x1800020c0 0x2358 0x1358
_unlock 0x0 0x1800020c8 0x2360 0x1360
__clean_type_info_names_internal 0x0 0x1800020d0 0x2368 0x1368
__crt_debugger_hook 0x0 0x1800020d8 0x2370 0x1370
__CppXcptFilter 0x0 0x1800020e0 0x2378 0x1378
__C_specific_handler 0x0 0x1800020e8 0x2380 0x1380
_amsg_exit 0x0 0x1800020f0 0x2388 0x1388
_encoded_null 0x0 0x1800020f8 0x2390 0x1390
free 0x0 0x180002100 0x2398 0x1398
_initterm_e 0x0 0x180002108 0x23a0 0x13a0
_initterm 0x0 0x180002110 0x23a8 0x13a8
_malloc_crt 0x0 0x180002118 0x23b0 0x13b0
Exports (4)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x180001000 0xd
DllMain 0x180001008 0xc
DllRegisterServer 0x180001000 0xe
DllUnregisterServer 0x180001000 0xf
Digital Signatures (2)
»
Signature Properties
LegalCopyright © 2010 Microsoft Corporation. All rights reserved.
InternalName MSOSOAPR3
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks Microsoft(R) is a registered trademark of Microsoft Corporation. Windows (R) is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office Soap
ProductVersion 15.0.4420.1017
FileDescription Microsoft Office Soap Resource DLL 3.0
OriginalFilename MSOSOAPR3.DLL
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\mssoapr3.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\mssoapr3.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\mssoapr3.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 41.32 KB
Hash Values MD5: a4844d8708a189a4292b02e61e5bf612
SHA1: 68c83a795f703075cdb8d1ee8c995ec58c1ebfba
SHA256: 03f35706da7c33d3096628f62b74297df677d93df5ef1edcde9bdde1669d7058
Actions
...
c:\program files\common files\microsoft shared\office15\1033\oarpmanr.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\oarpmanr.dll (Modified File)
Size 12.15 KB
Hash Values MD5: ee41c758a8df468da218d32f2f56c217
SHA1: 5bd6328400632b9b839be57f5ffc4412c176b7f7
SHA256: dea82dc2519d94070dc93f6ce0f96268c3f63c200cd5ccad8d42e4ce33bb879e
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0x1200
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 18:37:38
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rdata 0x180001000 0x170 0x200 0x400 CNT_INITIALIZED_DATA, MEM_READ 1.7
.rsrc 0x180002000 0xe8c 0x1000 0x600 CNT_INITIALIZED_DATA, MEM_READ 3.81
Digital Signatures (2)
»
Signature Properties
InternalName OARPMANR
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Office OARPMAN resource dll
OriginalFilename OARPMANR.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\oarpmanr.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\oarpmanr.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\oarpmanr.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 12.32 KB
Hash Values MD5: b5518f87053cf19ba6018ceebe450df1
SHA1: 650b95b51ca374cfc2a74153c30d2b1bbccabd51
SHA256: 4af68262225d8c0d637ce2c0dd52dbf27f58efdba6734cb3758022a0d031b537
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osfintl.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osfintl.dll (Modified File)
Size 130.63 KB
Hash Values MD5: 5a7da3333aae47c02c8fba040e3f679c
SHA1: de86dcd417ed56715d1575e54b44fa458d2a6000
SHA256: b0e628007646e79c0d74f3a41a60a9225e042de1edaef5fdc4c1eeb815b83b9f
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0x1ec00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 18:37:45
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rdata 0x180001000 0x16c 0x200 0x400 CNT_INITIALIZED_DATA, MEM_READ 1.71
.rsrc 0x180002000 0x1e8e8 0x1ea00 0x600 CNT_INITIALIZED_DATA, MEM_READ 6.44
Digital Signatures (2)
»
Signature Properties
InternalName osfintl
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Office 2013 component
OriginalFilename osfintl.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\osfintl.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osfintl.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\osfintl.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 130.81 KB
Hash Values MD5: c87b7565588cee387565a6c6ccf422a8
SHA1: 1bf44e86edf8ba912fd5a217a4ff814c3f8fe107
SHA256: 6e86e96a2347996cbfd82e10bff52c96c0ade00d22b04884914bbdc97bc7adb1
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osmdp32.msi
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osmdp32.msi (Modified File)
Size 2.18 MB
Hash Values MD5: 0a2c408dd0ca739f2b3166541dca414e
SHA1: 7e1812d16e16c031f46b4f695993eb7da6512775
SHA256: 1f6bd6b0d9750b1b96933bb4476c3d929ca3022c94338ea327bfcd60b9b0e1e7
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osmdp32.msi, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osmdp32.msi (Modified File)
c:\program files\common files\microsoft shared\office15\1033\osmdp32.msi.[sepsis@protonmail.com].sepsis (Created File)
Size 2.18 MB
Hash Values MD5: 3f0ad0ca2c91a4f1b5a2b9415b31c5ea
SHA1: 62ec23ca63aa2d44da770d752fc9b98c9c1446f9
SHA256: c709d3a80d9f054981f775496ca868e86cb361e946a8c6fd0beba9d5949de682
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osmdp64.msi
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osmdp64.msi (Modified File)
Size 2.30 MB
Hash Values MD5: 8788bb1d89f5c3d1c2ed6fda6e0874a4
SHA1: 461eefdc0da413f929e2780427bc740f6072abcb
SHA256: b4afa4deace1055af1cbf8a24e9a4f581c8213acf6485358f142af44fbc24b08
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osmdp64.msi, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osmdp64.msi (Modified File)
c:\program files\common files\microsoft shared\office15\1033\osmdp64.msi.[sepsis@protonmail.com].sepsis (Created File)
Size 2.30 MB
Hash Values MD5: 3b09458882c91c06db45a8036a963bda
SHA1: 17d33df3defa238d2d6ba933c24c0c648274a32d
SHA256: d1c4d43767cd10ddac2a4ce38db5ce08d28df5f7ca8f123fb7552ddde6d9b89c
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osmia32.msi
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osmia32.msi (Modified File)
Size 1.73 MB
Hash Values MD5: a7bf2a5229e9e7566ac64fd38b60e656
SHA1: 83699c3739b1e7839e81bd123cb3d5234ea9d982
SHA256: 8b073d4ef01d2832d96fa80c8276b5ac6e52191437c9d1a797a4eff3877338b8
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osmia32.msi, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osmia32.msi (Modified File)
c:\program files\common files\microsoft shared\office15\1033\osmia32.msi.[sepsis@protonmail.com].sepsis (Created File)
Size 1.73 MB
Hash Values MD5: 0f299c2a63890deeca9861ff427d1a91
SHA1: ce6d17cf73c38d4abc4dc11a9f75dea67d5eed21
SHA256: 0021b1fff8b2d5358656b6c22c935ce2294ae9f059594a0445feb03ee8517c29
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osmia64.msi
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osmia64.msi (Modified File)
Size 1.77 MB
Hash Values MD5: e07096cb89f2d178a14c5e81e6d12cd9
SHA1: 77a40ed76c814cb34a1da43a9201eb1f39fa84c0
SHA256: ff83e0451a67589c7bacfa8e8d4e10507633962895ab4d5a155165f2c5d559a4
Actions
...
c:\program files\common files\microsoft shared\office15\1033\osmia64.msi, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\osmia64.msi (Modified File)
c:\program files\common files\microsoft shared\office15\1033\osmia64.msi.[sepsis@protonmail.com].sepsis (Created File)
Size 1.77 MB
Hash Values MD5: 5f94fc6d7000ec07eab968cda69e9c43
SHA1: 3d30076587e78ce20e9a239e35a22db5a3338f5a
SHA256: 7316284f92a7fb4dfefe57f0ce52c76fa2b24f9ad2b7b57a4e7d1c1f18c92e61
Actions
...
c:\program files\common files\microsoft shared\office15\1033\readme.htm
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\readme.htm (Modified File)
Size 0.42 KB
Hash Values MD5: 8f68496d0f99b37e71c7bc326b0b9cbe
SHA1: 8ae59f5baa99e842653ad9376f308ad60ec1f802
SHA256: 6d021f570226ea01dc30f59f2775cf9fc2332658a3f5cdb2773ffe767b6213fe
Actions
...
c:\program files\common files\microsoft shared\office15\1033\readme.htm, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\readme.htm (Modified File)
c:\program files\common files\microsoft shared\office15\1033\readme.htm.[sepsis@protonmail.com].sepsis (Created File)
Size 0.59 KB
Hash Values MD5: 2c1a30b17e42db7703d4bf23ef0e7029
SHA1: fc8caa93324e7574d1deb61017689d7bc1ce8955
SHA256: 18e2826bf256d1072d4f933f20b96b2800d2ed359316c99276357e2f23100f01
Actions
...
c:\program files\common files\microsoft shared\office15\1033\xlsrvintl.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\xlsrvintl.dll (Modified File)
Size 256.13 KB
Hash Values MD5: 11d95746f2f93db9ae179d2a70bd0735
SHA1: 6ad0d37baa7ec6bced2ff29bbce6ded79e557cf3
SHA256: b3deddc19fbed73e423af31bfd83d814c26e9f18cc0908ef24c74bd78d1c5482
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point Unknown
Size Of Code 0x0
Size Of Initialized Data 0x3e200
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-09-29 18:37:08
Compiler/Packer Unknown
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.rdata 0x180001000 0x134 0x200 0x400 CNT_INITIALIZED_DATA, MEM_READ 1.48
.rsrc 0x180002000 0x3def4 0x3e000 0x600 CNT_INITIALIZED_DATA, MEM_READ 4.98
Digital Signatures (2)
»
Signature Properties
InternalName XLSRVINTL
FileVersion 15.0.4420.1017
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4420.1017
FileDescription Microsoft Office 2013 component
OriginalFilename XLSRVINTL.DLL
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-07-26 20:50
Valid to 2013-10-26 20:50
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 88 59 0E 3C 51 1F E2 6A 67 00 01 00 00 00 88
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\1033\xlsrvintl.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\1033\xlsrvintl.dll (Modified File)
c:\program files\common files\microsoft shared\office15\1033\xlsrvintl.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 256.31 KB
Hash Values MD5: af238c549f1c5c8c9876e7a2a8c21063
SHA1: 6932821d642411327a3983ad17ed866d8202e7f5
SHA256: 223c21269e7f5b898bd61824b8460222de0ce89c70ffaac94aeb946cb214bd6f
Actions
...
c:\program files\common files\microsoft shared\office15\acecore.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acecore.dll (Modified File)
Size 2.17 MB
Hash Values MD5: d91ca55ab74783fc4409c6b6fa6b2a7e
SHA1: 421c02567863ed9d3b5aa372f900c65e54e36da3
SHA256: d9f24cc34d30c077c1faa27dce0be711d58ebc67a524136a53e623a9d2d45cee
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001000
Size Of Code 0x1b9c00
Size Of Initialized Data 0x8d200
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:29:41
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x1b9bb4 0x1b9c00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.37
.rdata 0x1801bb000 0x518a4 0x51a00 0x1ba000 CNT_INITIALIZED_DATA, MEM_READ 4.44
.data 0x18020d000 0x26cec 0x8e00 0x20ba00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.51
.pdata 0x180234000 0x10bfc 0x10c00 0x214800 CNT_INITIALIZED_DATA, MEM_READ 6.17
.rsrc 0x180245000 0x488 0x600 0x225400 CNT_INITIALIZED_DATA, MEM_READ 2.68
.reloc 0x180246000 0x3744 0x3800 0x225a00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.45
Imports (220)
»
ole32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoTaskMemFree 0x0 0x1801bb000 0x1ea900 0x1e9900
CLSIDFromString 0x0 0x1801bb008 0x1ea908 0x1e9908
CreateStreamOnHGlobal 0x0 0x1801bb010 0x1ea910 0x1e9910
OleInitialize 0x0 0x1801bb018 0x1ea918 0x1e9918
CoCreateInstance 0x0 0x1801bb020 0x1ea920 0x1e9920
StringFromCLSID 0x0 0x1801bb028 0x1ea928 0x1e9928
IIDFromString 0x0 0x1801bb030 0x1ea930 0x1e9930
CoCreateGuid 0x0 0x1801bb038 0x1ea938 0x1e9938
StringFromGUID2 0x0 0x1801bb040 0x1ea940 0x1e9940
MSVCR100.dll (79)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_lock 0x0 0x1801bb050 0x1ea950 0x1e9950
__dllonexit 0x0 0x1801bb058 0x1ea958 0x1e9958
_unlock 0x0 0x1801bb060 0x1ea960 0x1e9960
__crt_debugger_hook 0x0 0x1801bb068 0x1ea968 0x1e9968
__CppXcptFilter 0x0 0x1801bb070 0x1ea970 0x1e9970
_amsg_exit 0x0 0x1801bb078 0x1ea978 0x1e9978
_encoded_null 0x0 0x1801bb080 0x1ea980 0x1e9980
_initterm_e 0x0 0x1801bb088 0x1ea988 0x1e9988
_initterm 0x0 0x1801bb090 0x1ea990 0x1e9990
_malloc_crt 0x0 0x1801bb098 0x1ea998 0x1e9998
vswprintf_s 0x0 0x1801bb0a0 0x1ea9a0 0x1e99a0
wcsncat_s 0x0 0x1801bb0a8 0x1ea9a8 0x1e99a8
_endthreadex 0x0 0x1801bb0b0 0x1ea9b0 0x1e99b0
_beginthreadex 0x0 0x1801bb0b8 0x1ea9b8 0x1e99b8
modf 0x0 0x1801bb0c0 0x1ea9c0 0x1e99c0
_localtime64_s 0x0 0x1801bb0c8 0x1ea9c8 0x1e99c8
_ecvt_s 0x0 0x1801bb0d0 0x1ea9d0 0x1e99d0
strtod 0x0 0x1801bb0d8 0x1ea9d8 0x1e99d8
_errno 0x0 0x1801bb0e0 0x1ea9e0 0x1e99e0
strchr 0x0 0x1801bb0e8 0x1ea9e8 0x1e99e8
isxdigit 0x0 0x1801bb0f0 0x1ea9f0 0x1e99f0
_wtol 0x0 0x1801bb0f8 0x1ea9f8 0x1e99f8
tolower 0x0 0x1801bb100 0x1eaa00 0x1e9a00
_wcsnicmp 0x0 0x1801bb108 0x1eaa08 0x1e9a08
toupper 0x0 0x1801bb110 0x1eaa10 0x1e9a10
srand 0x0 0x1801bb118 0x1eaa18 0x1e9a18
_vsnprintf_s 0x0 0x1801bb120 0x1eaa20 0x1e9a20
isdigit 0x0 0x1801bb128 0x1eaa28 0x1e9a28
_wtoi 0x0 0x1801bb130 0x1eaa30 0x1e9a30
fputs 0x0 0x1801bb138 0x1eaa38 0x1e9a38
fopen_s 0x0 0x1801bb140 0x1eaa40 0x1e9a40
fclose 0x0 0x1801bb148 0x1eaa48 0x1e9a48
fputws 0x0 0x1801bb150 0x1eaa50 0x1e9a50
_wcsupr_s 0x0 0x1801bb158 0x1eaa58 0x1e9a58
_wcslwr_s 0x0 0x1801bb160 0x1eaa60 0x1e9a60
wcsrchr 0x0 0x1801bb168 0x1eaa68 0x1e9a68
_setjmp 0x0 0x1801bb170 0x1eaa70 0x1e9a70
__C_specific_handler 0x0 0x1801bb178 0x1eaa78 0x1e9a78
_onexit 0x0 0x1801bb180 0x1eaa80 0x1e9a80
rand 0x0 0x1801bb188 0x1eaa88 0x1e9a88
longjmp 0x0 0x1801bb190 0x1eaa90 0x1e9a90
ldiv 0x0 0x1801bb198 0x1eaa98 0x1e9a98
atoi 0x0 0x1801bb1a0 0x1eaaa0 0x1e9aa0
wcsnlen 0x0 0x1801bb1a8 0x1eaaa8 0x1e9aa8
_stricmp 0x0 0x1801bb1b0 0x1eaab0 0x1e9ab0
?what@exception@std@@UEBAPEBDXZ 0x0 0x1801bb1b8 0x1eaab8 0x1e9ab8
??0exception@std@@QEAA@AEBQEBD@Z 0x0 0x1801bb1c0 0x1eaac0 0x1e9ac0
wcscspn 0x0 0x1801bb1c8 0x1eaac8 0x1e9ac8
_invalid_parameter_noinfo_noreturn 0x0 0x1801bb1d0 0x1eaad0 0x1e9ad0
__RTDynamicCast 0x0 0x1801bb1d8 0x1eaad8 0x1e9ad8
??1exception@std@@UEAA@XZ 0x0 0x1801bb1e0 0x1eaae0 0x1e9ae0
??0exception@std@@QEAA@AEBV01@@Z 0x0 0x1801bb1e8 0x1eaae8 0x1e9ae8
memcpy_s 0x0 0x1801bb1f0 0x1eaaf0 0x1e9af0
__CxxFrameHandler3 0x0 0x1801bb1f8 0x1eaaf8 0x1e9af8
_CxxThrowException 0x0 0x1801bb200 0x1eab00 0x1e9b00
?terminate@@YAXXZ 0x0 0x1801bb208 0x1eab08 0x1e9b08
ceil 0x0 0x1801bb210 0x1eab10 0x1e9b10
_snprintf_s 0x0 0x1801bb218 0x1eab18 0x1e9b18
_time64 0x0 0x1801bb220 0x1eab20 0x1e9b20
strncpy_s 0x0 0x1801bb228 0x1eab28 0x1e9b28
malloc 0x0 0x1801bb230 0x1eab30 0x1e9b30
_snwprintf_s 0x0 0x1801bb238 0x1eab38 0x1e9b38
memmove 0x0 0x1801bb240 0x1eab40 0x1e9b40
memmove_s 0x0 0x1801bb248 0x1eab48 0x1e9b48
free 0x0 0x1801bb250 0x1eab50 0x1e9b50
memcmp 0x0 0x1801bb258 0x1eab58 0x1e9b58
wcsncmp 0x0 0x1801bb260 0x1eab60 0x1e9b60
wcschr 0x0 0x1801bb268 0x1eab68 0x1e9b68
_wsplitpath_s 0x0 0x1801bb270 0x1eab70 0x1e9b70
towupper 0x0 0x1801bb278 0x1eab78 0x1e9b78
wcsstr 0x0 0x1801bb280 0x1eab80 0x1e9b80
memset 0x0 0x1801bb288 0x1eab88 0x1e9b88
memcpy 0x0 0x1801bb290 0x1eab90 0x1e9b90
wcsncpy_s 0x0 0x1801bb298 0x1eab98 0x1e9b98
wcstol 0x0 0x1801bb2a0 0x1eaba0 0x1e9ba0
iswctype 0x0 0x1801bb2a8 0x1eaba8 0x1e9ba8
__clean_type_info_names_internal 0x0 0x1801bb2b0 0x1eabb0 0x1e9bb0
_wcsicmp 0x0 0x1801bb2b8 0x1eabb8 0x1e9bb8
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x1801bb2c0 0x1eabc0 0x1e9bc0
ADVAPI32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
EventWrite 0x0 0x1801bb2d0 0x1eabd0 0x1e9bd0
EventUnregister 0x0 0x1801bb2d8 0x1eabd8 0x1e9bd8
EventRegister 0x0 0x1801bb2e0 0x1eabe0 0x1e9be0
RegisterEventSourceW 0x0 0x1801bb2e8 0x1eabe8 0x1e9be8
DeregisterEventSource 0x0 0x1801bb2f0 0x1eabf0 0x1e9bf0
RegGetValueW 0x0 0x1801bb2f8 0x1eabf8 0x1e9bf8
RegQueryValueExW 0x0 0x1801bb300 0x1eac00 0x1e9c00
RegQueryValueExA 0x0 0x1801bb308 0x1eac08 0x1e9c08
RegOpenKeyExW 0x0 0x1801bb310 0x1eac10 0x1e9c10
RegEnumKeyExW 0x0 0x1801bb318 0x1eac18 0x1e9c18
GetUserNameW 0x0 0x1801bb320 0x1eac20 0x1e9c20
OpenThreadToken 0x0 0x1801bb328 0x1eac28 0x1e9c28
SetThreadToken 0x0 0x1801bb330 0x1eac30 0x1e9c30
RegOpenKeyExA 0x0 0x1801bb338 0x1eac38 0x1e9c38
RegCloseKey 0x0 0x1801bb340 0x1eac40 0x1e9c40
ReportEventW 0x0 0x1801bb348 0x1eac48 0x1e9c48
KERNEL32.dll (92)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadLibraryExW 0x0 0x1801bb358 0x1eac58 0x1e9c58
GetModuleHandleW 0x0 0x1801bb360 0x1eac60 0x1e9c60
GetModuleFileNameW 0x0 0x1801bb368 0x1eac68 0x1e9c68
GetTempPathW 0x0 0x1801bb370 0x1eac70 0x1e9c70
GetTempFileNameW 0x0 0x1801bb378 0x1eac78 0x1e9c78
GetShortPathNameW 0x0 0x1801bb380 0x1eac80 0x1e9c80
GetFullPathNameW 0x0 0x1801bb388 0x1eac88 0x1e9c88
FindFirstFileW 0x0 0x1801bb390 0x1eac90 0x1e9c90
DeleteFileW 0x0 0x1801bb398 0x1eac98 0x1e9c98
ExpandEnvironmentStringsW 0x0 0x1801bb3a0 0x1eaca0 0x1e9ca0
GetModuleHandleA 0x0 0x1801bb3a8 0x1eaca8 0x1e9ca8
GetCurrentThread 0x0 0x1801bb3b0 0x1eacb0 0x1e9cb0
RaiseException 0x0 0x1801bb3b8 0x1eacb8 0x1e9cb8
GetCurrencyFormatA 0x0 0x1801bb3c0 0x1eacc0 0x1e9cc0
GetNumberFormatA 0x0 0x1801bb3c8 0x1eacc8 0x1e9cc8
GetTimeFormatA 0x0 0x1801bb3d0 0x1eacd0 0x1e9cd0
GetDateFormatA 0x0 0x1801bb3d8 0x1eacd8 0x1e9cd8
GetDateFormatW 0x0 0x1801bb3e0 0x1eace0 0x1e9ce0
GetSystemTimeAsFileTime 0x0 0x1801bb3e8 0x1eace8 0x1e9ce8
GetCurrentThreadId 0x0 0x1801bb3f0 0x1eacf0 0x1e9cf0
CreateEventA 0x0 0x1801bb3f8 0x1eacf8 0x1e9cf8
WaitForSingleObject 0x0 0x1801bb400 0x1ead00 0x1e9d00
ResetEvent 0x0 0x1801bb408 0x1ead08 0x1e9d08
SetEvent 0x0 0x1801bb410 0x1ead10 0x1e9d10
GetComputerNameA 0x0 0x1801bb418 0x1ead18 0x1e9d18
GlobalMemoryStatus 0x0 0x1801bb420 0x1ead20 0x1e9d20
GetSystemInfo 0x0 0x1801bb428 0x1ead28 0x1e9d28
ResumeThread 0x0 0x1801bb430 0x1ead30 0x1e9d30
SetThreadPriority 0x0 0x1801bb438 0x1ead38 0x1e9d38
GetProcessHeap 0x0 0x1801bb440 0x1ead40 0x1e9d40
HeapFree 0x0 0x1801bb448 0x1ead48 0x1e9d48
HeapAlloc 0x0 0x1801bb450 0x1ead50 0x1e9d50
WriteFile 0x0 0x1801bb458 0x1ead58 0x1e9d58
UnlockFile 0x0 0x1801bb460 0x1ead60 0x1e9d60
SetFilePointer 0x0 0x1801bb468 0x1ead68 0x1e9d68
LockFile 0x0 0x1801bb470 0x1ead70 0x1e9d70
GetFileType 0x0 0x1801bb478 0x1ead78 0x1e9d78
GetFileSize 0x0 0x1801bb480 0x1ead80 0x1e9d80
GetFileInformationByHandle 0x0 0x1801bb488 0x1ead88 0x1e9d88
FlushFileBuffers 0x0 0x1801bb490 0x1ead90 0x1e9d90
FindClose 0x0 0x1801bb498 0x1ead98 0x1e9d98
GetLocaleInfoA 0x0 0x1801bb4a0 0x1eada0 0x1e9da0
Sleep 0x0 0x1801bb4a8 0x1eada8 0x1e9da8
ReadFile 0x0 0x1801bb4b0 0x1eadb0 0x1e9db0
GetFileSizeEx 0x0 0x1801bb4b8 0x1eadb8 0x1e9db8
LocalFree 0x0 0x1801bb4c0 0x1eadc0 0x1e9dc0
LocalAlloc 0x0 0x1801bb4c8 0x1eadc8 0x1e9dc8
TlsFree 0x0 0x1801bb4d0 0x1eadd0 0x1e9dd0
TlsSetValue 0x0 0x1801bb4d8 0x1eadd8 0x1e9dd8
TlsGetValue 0x0 0x1801bb4e0 0x1eade0 0x1e9de0
TlsAlloc 0x0 0x1801bb4e8 0x1eade8 0x1e9de8
lstrlenW 0x0 0x1801bb4f0 0x1eadf0 0x1e9df0
GetUserDefaultLangID 0x0 0x1801bb4f8 0x1eadf8 0x1e9df8
GetLocaleInfoW 0x0 0x1801bb500 0x1eae00 0x1e9e00
QueryPerformanceCounter 0x0 0x1801bb508 0x1eae08 0x1e9e08
HeapSetInformation 0x0 0x1801bb510 0x1eae10 0x1e9e10
GetCurrentProcessId 0x0 0x1801bb518 0x1eae18 0x1e9e18
VirtualProtect 0x0 0x1801bb520 0x1eae20 0x1e9e20
WerRegisterMemoryBlock 0x0 0x1801bb528 0x1eae28 0x1e9e28
EncodePointer 0x0 0x1801bb530 0x1eae30 0x1e9e30
DecodePointer 0x0 0x1801bb538 0x1eae38 0x1e9e38
TerminateProcess 0x0 0x1801bb540 0x1eae40 0x1e9e40
GetCurrentProcess 0x0 0x1801bb548 0x1eae48 0x1e9e48
UnhandledExceptionFilter 0x0 0x1801bb550 0x1eae50 0x1e9e50
SetUnhandledExceptionFilter 0x0 0x1801bb558 0x1eae58 0x1e9e58
IsDebuggerPresent 0x0 0x1801bb560 0x1eae60 0x1e9e60
RtlVirtualUnwind 0x0 0x1801bb568 0x1eae68 0x1e9e68
RtlLookupFunctionEntry 0x0 0x1801bb570 0x1eae70 0x1e9e70
RtlCaptureContext 0x0 0x1801bb578 0x1eae78 0x1e9e78
CreateThread 0x0 0x1801bb580 0x1eae80 0x1e9e80
DisableThreadLibraryCalls 0x0 0x1801bb588 0x1eae88 0x1e9e88
DeleteFileA 0x0 0x1801bb590 0x1eae90 0x1e9e90
CloseHandle 0x0 0x1801bb598 0x1eae98 0x1e9e98
GetLastError 0x0 0x1801bb5a0 0x1eaea0 0x1e9ea0
InitializeCriticalSection 0x0 0x1801bb5a8 0x1eaea8 0x1e9ea8
EnterCriticalSection 0x0 0x1801bb5b0 0x1eaeb0 0x1e9eb0
LeaveCriticalSection 0x0 0x1801bb5b8 0x1eaeb8 0x1e9eb8
DeleteCriticalSection 0x0 0x1801bb5c0 0x1eaec0 0x1e9ec0
GetLocalTime 0x0 0x1801bb5c8 0x1eaec8 0x1e9ec8
GetTickCount 0x0 0x1801bb5d0 0x1eaed0 0x1e9ed0
GetVersionExA 0x0 0x1801bb5d8 0x1eaed8 0x1e9ed8
VirtualAlloc 0x0 0x1801bb5e0 0x1eaee0 0x1e9ee0
VirtualFree 0x0 0x1801bb5e8 0x1eaee8 0x1e9ee8
VirtualQuery 0x0 0x1801bb5f0 0x1eaef0 0x1e9ef0
LoadLibraryA 0x0 0x1801bb5f8 0x1eaef8 0x1e9ef8
FreeLibrary 0x0 0x1801bb600 0x1eaf00 0x1e9f00
GetProcAddress 0x0 0x1801bb608 0x1eaf08 0x1e9f08
GetUserDefaultLCID 0x0 0x1801bb610 0x1eaf10 0x1e9f10
MultiByteToWideChar 0x0 0x1801bb618 0x1eaf18 0x1e9f18
WideCharToMultiByte 0x0 0x1801bb620 0x1eaf20 0x1e9f20
GetCPInfo 0x0 0x1801bb628 0x1eaf28 0x1e9f28
IsDBCSLeadByte 0x0 0x1801bb630 0x1eaf30 0x1e9f30
OLEAUT32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VariantInit 0x8 0x1801bb640 0x1eaf40 0x1e9f40
SysAllocString 0x2 0x1801bb648 0x1eaf48 0x1e9f48
SafeArrayDestroy 0x10 0x1801bb650 0x1eaf50 0x1e9f50
SafeArrayPutElement 0x1a 0x1801bb658 0x1eaf58 0x1e9f58
SafeArrayCreateVector 0x19b 0x1801bb660 0x1eaf60 0x1e9f60
VariantClear 0x9 0x1801bb668 0x1eaf68 0x1e9f68
SysAllocStringLen 0x4 0x1801bb670 0x1eaf70 0x1e9f70
SysFreeString 0x6 0x1801bb678 0x1eaf78 0x1e9f78
SysStringLen 0x7 0x1801bb680 0x1eaf80 0x1e9f80
SysStringByteLen 0x95 0x1801bb688 0x1eaf88 0x1e9f88
SysAllocStringByteLen 0x96 0x1801bb690 0x1eaf90 0x1e9f90
VarBstrCmp 0x13a 0x1801bb698 0x1eaf98 0x1e9f98
VarBstrCat 0x139 0x1801bb6a0 0x1eafa0 0x1e9fa0
VariantChangeTypeEx 0x93 0x1801bb6a8 0x1eafa8 0x1e9fa8
VariantCopy 0xa 0x1801bb6b0 0x1eafb0 0x1e9fb0
SafeArrayCreate 0xf 0x1801bb6b8 0x1eafb8 0x1e9fb8
SafeArrayLock 0x15 0x1801bb6c0 0x1eafc0 0x1e9fc0
SafeArrayUnlock 0x16 0x1801bb6c8 0x1eafc8 0x1e9fc8
SafeArrayAccessData 0x17 0x1801bb6d0 0x1eafd0 0x1e9fd0
SafeArrayUnaccessData 0x18 0x1801bb6d8 0x1eafd8 0x1e9fd8
VariantChangeType 0xc 0x1801bb6e0 0x1eafe0 0x1e9fe0
MSVCP100.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_Orphan_all@_Container_base0@std@@QEAAXXZ 0x0 0x1801bb6f0 0x1eaff0 0x1e9ff0
?_Xout_of_range@std@@YAXPEBD@Z 0x0 0x1801bb6f8 0x1eaff8 0x1e9ff8
?_Xlength_error@std@@YAXPEBD@Z 0x0 0x1801bb700 0x1eb000 0x1ea000
Exports (170)
»
Api name EAT Address Ordinal
None 0x1801062fc 0x32
None 0x180106344 0x33
None 0x180106360 0x34
None 0x180106a40 0x35
None 0x180106ad8 0x36
None 0x180106af8 0x37
None 0x1800e3c44 0x38
None 0x1800f983c 0x39
None 0x1800af8b4 0x65
None 0x1801010ac 0x66
None 0x18003ee50 0x67
None 0x1800ae5f0 0x68
None 0x1800f745c 0x69
None 0x180100624 0x6a
None 0x18009c1e0 0x6b
None 0x180044cb0 0x6c
None 0x1800ae9ac 0x6d
None 0x1800e587c 0x6e
None 0x1800f8640 0x6f
None 0x1800f74e8 0x70
None 0x180100dd4 0x71
None 0x1800b4744 0x72
None 0x1800edc3c 0x73
None 0x1800e4854 0x74
None 0x1800f8128 0x75
None 0x1800aebac 0x76
None 0x180100328 0x77
None 0x180079d8c 0x78
None 0x1800dbff4 0x79
None 0x180101998 0x7a
None 0x1800f7e34 0x7b
None 0x1800f24e4 0x7c
None 0x1800f833c 0x7d
None 0x1800ac544 0x7e
None 0x180100b30 0x7f
None 0x180085a10 0x80
None 0x18007fde0 0x81
None 0x1800b51f8 0x82
None 0x1800c4acc 0x83
None 0x1800863a0 0x84
None 0x180046f94 0x85
None 0x1800f5d7c 0x86
None 0x1800abc90 0x87
None 0x180044d14 0x88
None 0x1800945e8 0x89
None 0x1800477f0 0x8a
None 0x1800c109c 0x8b
None 0x180044e60 0x8c
None 0x180101fec 0x8d
None 0x1800f5c70 0x8e
None 0x1800f7ba4 0x8f
None 0x180100118 0x90
None 0x180008164 0x91
None 0x180046a58 0x92
None 0x1800bb40c 0x93
None 0x1800843cc 0x94
None 0x1800f7ab4 0x95
None 0x1800f7440 0x96
None 0x18008b4a8 0x97
None 0x1800f5cf4 0x98
None 0x1800938d4 0x99
None 0x1800023c4 0x9a
None 0x180046cd4 0x9b
None 0x180044910 0x9c
None 0x18004341c 0x9d
None 0x18004531c 0x9e
None 0x18007e398 0x9f
None 0x1801014b4 0xa0
None 0x1800dd2ec 0xa1
None 0x1800f7d48 0xa2
None 0x1800f5a50 0xa3
None 0x1800f8248 0xa4
None 0x1800f2954 0xa5
None 0x1800f84ac 0xa6
None 0x1800449e4 0xa7
None 0x1800f5fa0 0xa8
None 0x1800f5c0c 0xa9
None 0x180046da8 0xaa
None 0x1800c42e8 0xab
None 0x18007e988 0xac
None 0x180046c60 0xad
None 0x1800f8b70 0xae
None 0x180101c34 0xaf
None 0x18003e33c 0xb0
None 0x1800942d4 0xb1
None 0x18003da1c 0xb2
None 0x18007ef38 0xb3
None 0x18004a690 0xb4
None 0x1800f8be4 0xb5
None 0x1800f8c68 0xb6
None 0x1800f8c68 0xb7
None 0x1800e3128 0xb8
None 0x1800094b0 0xb9
None 0x1800f790c 0xba
None 0x1800f8b08 0xbb
None 0x1800f8b44 0xbc
None 0x1800f8c68 0xbd
None 0x18008b3ec 0xbe
None 0x1800f728c 0xbf
None 0x180044cb0 0xc0
None 0x180089ce0 0xc1
None 0x1800f7300 0xc2
None 0x1800e4218 0xc3
None 0x1800898d8 0xc4
None 0x1800b0820 0xc7
None 0x18008583c 0xc8
None 0x1800f6700 0xc9
None 0x1800f6ae8 0xca
None 0x1800f69e8 0xcb
None 0x18009ba7c 0xcc
None 0x1800f3d20 0x12d
None 0x180089540 0x12e
None 0x1800f86dc 0x12f
None 0x180090e9c 0x130
None 0x1800922a8 0x131
None 0x1801532f0 0x132
None 0x18015337c 0x133
None 0x1800db090 0x134
None 0x1801541cc 0x135
None 0x1801540f4 0x136
None 0x1800b9540 0x137
None 0x18008b760 0x138
None 0x180153e5c 0x139
None 0x1800f49ec 0x13a
None 0x18009444c 0x13b
None 0x1800d4e20 0x13c
None 0x1800b5ca4 0x13d
None 0x1800865a8 0x13e
None 0x18002c71c 0x13f
None 0x1800e23cc 0x140
None 0x1800d69e8 0x141
None 0x1801940a0 0x145
None 0x1800f581c 0x146
None 0x18015353c 0x147
None 0x180153604 0x148
None 0x180153854 0x149
None 0x180153918 0x14a
None 0x1800cdb28 0x14b
None 0x1800cb3ec 0x14c
None 0x180153798 0x14d
None 0x180153a5c 0x14e
None 0x1800bb618 0x14f
None 0x1800f3330 0x151
None 0x1800f5e00 0x153
None 0x180153b08 0x155
None 0x180153b48 0x156
None 0x180153bc0 0x157
None 0x180153c10 0x158
None 0x180153c80 0x159
None 0x180153cf0 0x15a
None 0x1801533e0 0x15b
None 0x18015342c 0x15c
None 0x18015346c 0x15d
None 0x1801534cc 0x15e
None 0x1800dae64 0x15f
None 0x180153d30 0x160
None 0x1800fce80 0x161
None 0x1800ce678 0x162
None 0x1800ce39c 0x163
None 0x1801536cc 0x164
None 0x1800f7834 0x191
None 0x1800f8c68 0x192
None 0x1800f78a8 0x193
None 0x1800f8c68 0x194
None 0x1800f8c68 0x195
None 0x1800f8c68 0x196
None 0x1800f8c68 0x197
None 0x1800f8c68 0x198
None 0x1800f8c68 0x199
None 0x1800f8c68 0x19a
Digital Signatures (2)
»
Signature Properties
InternalName acecore
FileVersion 15.0.4569.1503
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4569.1503
FileDescription Microsoft Access database engine DLL
OriginalFilename acecore.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-11-11 22:11
Valid to 2015-02-11 22:11
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 4C A1 E8 4D CC B4 74 7B 3B 00 00 00 00 00 4C
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\acecore.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acecore.dll (Modified File)
c:\program files\common files\microsoft shared\office15\acecore.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 2.17 MB
Hash Values MD5: c38c8e56896e4b6f62ba80600da2b576
SHA1: 70bc45e9f8c74b0dab7bed3c6480b7803c33833b
SHA256: 16a27ed87324a63e5f07bce00d5e1c65c77952a93ad956dacac865798c8a344f
Actions
...
c:\program files\common files\microsoft shared\office15\acedao.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acedao.dll (Modified File)
Size 602.75 KB
Hash Values MD5: 007d0774541f6a407ab2ab423809a589
SHA1: 5e9ffb67ebeec13ef1b105fd72822ac6214e4f77
SHA256: c692d04a55a7e6b8867a6537ab503cb115fa006121c1bfb9b243bbef7f3a2a36
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001000
Size Of Code 0x62800
Size Of Initialized Data 0x33000
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:14:21
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x6263c 0x62800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.31
.rdata 0x180064000 0x199e4 0x19a00 0x62c00 CNT_INITIALIZED_DATA, MEM_READ 3.8
.data 0x18007e000 0x3018 0x2600 0x7c600 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.96
.pdata 0x180082000 0x4f74 0x5000 0x7ec00 CNT_INITIALIZED_DATA, MEM_READ 5.62
.rsrc 0x180087000 0xf0a8 0xf200 0x83c00 CNT_INITIALIZED_DATA, MEM_READ 4.76
.reloc 0x180097000 0x21b8 0x2200 0x92e00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.44
Imports (129)
»
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoGetMalloc 0x0 0x180064000 0x7aa48 0x79648
StringFromGUID2 0x0 0x180064008 0x7aa50 0x79650
MSVCR100.dll (36)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x180064018 0x7aa60 0x79660
?terminate@@YAXXZ 0x0 0x180064020 0x7aa68 0x79668
__clean_type_info_names_internal 0x0 0x180064028 0x7aa70 0x79670
_onexit 0x0 0x180064030 0x7aa78 0x79678
_lock 0x0 0x180064038 0x7aa80 0x79680
__dllonexit 0x0 0x180064040 0x7aa88 0x79688
_unlock 0x0 0x180064048 0x7aa90 0x79690
__crt_debugger_hook 0x0 0x180064050 0x7aa98 0x79698
__CppXcptFilter 0x0 0x180064058 0x7aaa0 0x796a0
_amsg_exit 0x0 0x180064060 0x7aaa8 0x796a8
_encoded_null 0x0 0x180064068 0x7aab0 0x796b0
_initterm_e 0x0 0x180064070 0x7aab8 0x796b8
_initterm 0x0 0x180064078 0x7aac0 0x796c0
_malloc_crt 0x0 0x180064080 0x7aac8 0x796c8
wcsrchr 0x0 0x180064088 0x7aad0 0x796d0
wcsncat_s 0x0 0x180064090 0x7aad8 0x796d8
_stricmp 0x0 0x180064098 0x7aae0 0x796e0
__C_specific_handler 0x0 0x1800640a0 0x7aae8 0x796e8
_wcsicmp 0x0 0x1800640a8 0x7aaf0 0x796f0
_vsnwprintf_s 0x0 0x1800640b0 0x7aaf8 0x796f8
wcscspn 0x0 0x1800640b8 0x7ab00 0x79700
_wtoi 0x0 0x1800640c0 0x7ab08 0x79708
atol 0x0 0x1800640c8 0x7ab10 0x79710
atoi 0x0 0x1800640d0 0x7ab18 0x79718
_wcsnicmp 0x0 0x1800640d8 0x7ab20 0x79720
wcsstr 0x0 0x1800640e0 0x7ab28 0x79728
wcschr 0x0 0x1800640e8 0x7ab30 0x79730
_snwprintf_s 0x0 0x1800640f0 0x7ab38 0x79738
malloc 0x0 0x1800640f8 0x7ab40 0x79740
free 0x0 0x180064100 0x7ab48 0x79748
memmove 0x0 0x180064108 0x7ab50 0x79750
memchr 0x0 0x180064110 0x7ab58 0x79758
memset 0x0 0x180064118 0x7ab60 0x79760
toupper 0x0 0x180064120 0x7ab68 0x79768
wcsncpy_s 0x0 0x180064128 0x7ab70 0x79770
memcpy 0x0 0x180064130 0x7ab78 0x79778
KERNEL32.dll (55)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LocalAlloc 0x0 0x180064140 0x7ab88 0x79788
RtlCaptureContext 0x0 0x180064148 0x7ab90 0x79790
RtlLookupFunctionEntry 0x0 0x180064150 0x7ab98 0x79798
RtlVirtualUnwind 0x0 0x180064158 0x7aba0 0x797a0
IsDebuggerPresent 0x0 0x180064160 0x7aba8 0x797a8
SetUnhandledExceptionFilter 0x0 0x180064168 0x7abb0 0x797b0
UnhandledExceptionFilter 0x0 0x180064170 0x7abb8 0x797b8
GetCurrentProcess 0x0 0x180064178 0x7abc0 0x797c0
TerminateProcess 0x0 0x180064180 0x7abc8 0x797c8
DecodePointer 0x0 0x180064188 0x7abd0 0x797d0
EncodePointer 0x0 0x180064190 0x7abd8 0x797d8
WerRegisterMemoryBlock 0x0 0x180064198 0x7abe0 0x797e0
VirtualProtect 0x0 0x1800641a0 0x7abe8 0x797e8
GetTickCount 0x0 0x1800641a8 0x7abf0 0x797f0
GetSystemTimeAsFileTime 0x0 0x1800641b0 0x7abf8 0x797f8
HeapSetInformation 0x0 0x1800641b8 0x7ac00 0x79800
GetProcessHeap 0x0 0x1800641c0 0x7ac08 0x79808
QueryPerformanceCounter 0x0 0x1800641c8 0x7ac10 0x79810
TlsGetValue 0x0 0x1800641d0 0x7ac18 0x79818
lstrlenW 0x0 0x1800641d8 0x7ac20 0x79820
GetProcAddress 0x0 0x1800641e0 0x7ac28 0x79828
CompareStringW 0x0 0x1800641e8 0x7ac30 0x79830
WideCharToMultiByte 0x0 0x1800641f0 0x7ac38 0x79838
GetCPInfo 0x0 0x1800641f8 0x7ac40 0x79840
CompareStringA 0x0 0x180064200 0x7ac48 0x79848
GetSystemDefaultLCID 0x0 0x180064208 0x7ac50 0x79850
FreeLibrary 0x0 0x180064210 0x7ac58 0x79858
GlobalAlloc 0x0 0x180064218 0x7ac60 0x79860
GlobalReAlloc 0x0 0x180064220 0x7ac68 0x79868
GlobalLock 0x0 0x180064228 0x7ac70 0x79870
GlobalUnlock 0x0 0x180064230 0x7ac78 0x79878
GlobalFree 0x0 0x180064238 0x7ac80 0x79880
lstrlenA 0x0 0x180064240 0x7ac88 0x79888
MultiByteToWideChar 0x0 0x180064248 0x7ac90 0x79890
InitializeCriticalSection 0x0 0x180064250 0x7ac98 0x79898
DeleteCriticalSection 0x0 0x180064258 0x7aca0 0x798a0
TlsSetValue 0x0 0x180064260 0x7aca8 0x798a8
Sleep 0x0 0x180064268 0x7acb0 0x798b0
TlsAlloc 0x0 0x180064270 0x7acb8 0x798b8
TlsFree 0x0 0x180064278 0x7acc0 0x798c0
EnterCriticalSection 0x0 0x180064280 0x7acc8 0x798c8
LeaveCriticalSection 0x0 0x180064288 0x7acd0 0x798d0
GetCurrentProcessId 0x0 0x180064290 0x7acd8 0x798d8
GetCurrentThreadId 0x0 0x180064298 0x7ace0 0x798e0
CreateFileW 0x0 0x1800642a0 0x7ace8 0x798e8
DeleteFileW 0x0 0x1800642a8 0x7acf0 0x798f0
GetFileAttributesW 0x0 0x1800642b0 0x7acf8 0x798f8
GetFullPathNameW 0x0 0x1800642b8 0x7ad00 0x79900
WriteFile 0x0 0x1800642c0 0x7ad08 0x79908
CloseHandle 0x0 0x1800642c8 0x7ad10 0x79910
GetLastError 0x0 0x1800642d0 0x7ad18 0x79918
RaiseException 0x0 0x1800642d8 0x7ad20 0x79920
LoadLibraryA 0x0 0x1800642e0 0x7ad28 0x79928
GetModuleHandleW 0x0 0x1800642e8 0x7ad30 0x79930
LoadLibraryExW 0x0 0x1800642f0 0x7ad38 0x79938
ADVAPI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
EventWrite 0x0 0x180064300 0x7ad48 0x79948
EventUnregister 0x0 0x180064308 0x7ad50 0x79950
EventRegister 0x0 0x180064310 0x7ad58 0x79958
RegOpenKeyExA 0x0 0x180064318 0x7ad60 0x79960
RegCloseKey 0x0 0x180064320 0x7ad68 0x79968
RegGetValueW 0x0 0x180064328 0x7ad70 0x79970
RegQueryValueExW 0x0 0x180064330 0x7ad78 0x79978
OLEAUT32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysStringLen 0x7 0x180064340 0x7ad88 0x79988
SysStringByteLen 0x95 0x180064348 0x7ad90 0x79990
SysFreeString 0x6 0x180064350 0x7ad98 0x79998
SysAllocStringLen 0x4 0x180064358 0x7ada0 0x799a0
SysAllocString 0x2 0x180064360 0x7ada8 0x799a8
SetErrorInfo 0xc9 0x180064368 0x7adb0 0x799b0
CreateErrorInfo 0xca 0x180064370 0x7adb8 0x799b8
SysAllocStringByteLen 0x96 0x180064378 0x7adc0 0x799c0
LoadTypeLib 0xa1 0x180064380 0x7adc8 0x799c8
LoadRegTypeLib 0xa2 0x180064388 0x7add0 0x799d0
DispGetIDsOfNames 0x1d 0x180064390 0x7add8 0x799d8
DispInvoke 0x1e 0x180064398 0x7ade0 0x799e0
VariantInit 0x8 0x1800643a0 0x7ade8 0x799e8
GetErrorInfo 0xc8 0x1800643a8 0x7adf0 0x799f0
VariantClear 0x9 0x1800643b0 0x7adf8 0x799f8
SysReAllocString 0x3 0x1800643b8 0x7ae00 0x79a00
SafeArrayCreate 0xf 0x1800643c0 0x7ae08 0x79a08
SafeArrayDestroy 0x10 0x1800643c8 0x7ae10 0x79a10
SafeArrayRedim 0x28 0x1800643d0 0x7ae18 0x79a18
SafeArrayLock 0x15 0x1800643d8 0x7ae20 0x79a20
SafeArrayUnlock 0x16 0x1800643e0 0x7ae28 0x79a28
VariantCopy 0xa 0x1800643e8 0x7ae30 0x79a30
VariantChangeType 0xc 0x1800643f0 0x7ae38 0x79a38
VariantChangeTypeEx 0x93 0x1800643f8 0x7ae40 0x79a40
SafeArrayGetUBound 0x13 0x180064400 0x7ae48 0x79a48
SafeArrayAccessData 0x17 0x180064408 0x7ae50 0x79a50
SafeArrayUnaccessData 0x18 0x180064410 0x7ae58 0x79a58
SafeArrayGetElement 0x19 0x180064418 0x7ae60 0x79a60
SafeArrayPutElement 0x1a 0x180064420 0x7ae68 0x79a68
Exports (2)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x1800302e4 0x1
DllGetClassObject 0x180001ed4 0x2
Digital Signatures (2)
»
Signature Properties
InternalName acedao
FileVersion 15.0.4569.1503
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4569.1503
FileDescription Microsoft Access database engine Data Access Object Library
OriginalFilename acedao.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 34 24 31 40 C9 A0 C1 79 8D 00 00 00 00 00 34
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\acedao.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acedao.dll (Modified File)
c:\program files\common files\microsoft shared\office15\acedao.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 602.93 KB
Hash Values MD5: b49efe9ba26919fdc25b2d725bf9ca5d
SHA1: 3753cbeacc00511bc63d961e0f711a2885acf12d
SHA256: 316aee7c9032c96299e0de908ccada5dd238b85dfd6f98aaf386e051c962d0ad
Actions
...
c:\program files\common files\microsoft shared\office15\aceerr.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceerr.dll (Modified File)
Size 39.71 KB
Hash Values MD5: 832df455a6e9126b8215ab7837212808
SHA1: 253aebdb6ce8e3bb19ce52ad5fef1a3c50f38f74
SHA256: 8e7c6603fdc9f5a7da643c99202a6568492ad840a8d833382f4887dbd038859a
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001a74
Size Of Code 0x2800
Size Of Initialized Data 0x6600
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-08-08 07:46:09
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x265c 0x2800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.1
.rdata 0x180004000 0x4678 0x4800 0x2c00 CNT_INITIALIZED_DATA, MEM_READ 4.2
.data 0x180009000 0x1028 0x400 0x7400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.03
.pdata 0x18000b000 0x360 0x400 0x7800 CNT_INITIALIZED_DATA, MEM_READ 3.64
.rsrc 0x18000c000 0x498 0x600 0x7c00 CNT_INITIALIZED_DATA, MEM_READ 2.67
.reloc 0x18000d000 0xa8 0x200 0x8200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 2.22
Imports (52)
»
MSVCR100.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x180004000 0x7e28 0x6a28
?terminate@@YAXXZ 0x0 0x180004008 0x7e30 0x6a30
_onexit 0x0 0x180004010 0x7e38 0x6a38
_lock 0x0 0x180004018 0x7e40 0x6a40
__dllonexit 0x0 0x180004020 0x7e48 0x6a48
_unlock 0x0 0x180004028 0x7e50 0x6a50
__clean_type_info_names_internal 0x0 0x180004030 0x7e58 0x6a58
__crt_debugger_hook 0x0 0x180004038 0x7e60 0x6a60
__CppXcptFilter 0x0 0x180004040 0x7e68 0x6a68
__C_specific_handler 0x0 0x180004048 0x7e70 0x6a70
_amsg_exit 0x0 0x180004050 0x7e78 0x6a78
_encoded_null 0x0 0x180004058 0x7e80 0x6a80
free 0x0 0x180004060 0x7e88 0x6a88
_initterm_e 0x0 0x180004068 0x7e90 0x6a90
_initterm 0x0 0x180004070 0x7e98 0x6a98
_malloc_crt 0x0 0x180004078 0x7ea0 0x6aa0
wcsrchr 0x0 0x180004080 0x7ea8 0x6aa8
wcsncpy_s 0x0 0x180004088 0x7eb0 0x6ab0
_stricmp 0x0 0x180004090 0x7eb8 0x6ab8
wcsncat_s 0x0 0x180004098 0x7ec0 0x6ac0
wcschr 0x0 0x1800040a0 0x7ec8 0x6ac8
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegGetValueW 0x0 0x1800040b0 0x7ed8 0x6ad8
KERNEL32.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LocalAlloc 0x0 0x1800040c0 0x7ee8 0x6ae8
DisableThreadLibraryCalls 0x0 0x1800040c8 0x7ef0 0x6af0
RtlCaptureContext 0x0 0x1800040d0 0x7ef8 0x6af8
RtlLookupFunctionEntry 0x0 0x1800040d8 0x7f00 0x6b00
RtlVirtualUnwind 0x0 0x1800040e0 0x7f08 0x6b08
IsDebuggerPresent 0x0 0x1800040e8 0x7f10 0x6b10
SetUnhandledExceptionFilter 0x0 0x1800040f0 0x7f18 0x6b18
UnhandledExceptionFilter 0x0 0x1800040f8 0x7f20 0x6b20
LoadLibraryA 0x0 0x180004100 0x7f28 0x6b28
TerminateProcess 0x0 0x180004108 0x7f30 0x6b30
Sleep 0x0 0x180004110 0x7f38 0x6b38
DecodePointer 0x0 0x180004118 0x7f40 0x6b40
EncodePointer 0x0 0x180004120 0x7f48 0x6b48
WerRegisterMemoryBlock 0x0 0x180004128 0x7f50 0x6b50
VirtualProtect 0x0 0x180004130 0x7f58 0x6b58
GetTickCount 0x0 0x180004138 0x7f60 0x6b60
GetSystemTimeAsFileTime 0x0 0x180004140 0x7f68 0x6b68
GetCurrentThreadId 0x0 0x180004148 0x7f70 0x6b70
GetCurrentProcessId 0x0 0x180004150 0x7f78 0x6b78
GetCurrentProcess 0x0 0x180004158 0x7f80 0x6b80
FreeLibrary 0x0 0x180004160 0x7f88 0x6b88
GetProcAddress 0x0 0x180004168 0x7f90 0x6b90
GetLastError 0x0 0x180004170 0x7f98 0x6b98
GetModuleHandleW 0x0 0x180004178 0x7fa0 0x6ba0
RaiseException 0x0 0x180004180 0x7fa8 0x6ba8
LoadLibraryExW 0x0 0x180004188 0x7fb0 0x6bb0
QueryPerformanceCounter 0x0 0x180004190 0x7fb8 0x6bb8
GetProcessHeap 0x0 0x180004198 0x7fc0 0x6bc0
HeapSetInformation 0x0 0x1800041a0 0x7fc8 0x6bc8
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StringFromGUID2 0x0 0x1800041b0 0x7fd8 0x6bd8
Exports (4)
»
Api name EAT Address Ordinal
JetErrFormattedMessage 0x1800010f4 0x5
JetErrIDAForError 0x180001000 0x2
JetErrIDARawMessage 0x1800024b0 0x3
JetErrRawMessage 0x180002504 0x4
Digital Signatures (2)
»
Signature Properties
InternalName aceerr
FileVersion 15.0.4543.1000
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4543.1000
FileDescription Microsoft Access database engine Error DLL
OriginalFilename aceerr.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 34 24 31 40 C9 A0 C1 79 8D 00 00 00 00 00 34
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\aceerr.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceerr.dll (Modified File)
c:\program files\common files\microsoft shared\office15\aceerr.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 39.89 KB
Hash Values MD5: 52faa02dc4f12dde07bcbb65b69b8dad
SHA1: 70d60aa3a92822afbca25fe3f351e20ac5b70379
SHA256: 81249bd83a227142303d2a7830d7518ed14f6a4635f49314c30374784968d736
Actions
...
c:\program files\common files\microsoft shared\office15\acees.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acees.dll (Modified File)
Size 857.23 KB
Hash Values MD5: f68ef9775a6957488c4654d22a067d67
SHA1: 56655e71291cc8710508eb3c59addaa49a07028d
SHA256: 547242feec7968e975e82519f7e1ada389bd4fd79257f1767b3c289ae28c4efa
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001000
Size Of Code 0x8a200
Size Of Initialized Data 0x4ac00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:25:56
Compiler/Packer Unknown
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x8a19c 0x8a200 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.4
.rdata 0x18008c000 0x289b4 0x28a00 0x8a600 CNT_INITIALIZED_DATA, MEM_READ 4.06
.data 0x1800b5000 0x162e4 0x15c00 0xb3000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 1.22
.pdata 0x1800cc000 0x7fd4 0x8000 0xc8c00 CNT_INITIALIZED_DATA, MEM_READ 5.7
.rtext 0x1800d4000 0x98 0x200 0xd0c00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 1.29
.rsrc 0x1800d5000 0x4a0 0x600 0xd0e00 CNT_INITIALIZED_DATA, MEM_READ 2.73
.reloc 0x1800d6000 0x35cc 0x3600 0xd1400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.45
Imports (199)
»
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoGetMalloc 0x0 0x18008c000 0xabbf8 0xaa1f8
CoCreateInstance 0x0 0x18008c008 0xabc00 0xaa200
StringFromGUID2 0x0 0x18008c010 0xabc08 0xaa208
CoTaskMemFree 0x0 0x18008c018 0xabc10 0xaa210
CoTaskMemRealloc 0x0 0x18008c020 0xabc18 0xaa218
CoTaskMemAlloc 0x0 0x18008c028 0xabc20 0xaa220
CoCreateGuid 0x0 0x18008c030 0xabc28 0xaa228
IIDFromString 0x0 0x18008c038 0xabc30 0xaa230
MSVCR100.dll (55)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
__clean_type_info_names_internal 0x0 0x18008c048 0xabc40 0xaa240
_onexit 0x0 0x18008c050 0xabc48 0xaa248
_lock 0x0 0x18008c058 0xabc50 0xaa250
__dllonexit 0x0 0x18008c060 0xabc58 0xaa258
_unlock 0x0 0x18008c068 0xabc60 0xaa260
__crt_debugger_hook 0x0 0x18008c070 0xabc68 0xaa268
__CppXcptFilter 0x0 0x18008c078 0xabc70 0xaa270
_amsg_exit 0x0 0x18008c080 0xabc78 0xaa278
_encoded_null 0x0 0x18008c088 0xabc80 0xaa280
_initterm_e 0x0 0x18008c090 0xabc88 0xaa288
_initterm 0x0 0x18008c098 0xabc90 0xaa290
_malloc_crt 0x0 0x18008c0a0 0xabc98 0xaa298
vswprintf_s 0x0 0x18008c0a8 0xabca0 0xaa2a0
_controlfp_s 0x0 0x18008c0b0 0xabca8 0xaa2a8
wcschr 0x0 0x18008c0b8 0xabcb0 0xaa2b0
_finite 0x0 0x18008c0c0 0xabcb8 0xaa2b8
_wtoi 0x0 0x18008c0c8 0xabcc0 0xaa2c0
_vsnprintf_s 0x0 0x18008c0d0 0xabcc8 0xaa2c8
_mbsinc 0x0 0x18008c0d8 0xabcd0 0xaa2d0
wcsrchr 0x0 0x18008c0e0 0xabcd8 0xaa2d8
pow 0x0 0x18008c0e8 0xabce0 0xaa2e0
floor 0x0 0x18008c0f0 0xabce8 0xaa2e8
ceil 0x0 0x18008c0f8 0xabcf0 0xaa2f0
sqrt 0x0 0x18008c100 0xabcf8 0xaa2f8
strnlen 0x0 0x18008c108 0xabd00 0xaa300
_stricmp 0x0 0x18008c110 0xabd08 0xaa308
__C_specific_handler 0x0 0x18008c118 0xabd10 0xaa310
?terminate@@YAXXZ 0x0 0x18008c120 0xabd18 0xaa318
wcscspn 0x0 0x18008c128 0xabd20 0xaa320
_CxxThrowException 0x0 0x18008c130 0xabd28 0xaa328
_recalloc 0x0 0x18008c138 0xabd30 0xaa330
memcpy_s 0x0 0x18008c140 0xabd38 0xaa338
wcsstr 0x0 0x18008c148 0xabd40 0xaa340
memcmp 0x0 0x18008c150 0xabd48 0xaa348
_snprintf_s 0x0 0x18008c158 0xabd50 0xaa350
memmove 0x0 0x18008c160 0xabd58 0xaa358
wcsncmp 0x0 0x18008c168 0xabd60 0xaa360
malloc 0x0 0x18008c170 0xabd68 0xaa368
free 0x0 0x18008c178 0xabd70 0xaa370
_memicmp 0x0 0x18008c180 0xabd78 0xaa378
_wcsnicmp 0x0 0x18008c188 0xabd80 0xaa380
_wcsicmp 0x0 0x18008c190 0xabd88 0xaa388
towlower 0x0 0x18008c198 0xabd90 0xaa390
towupper 0x0 0x18008c1a0 0xabd98 0xaa398
__CxxFrameHandler3 0x0 0x18008c1a8 0xabda0 0xaa3a0
iswcntrl 0x0 0x18008c1b0 0xabda8 0xaa3a8
iswalnum 0x0 0x18008c1b8 0xabdb0 0xaa3b0
iswpunct 0x0 0x18008c1c0 0xabdb8 0xaa3b8
iswspace 0x0 0x18008c1c8 0xabdc0 0xaa3c0
iswdigit 0x0 0x18008c1d0 0xabdc8 0xaa3c8
memset 0x0 0x18008c1d8 0xabdd0 0xaa3d0
memcpy 0x0 0x18008c1e0 0xabdd8 0xaa3d8
wcsncpy_s 0x0 0x18008c1e8 0xabde0 0xaa3e0
wcsncat_s 0x0 0x18008c1f0 0xabde8 0xaa3e8
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18008c1f8 0xabdf0 0xaa3f0
ADVAPI32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ReportEventW 0x0 0x18008c208 0xabe00 0xaa400
EventWrite 0x0 0x18008c210 0xabe08 0xaa408
RegisterEventSourceW 0x0 0x18008c218 0xabe10 0xaa410
DeregisterEventSource 0x0 0x18008c220 0xabe18 0xaa418
RegQueryValueExW 0x0 0x18008c228 0xabe20 0xaa420
RegQueryValueExA 0x0 0x18008c230 0xabe28 0xaa428
RegOpenKeyExA 0x0 0x18008c238 0xabe30 0xaa430
RegSetValueExW 0x0 0x18008c240 0xabe38 0xaa438
RegQueryInfoKeyW 0x0 0x18008c248 0xabe40 0xaa440
RegOpenKeyExW 0x0 0x18008c250 0xabe48 0xaa448
RegEnumKeyExW 0x0 0x18008c258 0xabe50 0xaa450
RegDeleteValueW 0x0 0x18008c260 0xabe58 0xaa458
RegDeleteKeyW 0x0 0x18008c268 0xabe60 0xaa460
RegCreateKeyExW 0x0 0x18008c270 0xabe68 0xaa468
RegCloseKey 0x0 0x18008c278 0xabe70 0xaa470
RegGetValueW 0x0 0x18008c280 0xabe78 0xaa478
KERNEL32.dll (67)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VirtualProtect 0x0 0x18008c290 0xabe88 0xaa488
GetSystemTimeAsFileTime 0x0 0x18008c298 0xabe90 0xaa490
GetCurrentThreadId 0x0 0x18008c2a0 0xabe98 0xaa498
GetCurrentProcessId 0x0 0x18008c2a8 0xabea0 0xaa4a0
HeapSetInformation 0x0 0x18008c2b0 0xabea8 0xaa4a8
GetProcessHeap 0x0 0x18008c2b8 0xabeb0 0xaa4b0
HeapSize 0x0 0x18008c2c0 0xabeb8 0xaa4b8
HeapReAlloc 0x0 0x18008c2c8 0xabec0 0xaa4c0
HeapFree 0x0 0x18008c2d0 0xabec8 0xaa4c8
HeapAlloc 0x0 0x18008c2d8 0xabed0 0xaa4d0
HeapDestroy 0x0 0x18008c2e0 0xabed8 0xaa4d8
QueryPerformanceCounter 0x0 0x18008c2e8 0xabee0 0xaa4e0
GetCurrencyFormatW 0x0 0x18008c2f0 0xabee8 0xaa4e8
GetNumberFormatW 0x0 0x18008c2f8 0xabef0 0xaa4f0
GetTimeFormatW 0x0 0x18008c300 0xabef8 0xaa4f8
GetStringTypeExW 0x0 0x18008c308 0xabf00 0xaa500
LCMapStringW 0x0 0x18008c310 0xabf08 0xaa508
GetACP 0x0 0x18008c318 0xabf10 0xaa510
GetLocalTime 0x0 0x18008c320 0xabf18 0xaa518
GetSystemDefaultLCID 0x0 0x18008c328 0xabf20 0xaa520
GetDateFormatW 0x0 0x18008c330 0xabf28 0xaa528
WerRegisterMemoryBlock 0x0 0x18008c338 0xabf30 0xaa530
GetTickCount 0x0 0x18008c340 0xabf38 0xaa538
LockResource 0x0 0x18008c348 0xabf40 0xaa540
FindResourceExW 0x0 0x18008c350 0xabf48 0xaa548
GetLocaleInfoW 0x0 0x18008c358 0xabf50 0xaa550
LoadLibraryA 0x0 0x18008c360 0xabf58 0xaa558
EncodePointer 0x0 0x18008c368 0xabf60 0xaa560
DecodePointer 0x0 0x18008c370 0xabf68 0xaa568
Sleep 0x0 0x18008c378 0xabf70 0xaa570
TerminateProcess 0x0 0x18008c380 0xabf78 0xaa578
GetCurrentProcess 0x0 0x18008c388 0xabf80 0xaa580
UnhandledExceptionFilter 0x0 0x18008c390 0xabf88 0xaa588
SetUnhandledExceptionFilter 0x0 0x18008c398 0xabf90 0xaa590
IsDebuggerPresent 0x0 0x18008c3a0 0xabf98 0xaa598
RtlVirtualUnwind 0x0 0x18008c3a8 0xabfa0 0xaa5a0
RtlLookupFunctionEntry 0x0 0x18008c3b0 0xabfa8 0xaa5a8
RtlCaptureContext 0x0 0x18008c3b8 0xabfb0 0xaa5b0
LocalAlloc 0x0 0x18008c3c0 0xabfb8 0xaa5b8
RaiseException 0x0 0x18008c3c8 0xabfc0 0xaa5c0
GetUserDefaultLangID 0x0 0x18008c3d0 0xabfc8 0xaa5c8
lstrcmpiA 0x0 0x18008c3d8 0xabfd0 0xaa5d0
GetLastError 0x0 0x18008c3e0 0xabfd8 0xaa5d8
MultiByteToWideChar 0x0 0x18008c3e8 0xabfe0 0xaa5e0
WideCharToMultiByte 0x0 0x18008c3f0 0xabfe8 0xaa5e8
GetLocaleInfoA 0x0 0x18008c3f8 0xabff0 0xaa5f0
EnterCriticalSection 0x0 0x18008c400 0xabff8 0xaa5f8
LeaveCriticalSection 0x0 0x18008c408 0xac000 0xaa600
GetVersionExA 0x0 0x18008c410 0xac008 0xaa608
GetUserDefaultLCID 0x0 0x18008c418 0xac010 0xaa610
IsDBCSLeadByte 0x0 0x18008c420 0xac018 0xaa618
InitializeCriticalSectionAndSpinCount 0x0 0x18008c428 0xac020 0xaa620
DeleteCriticalSection 0x0 0x18008c430 0xac028 0xaa628
FreeLibrary 0x0 0x18008c438 0xac030 0xaa630
GetModuleFileNameW 0x0 0x18008c440 0xac038 0xaa638
GetModuleHandleW 0x0 0x18008c448 0xac040 0xaa640
GetProcAddress 0x0 0x18008c450 0xac048 0xaa648
LoadLibraryExW 0x0 0x18008c458 0xac050 0xaa650
LoadResource 0x0 0x18008c460 0xac058 0xaa658
SizeofResource 0x0 0x18008c468 0xac060 0xaa660
lstrcmpiW 0x0 0x18008c470 0xac068 0xaa668
lstrlenW 0x0 0x18008c478 0xac070 0xaa670
FindResourceW 0x0 0x18008c480 0xac078 0xaa678
GetModuleHandleA 0x0 0x18008c488 0xac080 0xaa680
CompareStringW 0x0 0x18008c490 0xac088 0xaa688
CompareStringA 0x0 0x18008c498 0xac090 0xaa690
InitializeCriticalSection 0x0 0x18008c4a0 0xac098 0xaa698
OLEAUT32.dll (49)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysAllocString 0x2 0x18008c4b0 0xac0a8 0xaa6a8
SysAllocStringLen 0x4 0x18008c4b8 0xac0b0 0xaa6b0
SysReAllocStringLen 0x5 0x18008c4c0 0xac0b8 0xaa6b8
SysFreeString 0x6 0x18008c4c8 0xac0c0 0xaa6c0
SysStringLen 0x7 0x18008c4d0 0xac0c8 0xaa6c8
SysStringByteLen 0x95 0x18008c4d8 0xac0d0 0xaa6d0
SysAllocStringByteLen 0x96 0x18008c4e0 0xac0d8 0xaa6d8
VariantInit 0x8 0x18008c4e8 0xac0e0 0xaa6e0
VariantClear 0x9 0x18008c4f0 0xac0e8 0xaa6e8
VariantCopy 0xa 0x18008c4f8 0xac0f0 0xaa6f0
VariantChangeType 0xc 0x18008c500 0xac0f8 0xaa6f8
VarI2FromStr 0x36 0x18008c508 0xac100 0xaa700
VarI4FromStr 0x40 0x18008c510 0xac108 0xaa708
VarR4FromStr 0x4a 0x18008c518 0xac110 0xaa710
VarR8FromStr 0x54 0x18008c520 0xac118 0xaa718
VarDateFromStr 0x5e 0x18008c528 0xac120 0xaa720
VarCyFromStr 0x68 0x18008c530 0xac128 0xaa728
VarBstrFromI2 0x6d 0x18008c538 0xac130 0xaa730
VarBstrFromI4 0x6e 0x18008c540 0xac138 0xaa738
VarBstrFromR4 0x6f 0x18008c548 0xac140 0xaa740
VarBstrFromR8 0x70 0x18008c550 0xac148 0xaa748
VarBstrFromCy 0x71 0x18008c558 0xac150 0xaa750
VarBstrFromDate 0x72 0x18008c560 0xac158 0xaa758
VarBstrFromDec 0xe8 0x18008c568 0xac160 0xaa760
VarDecFromStr 0xc5 0x18008c570 0xac168 0xaa768
LHashValOfNameSys 0xa5 0x18008c578 0xac170 0xaa770
SafeArrayCreate 0xf 0x18008c580 0xac178 0xaa778
SafeArrayDestroy 0x10 0x18008c588 0xac180 0xaa780
SafeArrayGetElemsize 0x12 0x18008c590 0xac188 0xaa788
SafeArrayGetUBound 0x13 0x18008c598 0xac190 0xaa790
SafeArrayGetLBound 0x14 0x18008c5a0 0xac198 0xaa798
SafeArrayAccessData 0x17 0x18008c5a8 0xac1a0 0xaa7a0
SafeArrayUnaccessData 0x18 0x18008c5b0 0xac1a8 0xaa7a8
SafeArrayPutElement 0x1a 0x18008c5b8 0xac1b0 0xaa7b0
VarUI4FromStr 0x115 0x18008c5c0 0xac1b8 0xaa7b8
LoadRegTypeLib 0xa2 0x18008c5c8 0xac1c0 0xaa7c0
CreateStdDispatch 0x20 0x18008c5d0 0xac1c8 0xaa7c8
SystemTimeToVariantTime 0xb8 0x18008c5d8 0xac1d0 0xaa7d0
VariantChangeTypeEx 0x93 0x18008c5e0 0xac1d8 0xaa7d8
LoadTypeLib 0xa1 0x18008c5e8 0xac1e0 0xaa7e0
SafeArrayGetDim 0x11 0x18008c5f0 0xac1e8 0xaa7e8
SafeArrayLock 0x15 0x18008c5f8 0xac1f0 0xaa7f0
SafeArrayUnlock 0x16 0x18008c600 0xac1f8 0xaa7f8
SafeArrayGetElement 0x19 0x18008c608 0xac200 0xaa800
SafeArrayCreateVector 0x19b 0x18008c610 0xac208 0xaa808
GetAltMonthNames 0x14c 0x18008c618 0xac210 0xaa810
VarDateFromUdate 0x14a 0x18008c620 0xac218 0xaa818
VarUdateFromDate 0x14b 0x18008c628 0xac220 0xaa820
VariantTimeToSystemTime 0xb9 0x18008c630 0xac228 0xaa828
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VerQueryValueW 0x0 0x18008c640 0xac238 0xaa838
GetFileVersionInfoSizeW 0x0 0x18008c648 0xac240 0xaa840
GetFileVersionInfoW 0x0 0x18008c650 0xac248 0xaa848
MSVCP100.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_Xlength_error@std@@YAXPEBD@Z 0x0 0x18008c660 0xac258 0xaa858
Exports (3)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x180039110 0xd
DllGetClassObject 0x180001a50 0xe
DllMain 0x1800016ac 0xc
Digital Signatures (2)
»
Signature Properties
InternalName acees
FileVersion 15.0.4569.1503
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4569.1503
FileDescription Microsoft Access database engine Expression Service
OriginalFilename acees.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-11-11 22:11
Valid to 2015-02-11 22:11
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 4C A1 E8 4D CC B4 74 7B 3B 00 00 00 00 00 4C
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\acees.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acees.dll (Modified File)
c:\program files\common files\microsoft shared\office15\acees.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 857.41 KB
Hash Values MD5: 5bbf849c53adb02a9b4a3d080a8b640f
SHA1: 9f6cc88a83abacd313ebeb3822fec21f46cc4a06
SHA256: f1e61402c69c706852a9d7628260cc3fc5ed5e570e1cb68a8c70abd8fce7c20a
Actions
...
c:\program files\common files\microsoft shared\office15\aceexch.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceexch.dll (Modified File)
Size 242.23 KB
Hash Values MD5: 695833a6e9dc213f149bc07ebe131151
SHA1: 7f1f65d609c224fe5be7b4b928f46852e7ee288b
SHA256: 6df83d5a3e673b27aaf17135cbff03245f9d16e22101c95d0b7e4ba51931b901
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x1800198ac
Size Of Code 0x2c800
Size Of Initialized Data 0xee00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-08-08 07:43:40
Compiler/Packer Unknown
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x19c48 0x19e00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.33
CURSORS 0x18001b000 0x5db5 0x5e00 0x1a200 CNT_CODE, MEM_EXECUTE, MEM_READ 6.23
BASE 0x180021000 0xcbfd 0xcc00 0x20000 CNT_CODE, MEM_EXECUTE, MEM_READ 6.25
.rdata 0x18002e000 0x6a60 0x6c00 0x2cc00 CNT_INITIALIZED_DATA, MEM_READ 4.52
.data 0x180035000 0x5ae8 0x5000 0x33800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.79
.pdata 0x18003b000 0x1968 0x1a00 0x38800 CNT_INITIALIZED_DATA, MEM_READ 5.23
.rsrc 0x18003d000 0x4a0 0x600 0x3a200 CNT_INITIALIZED_DATA, MEM_READ 2.73
.reloc 0x18003e000 0x500 0x600 0x3a800 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.99
Imports (123)
»
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StringFromGUID2 0x0 0x18002e000 0x30a58 0x2f658
StgCreateDocfile 0x0 0x18002e008 0x30a60 0x2f660
acecore.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x9d 0x18002e018 0x30a70 0x2f670
(by ordinal) 0x6b 0x18002e020 0x30a78 0x2f678
(by ordinal) 0x8c 0x18002e028 0x30a80 0x2f680
(by ordinal) 0x72 0x18002e030 0x30a88 0x2f688
(by ordinal) 0x65 0x18002e038 0x30a90 0x2f690
(by ordinal) 0x92 0x18002e040 0x30a98 0x2f698
(by ordinal) 0x7e 0x18002e048 0x30aa0 0x2f6a0
(by ordinal) 0x76 0x18002e050 0x30aa8 0x2f6a8
(by ordinal) 0x9e 0x18002e058 0x30ab0 0x2f6b0
(by ordinal) 0x6c 0x18002e060 0x30ab8 0x2f6b8
(by ordinal) 0xb3 0x18002e068 0x30ac0 0x2f6c0
(by ordinal) 0xa7 0x18002e070 0x30ac8 0x2f6c8
(by ordinal) 0xac 0x18002e078 0x30ad0 0x2f6d0
(by ordinal) 0x9f 0x18002e080 0x30ad8 0x2f6d8
(by ordinal) 0xad 0x18002e088 0x30ae0 0x2f6e0
(by ordinal) 0x9c 0x18002e090 0x30ae8 0x2f6e8
(by ordinal) 0x9b 0x18002e098 0x30af0 0x2f6f0
(by ordinal) 0xaa 0x18002e0a0 0x30af8 0x2f6f8
(by ordinal) 0x38c 0x18002e0a8 0x30b00 0x2f700
(by ordinal) 0x85 0x18002e0b0 0x30b08 0x2f708
MSVCR100.dll (41)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18002e0c0 0x30b18 0x2f718
__clean_type_info_names_internal 0x0 0x18002e0c8 0x30b20 0x2f720
?terminate@@YAXXZ 0x0 0x18002e0d0 0x30b28 0x2f728
__crt_debugger_hook 0x0 0x18002e0d8 0x30b30 0x2f730
_onexit 0x0 0x18002e0e0 0x30b38 0x2f738
_lock 0x0 0x18002e0e8 0x30b40 0x2f740
__dllonexit 0x0 0x18002e0f0 0x30b48 0x2f748
_unlock 0x0 0x18002e0f8 0x30b50 0x2f750
__CppXcptFilter 0x0 0x18002e100 0x30b58 0x2f758
_amsg_exit 0x0 0x18002e108 0x30b60 0x2f760
_encoded_null 0x0 0x18002e110 0x30b68 0x2f768
_initterm_e 0x0 0x18002e118 0x30b70 0x2f770
_initterm 0x0 0x18002e120 0x30b78 0x2f778
_malloc_crt 0x0 0x18002e128 0x30b80 0x2f780
wcsncat_s 0x0 0x18002e130 0x30b88 0x2f788
_stricmp 0x0 0x18002e138 0x30b90 0x2f790
__C_specific_handler 0x0 0x18002e140 0x30b98 0x2f798
wcstok_s 0x0 0x18002e148 0x30ba0 0x2f7a0
_wtoi 0x0 0x18002e150 0x30ba8 0x2f7a8
_snwprintf_s 0x0 0x18002e158 0x30bb0 0x2f7b0
_CxxThrowException 0x0 0x18002e160 0x30bb8 0x2f7b8
_wcsdup 0x0 0x18002e168 0x30bc0 0x2f7c0
strncpy_s 0x0 0x18002e170 0x30bc8 0x2f7c8
_invalid_parameter_noinfo_noreturn 0x0 0x18002e178 0x30bd0 0x2f7d0
__CxxFrameHandler3 0x0 0x18002e180 0x30bd8 0x2f7d8
malloc 0x0 0x18002e188 0x30be0 0x2f7e0
free 0x0 0x18002e190 0x30be8 0x2f7e8
_wfullpath 0x0 0x18002e198 0x30bf0 0x2f7f0
towlower 0x0 0x18002e1a0 0x30bf8 0x2f7f8
wcsstr 0x0 0x18002e1a8 0x30c00 0x2f800
_wsplitpath_s 0x0 0x18002e1b0 0x30c08 0x2f808
iswctype 0x0 0x18002e1b8 0x30c10 0x2f810
wcsrchr 0x0 0x18002e1c0 0x30c18 0x2f818
wcsncpy_s 0x0 0x18002e1c8 0x30c20 0x2f820
wcschr 0x0 0x18002e1d0 0x30c28 0x2f828
floor 0x0 0x18002e1d8 0x30c30 0x2f830
memcmp 0x0 0x18002e1e0 0x30c38 0x2f838
_mbsicmp 0x0 0x18002e1e8 0x30c40 0x2f840
_vsnwprintf_s 0x0 0x18002e1f0 0x30c48 0x2f848
memset 0x0 0x18002e1f8 0x30c50 0x2f850
memcpy 0x0 0x18002e200 0x30c58 0x2f858
ADVAPI32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegQueryValueExW 0x0 0x18002e210 0x30c68 0x2f868
RegQueryValueExA 0x0 0x18002e218 0x30c70 0x2f870
RegOpenKeyExA 0x0 0x18002e220 0x30c78 0x2f878
RegOpenKeyExW 0x0 0x18002e228 0x30c80 0x2f880
RegCloseKey 0x0 0x18002e230 0x30c88 0x2f888
RegGetValueW 0x0 0x18002e238 0x30c90 0x2f890
KERNEL32.dll (47)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VirtualProtect 0x0 0x18002e248 0x30ca0 0x2f8a0
GetTickCount 0x0 0x18002e250 0x30ca8 0x2f8a8
GetSystemTimeAsFileTime 0x0 0x18002e258 0x30cb0 0x2f8b0
HeapSetInformation 0x0 0x18002e260 0x30cb8 0x2f8b8
GetProcessHeap 0x0 0x18002e268 0x30cc0 0x2f8c0
QueryPerformanceCounter 0x0 0x18002e270 0x30cc8 0x2f8c8
GetPrivateProfileStringW 0x0 0x18002e278 0x30cd0 0x2f8d0
LoadLibraryExW 0x0 0x18002e280 0x30cd8 0x2f8d8
GetModuleHandleW 0x0 0x18002e288 0x30ce0 0x2f8e0
WerRegisterMemoryBlock 0x0 0x18002e290 0x30ce8 0x2f8e8
ExpandEnvironmentStringsW 0x0 0x18002e298 0x30cf0 0x2f8f0
RaiseException 0x0 0x18002e2a0 0x30cf8 0x2f8f8
WritePrivateProfileStringW 0x0 0x18002e2a8 0x30d00 0x2f900
DisableThreadLibraryCalls 0x0 0x18002e2b0 0x30d08 0x2f908
GetFileAttributesW 0x0 0x18002e2b8 0x30d10 0x2f910
GetCurrentDirectoryW 0x0 0x18002e2c0 0x30d18 0x2f918
SetCurrentDirectoryW 0x0 0x18002e2c8 0x30d20 0x2f920
GetProcAddress 0x0 0x18002e2d0 0x30d28 0x2f928
FreeLibrary 0x0 0x18002e2d8 0x30d30 0x2f930
GetCurrentProcessId 0x0 0x18002e2e0 0x30d38 0x2f938
GlobalFree 0x0 0x18002e2e8 0x30d40 0x2f940
GlobalUnlock 0x0 0x18002e2f0 0x30d48 0x2f948
GlobalLock 0x0 0x18002e2f8 0x30d50 0x2f950
EncodePointer 0x0 0x18002e300 0x30d58 0x2f958
DecodePointer 0x0 0x18002e308 0x30d60 0x2f960
Sleep 0x0 0x18002e310 0x30d68 0x2f968
TerminateProcess 0x0 0x18002e318 0x30d70 0x2f970
GetCurrentProcess 0x0 0x18002e320 0x30d78 0x2f978
UnhandledExceptionFilter 0x0 0x18002e328 0x30d80 0x2f980
SetUnhandledExceptionFilter 0x0 0x18002e330 0x30d88 0x2f988
IsDebuggerPresent 0x0 0x18002e338 0x30d90 0x2f990
RtlVirtualUnwind 0x0 0x18002e340 0x30d98 0x2f998
RtlLookupFunctionEntry 0x0 0x18002e348 0x30da0 0x2f9a0
RtlCaptureContext 0x0 0x18002e350 0x30da8 0x2f9a8
LocalAlloc 0x0 0x18002e358 0x30db0 0x2f9b0
FileTimeToSystemTime 0x0 0x18002e360 0x30db8 0x2f9b8
GetCurrentThreadId 0x0 0x18002e368 0x30dc0 0x2f9c0
GetLastError 0x0 0x18002e370 0x30dc8 0x2f9c8
SystemTimeToTzSpecificLocalTime 0x0 0x18002e378 0x30dd0 0x2f9d0
LoadLibraryA 0x0 0x18002e380 0x30dd8 0x2f9d8
SystemTimeToFileTime 0x0 0x18002e388 0x30de0 0x2f9e0
GetTimeZoneInformation 0x0 0x18002e390 0x30de8 0x2f9e8
MultiByteToWideChar 0x0 0x18002e398 0x30df0 0x2f9f0
WideCharToMultiByte 0x0 0x18002e3a0 0x30df8 0x2f9f8
GetCPInfo 0x0 0x18002e3a8 0x30e00 0x2fa00
GetUserDefaultLCID 0x0 0x18002e3b0 0x30e08 0x2fa08
GlobalAlloc 0x0 0x18002e3b8 0x30e10 0x2fa10
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VarBstrFromR8 0x70 0x18002e3c8 0x30e20 0x2fa20
VarR8FromDec 0xdc 0x18002e3d0 0x30e28 0x2fa28
VarR8FromStr 0x54 0x18002e3d8 0x30e30 0x2fa30
SysFreeString 0x6 0x18002e3e0 0x30e38 0x2fa38
SysAllocStringLen 0x4 0x18002e3e8 0x30e40 0x2fa40
VarI2FromStr 0x36 0x18002e3f0 0x30e48 0x2fa48
VarDecFromR8 0xc2 0x18002e3f8 0x30e50 0x2fa50
Exports (3)
»
Api name EAT Address Ordinal
None 0x1800075a4 0x1
None 0x18000742c 0xa
None 0x18001cf94 0xb
Digital Signatures (2)
»
Signature Properties
InternalName aceexch
FileVersion 15.0.4543.1000
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4543.1000
FileDescription Microsoft Access database engine Exchange ISAM
OriginalFilename aceexch.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-09-04 21:12
Valid to 2013-12-04 21:12
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 2B 39 32 48 C1 B2 C9 48 F3 00 00 00 00 00 2B
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\aceexch.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceexch.dll (Modified File)
c:\program files\common files\microsoft shared\office15\aceexch.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 242.40 KB
Hash Values MD5: 468a7549fd149f275b10d752e0c82e70
SHA1: c0979060ffa7bdd5a3114c3324fd97328b2525b5
SHA256: 0822a586a050383037406804cd4f12acef429c04ac65526178d7e3ce7bab5557
Actions
...
c:\program files\common files\microsoft shared\office15\aceexcl.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceexcl.dll (Modified File)
Size 520.22 KB
Hash Values MD5: cc5126933bdd80ee02e7bbb86900a533
SHA1: 97c119a75e7f20ab0a9f0092d53d42ebf710ca43
SHA256: 6537b1484198d6606ecaf833068cb910d661e20b73cb13fa728ccb80795efe0b
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001000
Size Of Code 0x55e00
Size Of Initialized Data 0x2d200
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-11-20 12:46:24
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x55c68 0x55e00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.38
.rdata 0x180057000 0x18e24 0x19000 0x56200 CNT_INITIALIZED_DATA, MEM_READ 4.31
.data 0x180070000 0x9388 0x6600 0x6f200 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.5
.pdata 0x18007a000 0x4fc8 0x5000 0x75800 CNT_INITIALIZED_DATA, MEM_READ 5.67
.rsrc 0x18007f000 0x4b30 0x4c00 0x7a800 CNT_INITIALIZED_DATA, MEM_READ 6.49
.reloc 0x180084000 0x1094 0x1200 0x7f400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.3
Imports (180)
»
ole32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoCreateInstance 0x0 0x180057000 0x63730 0x62930
StringFromGUID2 0x0 0x180057008 0x63738 0x62938
StgOpenStorage 0x0 0x180057010 0x63740 0x62940
StgCreateDocfile 0x0 0x180057018 0x63748 0x62948
CoInitialize 0x0 0x180057020 0x63750 0x62950
CoTaskMemFree 0x0 0x180057028 0x63758 0x62958
CoTaskMemRealloc 0x0 0x180057030 0x63760 0x62960
CoTaskMemAlloc 0x0 0x180057038 0x63768 0x62968
CoUninitialize 0x0 0x180057040 0x63770 0x62970
OleUninitialize 0x0 0x180057048 0x63778 0x62978
OleInitialize 0x0 0x180057050 0x63780 0x62980
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DeregisterEventSource 0x0 0x180057060 0x63790 0x62990
ReportEventW 0x0 0x180057068 0x63798 0x62998
RegisterEventSourceW 0x0 0x180057070 0x637a0 0x629a0
RegGetValueW 0x0 0x180057078 0x637a8 0x629a8
RegSetValueExW 0x0 0x180057080 0x637b0 0x629b0
RegQueryInfoKeyW 0x0 0x180057088 0x637b8 0x629b8
RegCloseKey 0x0 0x180057090 0x637c0 0x629c0
RegOpenKeyExW 0x0 0x180057098 0x637c8 0x629c8
RegQueryValueExW 0x0 0x1800570a0 0x637d0 0x629d0
RegCreateKeyExW 0x0 0x1800570a8 0x637d8 0x629d8
RegDeleteKeyW 0x0 0x1800570b0 0x637e0 0x629e0
RegDeleteValueW 0x0 0x1800570b8 0x637e8 0x629e8
RegEnumKeyExW 0x0 0x1800570c0 0x637f0 0x629f0
KERNEL32.dll (76)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
TerminateProcess 0x0 0x1800570d0 0x63800 0x62a00
GetCurrentProcess 0x0 0x1800570d8 0x63808 0x62a08
UnhandledExceptionFilter 0x0 0x1800570e0 0x63810 0x62a10
SetUnhandledExceptionFilter 0x0 0x1800570e8 0x63818 0x62a18
IsDebuggerPresent 0x0 0x1800570f0 0x63820 0x62a20
RtlVirtualUnwind 0x0 0x1800570f8 0x63828 0x62a28
RtlLookupFunctionEntry 0x0 0x180057100 0x63830 0x62a30
IsValidCodePage 0x0 0x180057108 0x63838 0x62a38
GetACP 0x0 0x180057110 0x63840 0x62a40
MultiByteToWideChar 0x0 0x180057118 0x63848 0x62a48
WideCharToMultiByte 0x0 0x180057120 0x63850 0x62a50
GetCPInfo 0x0 0x180057128 0x63858 0x62a58
GetLocaleInfoW 0x0 0x180057130 0x63860 0x62a60
GetUserDefaultLCID 0x0 0x180057138 0x63868 0x62a68
GetSystemTimeAsFileTime 0x0 0x180057140 0x63870 0x62a70
GetModuleHandleW 0x0 0x180057148 0x63878 0x62a78
GetProcAddress 0x0 0x180057150 0x63880 0x62a80
lstrlenW 0x0 0x180057158 0x63888 0x62a88
WriteFile 0x0 0x180057160 0x63890 0x62a90
CloseHandle 0x0 0x180057168 0x63898 0x62a98
RaiseException 0x0 0x180057170 0x638a0 0x62aa0
GetLastError 0x0 0x180057178 0x638a8 0x62aa8
EnterCriticalSection 0x0 0x180057180 0x638b0 0x62ab0
LeaveCriticalSection 0x0 0x180057188 0x638b8 0x62ab8
InitializeCriticalSectionAndSpinCount 0x0 0x180057190 0x638c0 0x62ac0
DeleteCriticalSection 0x0 0x180057198 0x638c8 0x62ac8
FreeLibrary 0x0 0x1800571a0 0x638d0 0x62ad0
GetModuleFileNameW 0x0 0x1800571a8 0x638d8 0x62ad8
LoadLibraryExW 0x0 0x1800571b0 0x638e0 0x62ae0
LoadResource 0x0 0x1800571b8 0x638e8 0x62ae8
LockResource 0x0 0x1800571c0 0x638f0 0x62af0
SizeofResource 0x0 0x1800571c8 0x638f8 0x62af8
GlobalSize 0x0 0x1800571d0 0x63900 0x62b00
GlobalLock 0x0 0x1800571d8 0x63908 0x62b08
GlobalUnlock 0x0 0x1800571e0 0x63910 0x62b10
lstrcmpiW 0x0 0x1800571e8 0x63918 0x62b18
FindResourceW 0x0 0x1800571f0 0x63920 0x62b20
RtlCaptureContext 0x0 0x1800571f8 0x63928 0x62b28
GlobalAlloc 0x0 0x180057200 0x63930 0x62b30
GlobalFree 0x0 0x180057208 0x63938 0x62b38
FileTimeToLocalFileTime 0x0 0x180057210 0x63940 0x62b40
FindClose 0x0 0x180057218 0x63948 0x62b48
ReadFile 0x0 0x180057220 0x63950 0x62b50
SetFilePointer 0x0 0x180057228 0x63958 0x62b58
FileTimeToDosDateTime 0x0 0x180057230 0x63960 0x62b60
GetCurrentProcessId 0x0 0x180057238 0x63968 0x62b68
DisableThreadLibraryCalls 0x0 0x180057240 0x63970 0x62b70
GetLocaleInfoA 0x0 0x180057248 0x63978 0x62b78
GetDateFormatW 0x0 0x180057250 0x63980 0x62b80
GetTimeFormatW 0x0 0x180057258 0x63988 0x62b88
ExpandEnvironmentStringsW 0x0 0x180057260 0x63990 0x62b90
SetCurrentDirectoryW 0x0 0x180057268 0x63998 0x62b98
GetCurrentDirectoryW 0x0 0x180057270 0x639a0 0x62ba0
CreateDirectoryW 0x0 0x180057278 0x639a8 0x62ba8
DeleteFileW 0x0 0x180057280 0x639b0 0x62bb0
FindFirstFileW 0x0 0x180057288 0x639b8 0x62bb8
FindNextFileW 0x0 0x180057290 0x639c0 0x62bc0
GetFileAttributesW 0x0 0x180057298 0x639c8 0x62bc8
GetFullPathNameW 0x0 0x1800572a0 0x639d0 0x62bd0
RemoveDirectoryW 0x0 0x1800572a8 0x639d8 0x62bd8
GetTempPathW 0x0 0x1800572b0 0x639e0 0x62be0
HeapAlloc 0x0 0x1800572b8 0x639e8 0x62be8
WerRegisterMemoryBlock 0x0 0x1800572c0 0x639f0 0x62bf0
VirtualProtect 0x0 0x1800572c8 0x639f8 0x62bf8
HeapFree 0x0 0x1800572d0 0x63a00 0x62c00
GetTickCount 0x0 0x1800572d8 0x63a08 0x62c08
GetCurrentThreadId 0x0 0x1800572e0 0x63a10 0x62c10
HeapSetInformation 0x0 0x1800572e8 0x63a18 0x62c18
GetProcessHeap 0x0 0x1800572f0 0x63a20 0x62c20
QueryPerformanceCounter 0x0 0x1800572f8 0x63a28 0x62c28
LocalAlloc 0x0 0x180057300 0x63a30 0x62c30
lstrlenA 0x0 0x180057308 0x63a38 0x62c38
LoadLibraryA 0x0 0x180057310 0x63a40 0x62c40
EncodePointer 0x0 0x180057318 0x63a48 0x62c48
DecodePointer 0x0 0x180057320 0x63a50 0x62c50
Sleep 0x0 0x180057328 0x63a58 0x62c58
OLEAUT32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VarUdateFromDate 0x14b 0x180057338 0x63a68 0x62c68
VarI2FromStr 0x36 0x180057340 0x63a70 0x62c70
VarDecFromR8 0xc2 0x180057348 0x63a78 0x62c78
VarBstrFromR8 0x70 0x180057350 0x63a80 0x62c80
VarR8FromDec 0xdc 0x180057358 0x63a88 0x62c88
VarR8FromStr 0x54 0x180057360 0x63a90 0x62c90
GetActiveObject 0x23 0x180057368 0x63a98 0x62c98
VariantChangeType 0xc 0x180057370 0x63aa0 0x62ca0
VarBstrCat 0x139 0x180057378 0x63aa8 0x62ca8
VarBstrCmp 0x13a 0x180057380 0x63ab0 0x62cb0
VariantCopy 0xa 0x180057388 0x63ab8 0x62cb8
VarUI4FromStr 0x115 0x180057390 0x63ac0 0x62cc0
VariantChangeTypeEx 0x93 0x180057398 0x63ac8 0x62cc8
SysAllocStringByteLen 0x96 0x1800573a0 0x63ad0 0x62cd0
SysStringByteLen 0x95 0x1800573a8 0x63ad8 0x62cd8
SysStringLen 0x7 0x1800573b0 0x63ae0 0x62ce0
SysAllocStringLen 0x4 0x1800573b8 0x63ae8 0x62ce8
VarCyFromR8 0x66 0x1800573c0 0x63af0 0x62cf0
VarR8FromCy 0x52 0x1800573c8 0x63af8 0x62cf8
VariantClear 0x9 0x1800573d0 0x63b00 0x62d00
VariantInit 0x8 0x1800573d8 0x63b08 0x62d08
SafeArrayPutElement 0x1a 0x1800573e0 0x63b10 0x62d10
SafeArrayGetElement 0x19 0x1800573e8 0x63b18 0x62d18
SafeArrayCreate 0xf 0x1800573f0 0x63b20 0x62d20
SysFreeString 0x6 0x1800573f8 0x63b28 0x62d28
SysAllocString 0x2 0x180057400 0x63b30 0x62d30
SafeArrayDestroy 0x10 0x180057408 0x63b38 0x62d38
MSVCR100.dll (51)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x180057418 0x63b48 0x62d48
__clean_type_info_names_internal 0x0 0x180057420 0x63b50 0x62d50
_onexit 0x0 0x180057428 0x63b58 0x62d58
_lock 0x0 0x180057430 0x63b60 0x62d60
__dllonexit 0x0 0x180057438 0x63b68 0x62d68
_unlock 0x0 0x180057440 0x63b70 0x62d70
__crt_debugger_hook 0x0 0x180057448 0x63b78 0x62d78
__CppXcptFilter 0x0 0x180057450 0x63b80 0x62d80
_amsg_exit 0x0 0x180057458 0x63b88 0x62d88
_encoded_null 0x0 0x180057460 0x63b90 0x62d90
_initterm_e 0x0 0x180057468 0x63b98 0x62d98
free 0x0 0x180057470 0x63ba0 0x62da0
malloc 0x0 0x180057478 0x63ba8 0x62da8
_wtoi 0x0 0x180057480 0x63bb0 0x62db0
wcsncpy_s 0x0 0x180057488 0x63bb8 0x62db8
wcstoul 0x0 0x180057490 0x63bc0 0x62dc0
memmove 0x0 0x180057498 0x63bc8 0x62dc8
tolower 0x0 0x1800574a0 0x63bd0 0x62dd0
memcpy 0x0 0x1800574a8 0x63bd8 0x62dd8
memset 0x0 0x1800574b0 0x63be0 0x62de0
memcmp 0x0 0x1800574b8 0x63be8 0x62de8
wcschr 0x0 0x1800574c0 0x63bf0 0x62df0
toupper 0x0 0x1800574c8 0x63bf8 0x62df8
wcsrchr 0x0 0x1800574d0 0x63c00 0x62e00
_CxxThrowException 0x0 0x1800574d8 0x63c08 0x62e08
__CxxFrameHandler3 0x0 0x1800574e0 0x63c10 0x62e10
_wsplitpath_s 0x0 0x1800574e8 0x63c18 0x62e18
memcpy_s 0x0 0x1800574f0 0x63c20 0x62e20
wcsstr 0x0 0x1800574f8 0x63c28 0x62e28
_recalloc 0x0 0x180057500 0x63c30 0x62e30
?terminate@@YAXXZ 0x0 0x180057508 0x63c38 0x62e38
_vsnwprintf_s 0x0 0x180057510 0x63c40 0x62e40
__RTDynamicCast 0x0 0x180057518 0x63c48 0x62e48
iswctype 0x0 0x180057520 0x63c50 0x62e50
towlower 0x0 0x180057528 0x63c58 0x62e58
_snwprintf_s 0x0 0x180057530 0x63c60 0x62e60
wcspbrk 0x0 0x180057538 0x63c68 0x62e68
_wcsnicmp 0x0 0x180057540 0x63c70 0x62e70
wcstok_s 0x0 0x180057548 0x63c78 0x62e78
_initterm 0x0 0x180057550 0x63c80 0x62e80
atoi 0x0 0x180057558 0x63c88 0x62e88
_ecvt_s 0x0 0x180057560 0x63c90 0x62e90
floor 0x0 0x180057568 0x63c98 0x62e98
_wcslwr_s 0x0 0x180057570 0x63ca0 0x62ea0
_wfullpath 0x0 0x180057578 0x63ca8 0x62ea8
__C_specific_handler 0x0 0x180057580 0x63cb0 0x62eb0
_stricmp 0x0 0x180057588 0x63cb8 0x62eb8
wcsncat_s 0x0 0x180057590 0x63cc0 0x62ec0
vswprintf_s 0x0 0x180057598 0x63cc8 0x62ec8
_malloc_crt 0x0 0x1800575a0 0x63cd0 0x62ed0
_invalid_parameter_noinfo_noreturn 0x0 0x1800575a8 0x63cd8 0x62ed8
MSVCP100.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_Xout_of_range@std@@YAXPEBD@Z 0x0 0x1800575b8 0x63ce8 0x62ee8
?_Xlength_error@std@@YAXPEBD@Z 0x0 0x1800575c0 0x63cf0 0x62ef0
Exports (2)
»
Api name EAT Address Ordinal
DllGetClassObject 0x180045ab4 0x2
None 0x180001654 0x1
Digital Signatures (2)
»
Signature Properties
InternalName aceexcl
FileVersion 15.0.4569.1501
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4569.1501
FileDescription Microsoft Access database engine Excel ISAM
OriginalFilename aceexcl.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 33 E5 27 86 A3 0E 4A 2A 80 00 00 00 00 00 33
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\aceexcl.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceexcl.dll (Modified File)
c:\program files\common files\microsoft shared\office15\aceexcl.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 520.39 KB
Hash Values MD5: 4c7c5981f3c2a5957b45b1776220b4b1
SHA1: 0c2981582c44e8505b9ab0e5a3a5d6d64b466652
SHA256: 03bcc12d0d6ac68d9a5eb22cfdd89024a5db19104487c68191fcab14dcca395f
Actions
...
c:\program files\common files\microsoft shared\office15\aceodbc.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceodbc.dll (Modified File)
Size 329.74 KB
Hash Values MD5: 75e285a458724f1326823c9f7800d000
SHA1: 4df06f0fd7535504d93fb6f6f13aff11cac7daa4
SHA256: b98af348bef74e7cc24368d048e07b5d2b9b5dc210f484f863b728975ee60db7
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180035ca4
Size Of Code 0x37c00
Size Of Initialized Data 0x19600
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-08-08 07:25:59
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x37b28 0x37c00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.36
.rdata 0x180039000 0x7f8c 0x8000 0x38000 CNT_INITIALIZED_DATA, MEM_READ 4.64
.data 0x180041000 0x6e58 0x6600 0x40000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.73
.pdata 0x180048000 0x19bc 0x1a00 0x46600 CNT_INITIALIZED_DATA, MEM_READ 5.46
.rsrc 0x18004a000 0x8520 0x8600 0x48000 CNT_INITIALIZED_DATA, MEM_READ 3.09
.reloc 0x180053000 0x5ec 0x600 0x50600 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.72
Imports (146)
»
MSVCR100.dll (65)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x180039000 0x3dfb8 0x3cfb8
_lock 0x0 0x180039008 0x3dfc0 0x3cfc0
__dllonexit 0x0 0x180039010 0x3dfc8 0x3cfc8
_unlock 0x0 0x180039018 0x3dfd0 0x3cfd0
__clean_type_info_names_internal 0x0 0x180039020 0x3dfd8 0x3cfd8
__crt_debugger_hook 0x0 0x180039028 0x3dfe0 0x3cfe0
__CppXcptFilter 0x0 0x180039030 0x3dfe8 0x3cfe8
_amsg_exit 0x0 0x180039038 0x3dff0 0x3cff0
_encoded_null 0x0 0x180039040 0x3dff8 0x3cff8
_initterm_e 0x0 0x180039048 0x3e000 0x3d000
_initterm 0x0 0x180039050 0x3e008 0x3d008
_malloc_crt 0x0 0x180039058 0x3e010 0x3d010
towlower 0x0 0x180039060 0x3e018 0x3d018
_time64 0x0 0x180039068 0x3e020 0x3d020
_localtime64_s 0x0 0x180039070 0x3e028 0x3d028
_snprintf_s 0x0 0x180039078 0x3e030 0x3d030
_ecvt_s 0x0 0x180039080 0x3e038 0x3d038
strtod 0x0 0x180039088 0x3e040 0x3d040
_errno 0x0 0x180039090 0x3e048 0x3d048
strncpy_s 0x0 0x180039098 0x3e050 0x3d050
strchr 0x0 0x1800390a0 0x3e058 0x3d058
isspace 0x0 0x1800390a8 0x3e060 0x3d060
isxdigit 0x0 0x1800390b0 0x3e068 0x3d068
isdigit 0x0 0x1800390b8 0x3e070 0x3d070
wcscspn 0x0 0x1800390c0 0x3e078 0x3d078
wcsrchr 0x0 0x1800390c8 0x3e080 0x3d080
wcstok_s 0x0 0x1800390d0 0x3e088 0x3d088
wcsstr 0x0 0x1800390d8 0x3e090 0x3d090
wcschr 0x0 0x1800390e0 0x3e098 0x3d098
wcstol 0x0 0x1800390e8 0x3e0a0 0x3d0a0
_wchdir 0x0 0x1800390f0 0x3e0a8 0x3d0a8
_wgetcwd 0x0 0x1800390f8 0x3e0b0 0x3d0b0
iswctype 0x0 0x180039100 0x3e0b8 0x3d0b8
_wcsnicmp 0x0 0x180039108 0x3e0c0 0x3d0c0
floor 0x0 0x180039110 0x3e0c8 0x3d0c8
modf 0x0 0x180039118 0x3e0d0 0x3d0d0
memmove 0x0 0x180039120 0x3e0d8 0x3d0d8
_wsplitpath_s 0x0 0x180039128 0x3e0e0 0x3d0e0
memcpy 0x0 0x180039130 0x3e0e8 0x3d0e8
__C_specific_handler 0x0 0x180039138 0x3e0f0 0x3d0f0
bsearch 0x0 0x180039140 0x3e0f8 0x3d0f8
_strnicmp 0x0 0x180039148 0x3e100 0x3d100
_wtol 0x0 0x180039150 0x3e108 0x3d108
towupper 0x0 0x180039158 0x3e110 0x3d110
wcsncmp 0x0 0x180039160 0x3e118 0x3d118
wcspbrk 0x0 0x180039168 0x3e120 0x3d120
swprintf_s 0x0 0x180039170 0x3e128 0x3d128
memset 0x0 0x180039178 0x3e130 0x3d130
_heapmin 0x0 0x180039180 0x3e138 0x3d138
malloc 0x0 0x180039188 0x3e140 0x3d140
free 0x0 0x180039190 0x3e148 0x3d148
_wcsicmp 0x0 0x180039198 0x3e150 0x3d150
wcsncpy_s 0x0 0x1800391a0 0x3e158 0x3d158
_wtoi 0x0 0x1800391a8 0x3e160 0x3d160
swscanf_s 0x0 0x1800391b0 0x3e168 0x3d168
_vsnwprintf_s 0x0 0x1800391b8 0x3e170 0x3d170
calloc 0x0 0x1800391c0 0x3e178 0x3d178
_wfullpath 0x0 0x1800391c8 0x3e180 0x3d180
_wstat64i32 0x0 0x1800391d0 0x3e188 0x3d188
_stricmp 0x0 0x1800391d8 0x3e190 0x3d190
wcsncat_s 0x0 0x1800391e0 0x3e198 0x3d198
?terminate@@YAXXZ 0x0 0x1800391e8 0x3e1a0 0x3d1a0
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x1800391f0 0x3e1a8 0x3d1a8
_vswprintf_c_l 0x0 0x1800391f8 0x3e1b0 0x3d1b0
_snwprintf_s 0x0 0x180039200 0x3e1b8 0x3d1b8
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetTextExtentPointW 0x0 0x180039210 0x3e1c8 0x3d1c8
KERNEL32.dll (66)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LocalAlloc 0x0 0x180039220 0x3e1d8 0x3d1d8
RaiseException 0x0 0x180039228 0x3e1e0 0x3d1e0
CreateFileW 0x0 0x180039230 0x3e1e8 0x3d1e8
WritePrivateProfileStringW 0x0 0x180039238 0x3e1f0 0x3d1f0
GetPrivateProfileStringW 0x0 0x180039240 0x3e1f8 0x3d1f8
GetLastError 0x0 0x180039248 0x3e200 0x3d200
OutputDebugStringW 0x0 0x180039250 0x3e208 0x3d208
ExpandEnvironmentStringsA 0x0 0x180039258 0x3e210 0x3d210
LoadLibraryExA 0x0 0x180039260 0x3e218 0x3d218
LoadLibraryExW 0x0 0x180039268 0x3e220 0x3d220
GetSystemDirectoryW 0x0 0x180039270 0x3e228 0x3d228
GetModuleFileNameW 0x0 0x180039278 0x3e230 0x3d230
RtlCaptureContext 0x0 0x180039280 0x3e238 0x3d238
RtlLookupFunctionEntry 0x0 0x180039288 0x3e240 0x3d240
RtlVirtualUnwind 0x0 0x180039290 0x3e248 0x3d248
IsDebuggerPresent 0x0 0x180039298 0x3e250 0x3d250
GetModuleHandleW 0x0 0x1800392a0 0x3e258 0x3d258
GetTimeFormatA 0x0 0x1800392a8 0x3e260 0x3d260
GetCurrentProcessId 0x0 0x1800392b0 0x3e268 0x3d268
GetProcessVersion 0x0 0x1800392b8 0x3e270 0x3d270
GetCurrentThreadId 0x0 0x1800392c0 0x3e278 0x3d278
MultiByteToWideChar 0x0 0x1800392c8 0x3e280 0x3d280
WideCharToMultiByte 0x0 0x1800392d0 0x3e288 0x3d288
GetCPInfo 0x0 0x1800392d8 0x3e290 0x3d290
InitializeCriticalSection 0x0 0x1800392e0 0x3e298 0x3d298
DeleteCriticalSection 0x0 0x1800392e8 0x3e2a0 0x3d2a0
FreeLibrary 0x0 0x1800392f0 0x3e2a8 0x3d2a8
GetProcAddress 0x0 0x1800392f8 0x3e2b0 0x3d2b0
EnterCriticalSection 0x0 0x180039300 0x3e2b8 0x3d2b8
LeaveCriticalSection 0x0 0x180039308 0x3e2c0 0x3d2c0
GetModuleFileNameA 0x0 0x180039310 0x3e2c8 0x3d2c8
GetSystemDefaultLCID 0x0 0x180039318 0x3e2d0 0x3d2d0
GetUserDefaultLCID 0x0 0x180039320 0x3e2d8 0x3d2d8
FindClose 0x0 0x180039328 0x3e2e0 0x3d2e0
FindFirstFileW 0x0 0x180039330 0x3e2e8 0x3d2e8
FindNextFileW 0x0 0x180039338 0x3e2f0 0x3d2f0
GetCurrentDirectoryW 0x0 0x180039340 0x3e2f8 0x3d2f8
DeleteFileW 0x0 0x180039348 0x3e300 0x3d300
GetDriveTypeW 0x0 0x180039350 0x3e308 0x3d308
GetTempFileNameW 0x0 0x180039358 0x3e310 0x3d310
GetTempPathW 0x0 0x180039360 0x3e318 0x3d318
CloseHandle 0x0 0x180039368 0x3e320 0x3d320
SetErrorMode 0x0 0x180039370 0x3e328 0x3d328
GetWindowsDirectoryW 0x0 0x180039378 0x3e330 0x3d330
MoveFileW 0x0 0x180039380 0x3e338 0x3d338
GetDateFormatA 0x0 0x180039388 0x3e340 0x3d340
LoadLibraryA 0x0 0x180039390 0x3e348 0x3d348
GetNumberFormatA 0x0 0x180039398 0x3e350 0x3d350
GetCurrencyFormatA 0x0 0x1800393a0 0x3e358 0x3d358
LoadResource 0x0 0x1800393a8 0x3e360 0x3d360
LockResource 0x0 0x1800393b0 0x3e368 0x3d368
FindResourceA 0x0 0x1800393b8 0x3e370 0x3d370
QueryPerformanceCounter 0x0 0x1800393c0 0x3e378 0x3d378
GetProcessHeap 0x0 0x1800393c8 0x3e380 0x3d380
HeapSetInformation 0x0 0x1800393d0 0x3e388 0x3d388
GetSystemTimeAsFileTime 0x0 0x1800393d8 0x3e390 0x3d390
GetTickCount 0x0 0x1800393e0 0x3e398 0x3d398
VirtualProtect 0x0 0x1800393e8 0x3e3a0 0x3d3a0
WerRegisterMemoryBlock 0x0 0x1800393f0 0x3e3a8 0x3d3a8
EncodePointer 0x0 0x1800393f8 0x3e3b0 0x3d3b0
DecodePointer 0x0 0x180039400 0x3e3b8 0x3d3b8
Sleep 0x0 0x180039408 0x3e3c0 0x3d3c0
TerminateProcess 0x0 0x180039410 0x3e3c8 0x3d3c8
GetCurrentProcess 0x0 0x180039418 0x3e3d0 0x3d3d0
UnhandledExceptionFilter 0x0 0x180039420 0x3e3d8 0x3d3d8
SetUnhandledExceptionFilter 0x0 0x180039428 0x3e3e0 0x3d3e0
ADVAPI32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegSetValueExW 0x0 0x180039438 0x3e3f0 0x3d3f0
RegQueryValueExA 0x0 0x180039440 0x3e3f8 0x3d3f8
RegOpenKeyExA 0x0 0x180039448 0x3e400 0x3d400
RegOpenKeyExW 0x0 0x180039450 0x3e408 0x3d408
GetUserNameW 0x0 0x180039458 0x3e410 0x3d410
RegCreateKeyExW 0x0 0x180039460 0x3e418 0x3d418
RegDeleteKeyW 0x0 0x180039468 0x3e420 0x3d420
RegGetValueW 0x0 0x180039470 0x3e428 0x3d428
RegCloseKey 0x0 0x180039478 0x3e430 0x3d430
RegQueryValueExW 0x0 0x180039480 0x3e438 0x3d438
RegEnumKeyExW 0x0 0x180039488 0x3e440 0x3d440
COMDLG32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetSaveFileNameW 0x0 0x180039498 0x3e450 0x3d450
GetOpenFileNameW 0x0 0x1800394a0 0x3e458 0x3d458
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StringFromGUID2 0x0 0x1800394b0 0x3e468 0x3d468
Exports (76)
»
Api name EAT Address Ordinal
AdvancedDialogProc 0x180010d44 0x1f7
AssertSzFail 0x18002e188 0x209
ConfigDSN 0x180008730 0x20b
ConfigDSNExW 0x180007b64 0x202
ConfigDSNW 0x180008834 0x204
ConfigDialogProc 0x180012494 0x201
ConfigDriverW 0x18000886c 0x20a
DefTxtFmtDlgProc 0x180030078 0x208
DllMain 0x18000973c 0x1f5
InitDialogAgain 0x180016e6c 0x1fd
InitializeLoginDialog 0x180016f90 0x1ff
InvisibleSelectDb 0x180010874 0x1fc
LoadByOrdinal 0x18002e188 0xc7
LoginDialogProc 0x1800106bc 0x1fe
OpenDirHook 0x180017f10 0x1f8
RepairCompactProc 0x180020fe8 0x1f6
SQLAllocConnect 0x180003220 0x1
SQLAllocEnv 0x180002d78 0x2
SQLAllocHandle 0x18000cf10 0x18
SQLAllocStmt 0x18001c180 0x3
SQLBindCol 0x1800219e8 0x4
SQLBindParameter 0x1800239f0 0x48
SQLBulkOperations 0x18002e668 0x4e
SQLCancel 0x18001c194 0x5
SQLCloseCursor 0x18000ffb0 0x1a
SQLColAttributeW 0x180009f60 0x7f
SQLColumnsW 0x180019e3c 0x8c
SQLConnectW 0x1800033e8 0x6b
SQLCopyDesc 0x180009e18 0x1c
SQLDescribeColW 0x180009fa0 0x6c
SQLDisconnect 0x18000330c 0x9
SQLDriverConnectW 0x180003790 0x8d
SQLEndTran 0x18001c1a8 0x1d
SQLExecDirectW 0x18001c36c 0x6f
SQLExecute 0x18001c1dc 0xc
SQLExtendedFetch 0x180022038 0x3b
SQLFetch 0x180021ed4 0xd
SQLFetchScroll 0x180021f98 0x1e
SQLFreeConnect 0x180003320 0xe
SQLFreeEnv 0x180002f54 0xf
SQLFreeHandle 0x18000cf7c 0x1f
SQLFreeStmt 0x18001c1f0 0x10
SQLGetConnectAttrW 0x180003418 0x84
SQLGetCursorNameW 0x180010020 0x75
SQLGetData 0x180021604 0x2b
SQLGetDescFieldW 0x18000a010 0x85
SQLGetDescRecW 0x18000a038 0x86
SQLGetDiagFieldW 0x180005f18 0x87
SQLGetDiagRecW 0x1800062b0 0x88
SQLGetFunctions 0x18000d1a8 0x2c
SQLGetInfoW 0x18000d3b8 0x91
SQLGetStmtAttrW 0x18001c394 0x8a
SQLGetTypeInfoW 0x18000db30 0x93
SQLMoreResults 0x18001c204 0x3d
SQLNativeSqlW 0x18000db44 0xa2
SQLNumParams 0x180023958 0x3f
SQLNumResultCols 0x180009e2c 0x12
SQLParamData 0x180023930 0x30
SQLPrepareW 0x18001c380 0x77
SQLProcedureColumnsW 0x18003483c 0xa6
SQLProceduresW 0x18003487c 0xa7
SQLPutData 0x180023944 0x31
SQLRowCount 0x180009e74 0x14
SQLSetConnectAttrW 0x1800036b4 0x8b
SQLSetCursorNameW 0x1800101b4 0x79
SQLSetDescFieldW 0x180009ff0 0xad
SQLSetDescRec 0x180009f18 0x4a
SQLSetEnvAttr 0x180002fe0 0x4b
SQLSetPos 0x18002e6b8 0x44
SQLSetScrollOptions 0x18001c218 0x45
SQLSetStmtAttrW 0x18001c3b4 0xb0
SQLSpecialColumnsW 0x180025964 0x98
SQLStatisticsW 0x1800259b0 0x99
SQLTablesW 0x180019e7c 0x9a
SelectIndexDlgProc 0x1800117a0 0x205
SelectUIdxDlgProc 0x180011184 0x200
Digital Signatures (2)
»
Signature Properties
InternalName aceodbc
FileVersion 15.0.4543.1000
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4543.1000
FileDescription Microsoft Access database engine ODBC International DLL
OriginalFilename aceodbc.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 34 24 31 40 C9 A0 C1 79 8D 00 00 00 00 00 34
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\aceodbc.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceodbc.dll (Modified File)
c:\program files\common files\microsoft shared\office15\aceodbc.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 329.92 KB
Hash Values MD5: ff346c9665b7e9e82af69a53d8b1429c
SHA1: 8055bb69845508584254f90300b0813978a54823
SHA256: 416917c48d2e02048bde833bd94534d068f07ca2140cfd418593894594efa40c
Actions
...
c:\program files\common files\microsoft shared\office15\aceodexl.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceodexl.dll (Modified File)
Size 16.15 KB
Hash Values MD5: ba2cbabb58efb619b742d3594df82fe2
SHA1: 42f2e1488f9baf09bb89a781384981cb31a98d5a
SHA256: 02db11ff0f418de37dc7dea84c7df132b98dded31f404570fd3e3d57ec6526da
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18000162c
Size Of Code 0xe00
Size Of Initialized Data 0x1800
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-11-07 13:23:17
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xca0 0xe00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 5.63
.rdata 0x180002000 0x79c 0x800 0x1200 CNT_INITIALIZED_DATA, MEM_READ 4.29
.data 0x180003000 0x5b8 0x200 0x1a00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.23
.pdata 0x180004000 0x108 0x200 0x1c00 CNT_INITIALIZED_DATA, MEM_READ 2.15
.rsrc 0x180005000 0x4b8 0x600 0x1e00 CNT_INITIALIZED_DATA, MEM_READ 2.77
.reloc 0x180006000 0x10 0x200 0x2400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.15
Imports (37)
»
MSVCR100.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x180002000 0x2278 0x1478
_lock 0x0 0x180002008 0x2280 0x1480
__dllonexit 0x0 0x180002010 0x2288 0x1488
_unlock 0x0 0x180002018 0x2290 0x1490
__clean_type_info_names_internal 0x0 0x180002020 0x2298 0x1498
__crt_debugger_hook 0x0 0x180002028 0x22a0 0x14a0
__CppXcptFilter 0x0 0x180002030 0x22a8 0x14a8
_amsg_exit 0x0 0x180002038 0x22b0 0x14b0
_encoded_null 0x0 0x180002040 0x22b8 0x14b8
free 0x0 0x180002048 0x22c0 0x14c0
_initterm_e 0x0 0x180002050 0x22c8 0x14c8
_initterm 0x0 0x180002058 0x22d0 0x14d0
_malloc_crt 0x0 0x180002060 0x22d8 0x14d8
__C_specific_handler 0x0 0x180002068 0x22e0 0x14e0
KERNEL32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetCurrentThreadId 0x0 0x180002078 0x22f0 0x14f0
DisableThreadLibraryCalls 0x0 0x180002080 0x22f8 0x14f8
RtlCaptureContext 0x0 0x180002088 0x2300 0x1500
RtlLookupFunctionEntry 0x0 0x180002090 0x2308 0x1508
RtlVirtualUnwind 0x0 0x180002098 0x2310 0x1510
IsDebuggerPresent 0x0 0x1800020a0 0x2318 0x1518
SetUnhandledExceptionFilter 0x0 0x1800020a8 0x2320 0x1520
UnhandledExceptionFilter 0x0 0x1800020b0 0x2328 0x1528
GetCurrentProcess 0x0 0x1800020b8 0x2330 0x1530
TerminateProcess 0x0 0x1800020c0 0x2338 0x1538
Sleep 0x0 0x1800020c8 0x2340 0x1540
DecodePointer 0x0 0x1800020d0 0x2348 0x1548
EncodePointer 0x0 0x1800020d8 0x2350 0x1550
WerRegisterMemoryBlock 0x0 0x1800020e0 0x2358 0x1558
VirtualProtect 0x0 0x1800020e8 0x2360 0x1560
MultiByteToWideChar 0x0 0x1800020f0 0x2368 0x1568
QueryPerformanceCounter 0x0 0x1800020f8 0x2370 0x1570
GetProcessHeap 0x0 0x180002100 0x2378 0x1578
HeapSetInformation 0x0 0x180002108 0x2380 0x1580
GetCurrentProcessId 0x0 0x180002110 0x2388 0x1588
GetTickCount 0x0 0x180002118 0x2390 0x1590
GetSystemTimeAsFileTime 0x0 0x180002120 0x2398 0x1598
aceodbc.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x202 0x180002130 0x23a8 0x15a8
Exports (1)
»
Api name EAT Address Ordinal
ConfigDSNW 0x1800010e8 0x1
Digital Signatures (2)
»
Signature Properties
InternalName aceodbc
FileVersion 15.0.4454.1000
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4454.1000
FileDescription Microsoft Access database engine Excel IISAM ODBC setup DLL
OriginalFilename aceodbc.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-09-04 21:42
Valid to 2013-03-04 21:42
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 9D 1E 8D 27 AE B8 F3 D8 38 00 01 00 00 00 9D
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 92 4A 00 00 00 00 00 20
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\aceodexl.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceodexl.dll (Modified File)
c:\program files\common files\microsoft shared\office15\aceodexl.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 16.32 KB
Hash Values MD5: 1f484a44f88da05c7dcce378c509d184
SHA1: 51c76770f274a3e56c4d2901a064d30f3baa6246
SHA256: 17b9a7f50e3df33ea45ffb85e05cc6fc5dff1f69eaf9d7cf963b58c4def23d5e
Actions
...
c:\program files\common files\microsoft shared\office15\aceodtxt.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceodtxt.dll (Modified File)
Size 16.15 KB
Hash Values MD5: 7c322691c216b019273505f78800511a
SHA1: f961a8c90f5c83329460ce5fb10f3d2c213dec4c
SHA256: 26761549cb1e0a3947509ada9781578fabbc61bf83e5486f3ef333acb24ffb01
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18000162c
Size Of Code 0xe00
Size Of Initialized Data 0x1800
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-11-07 13:11:16
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xca0 0xe00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 5.63
.rdata 0x180002000 0x79c 0x800 0x1200 CNT_INITIALIZED_DATA, MEM_READ 4.29
.data 0x180003000 0x5b8 0x200 0x1a00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.23
.pdata 0x180004000 0x108 0x200 0x1c00 CNT_INITIALIZED_DATA, MEM_READ 2.15
.rsrc 0x180005000 0x4b8 0x600 0x1e00 CNT_INITIALIZED_DATA, MEM_READ 2.76
.reloc 0x180006000 0x10 0x200 0x2400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.15
Imports (37)
»
MSVCR100.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x180002000 0x2278 0x1478
_lock 0x0 0x180002008 0x2280 0x1480
__dllonexit 0x0 0x180002010 0x2288 0x1488
_unlock 0x0 0x180002018 0x2290 0x1490
__clean_type_info_names_internal 0x0 0x180002020 0x2298 0x1498
__crt_debugger_hook 0x0 0x180002028 0x22a0 0x14a0
__CppXcptFilter 0x0 0x180002030 0x22a8 0x14a8
_amsg_exit 0x0 0x180002038 0x22b0 0x14b0
_encoded_null 0x0 0x180002040 0x22b8 0x14b8
free 0x0 0x180002048 0x22c0 0x14c0
_initterm_e 0x0 0x180002050 0x22c8 0x14c8
_initterm 0x0 0x180002058 0x22d0 0x14d0
_malloc_crt 0x0 0x180002060 0x22d8 0x14d8
__C_specific_handler 0x0 0x180002068 0x22e0 0x14e0
KERNEL32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetCurrentThreadId 0x0 0x180002078 0x22f0 0x14f0
DisableThreadLibraryCalls 0x0 0x180002080 0x22f8 0x14f8
RtlCaptureContext 0x0 0x180002088 0x2300 0x1500
RtlLookupFunctionEntry 0x0 0x180002090 0x2308 0x1508
RtlVirtualUnwind 0x0 0x180002098 0x2310 0x1510
IsDebuggerPresent 0x0 0x1800020a0 0x2318 0x1518
SetUnhandledExceptionFilter 0x0 0x1800020a8 0x2320 0x1520
UnhandledExceptionFilter 0x0 0x1800020b0 0x2328 0x1528
GetCurrentProcess 0x0 0x1800020b8 0x2330 0x1530
TerminateProcess 0x0 0x1800020c0 0x2338 0x1538
Sleep 0x0 0x1800020c8 0x2340 0x1540
DecodePointer 0x0 0x1800020d0 0x2348 0x1548
EncodePointer 0x0 0x1800020d8 0x2350 0x1550
WerRegisterMemoryBlock 0x0 0x1800020e0 0x2358 0x1558
VirtualProtect 0x0 0x1800020e8 0x2360 0x1560
MultiByteToWideChar 0x0 0x1800020f0 0x2368 0x1568
QueryPerformanceCounter 0x0 0x1800020f8 0x2370 0x1570
GetProcessHeap 0x0 0x180002100 0x2378 0x1578
HeapSetInformation 0x0 0x180002108 0x2380 0x1580
GetCurrentProcessId 0x0 0x180002110 0x2388 0x1588
GetTickCount 0x0 0x180002118 0x2390 0x1590
GetSystemTimeAsFileTime 0x0 0x180002120 0x2398 0x1598
aceodbc.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x202 0x180002130 0x23a8 0x15a8
Exports (1)
»
Api name EAT Address Ordinal
ConfigDSNW 0x1800010e8 0x1
Digital Signatures (2)
»
Signature Properties
InternalName aceodbc
FileVersion 15.0.4454.1000
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4454.1000
FileDescription Microsoft Access database engine Text IISAM ODBC setup DLL
OriginalFilename aceodbc.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-09-04 21:42
Valid to 2013-03-04 21:42
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 9D 1E 8D 27 AE B8 F3 D8 38 00 01 00 00 00 9D
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\aceodtxt.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceodtxt.dll (Modified File)
c:\program files\common files\microsoft shared\office15\aceodtxt.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 16.32 KB
Hash Values MD5: 29a19ace4b25eee1bfd424e366d47dce
SHA1: 325fcdbe3b92055ab27d9f2f5930a48b44ea2035
SHA256: ef32bcac712cbccd06050f46febc2e1fe0a3b137979983651741c86837ea1499
Actions
...
c:\program files\common files\microsoft shared\office15\aceoledb.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceoledb.dll (Modified File)
Size 434.23 KB
Hash Values MD5: 4dd6290e2b84dfbe08094f2cd143d201
SHA1: dfffbb59d84cafd02c68b330faa2b1ec995502d6
SHA256: 40eddbb515314a7776d97f2e407f74cf40991b0535af2459e7aad11ab4dccd93
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18000faec
Size Of Code 0x48400
Size Of Initialized Data 0x22c00
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-10-09 11:51:53
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x482c4 0x48400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.31
.rdata 0x18004a000 0x1a86c 0x1aa00 0x48800 CNT_INITIALIZED_DATA, MEM_READ 3.78
.data 0x180065000 0x3670 0x3200 0x63200 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.14
.pdata 0x180069000 0x3168 0x3200 0x66400 CNT_INITIALIZED_DATA, MEM_READ 5.6
.rsrc 0x18006d000 0x7c0 0x800 0x69600 CNT_INITIALIZED_DATA, MEM_READ 3.36
.reloc 0x18006e000 0xeb0 0x1000 0x69e00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.29
Imports (93)
»
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StringFromGUID2 0x0 0x18004a000 0x5d1e8 0x5b9e8
CoCreateInstance 0x0 0x18004a008 0x5d1f0 0x5b9f0
CoCreateGuid 0x0 0x18004a010 0x5d1f8 0x5b9f8
CoGetMalloc 0x0 0x18004a018 0x5d200 0x5ba00
MSVCR100.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18004a028 0x5d210 0x5ba10
__clean_type_info_names_internal 0x0 0x18004a030 0x5d218 0x5ba18
?terminate@@YAXXZ 0x0 0x18004a038 0x5d220 0x5ba20
__crt_debugger_hook 0x0 0x18004a040 0x5d228 0x5ba28
_onexit 0x0 0x18004a048 0x5d230 0x5ba30
_lock 0x0 0x18004a050 0x5d238 0x5ba38
__dllonexit 0x0 0x18004a058 0x5d240 0x5ba40
_unlock 0x0 0x18004a060 0x5d248 0x5ba48
__CppXcptFilter 0x0 0x18004a068 0x5d250 0x5ba50
_amsg_exit 0x0 0x18004a070 0x5d258 0x5ba58
_encoded_null 0x0 0x18004a078 0x5d260 0x5ba60
_initterm_e 0x0 0x18004a080 0x5d268 0x5ba68
_initterm 0x0 0x18004a088 0x5d270 0x5ba70
_malloc_crt 0x0 0x18004a090 0x5d278 0x5ba78
vswprintf_s 0x0 0x18004a098 0x5d280 0x5ba80
wcsrchr 0x0 0x18004a0a0 0x5d288 0x5ba88
wcsncat_s 0x0 0x18004a0a8 0x5d290 0x5ba90
__C_specific_handler 0x0 0x18004a0b0 0x5d298 0x5ba98
_stricmp 0x0 0x18004a0b8 0x5d2a0 0x5baa0
_snwprintf_s 0x0 0x18004a0c0 0x5d2a8 0x5baa8
rand 0x0 0x18004a0c8 0x5d2b0 0x5bab0
calloc 0x0 0x18004a0d0 0x5d2b8 0x5bab8
memcmp 0x0 0x18004a0d8 0x5d2c0 0x5bac0
_time64 0x0 0x18004a0e0 0x5d2c8 0x5bac8
srand 0x0 0x18004a0e8 0x5d2d0 0x5bad0
_wcsicmp 0x0 0x18004a0f0 0x5d2d8 0x5bad8
memset 0x0 0x18004a0f8 0x5d2e0 0x5bae0
realloc 0x0 0x18004a100 0x5d2e8 0x5bae8
malloc 0x0 0x18004a108 0x5d2f0 0x5baf0
free 0x0 0x18004a110 0x5d2f8 0x5baf8
memcpy 0x0 0x18004a118 0x5d300 0x5bb00
__CxxFrameHandler3 0x0 0x18004a120 0x5d308 0x5bb08
wcsncpy_s 0x0 0x18004a128 0x5d310 0x5bb10
KERNEL32.dll (38)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LocalAlloc 0x0 0x18004a138 0x5d320 0x5bb20
RtlCaptureContext 0x0 0x18004a140 0x5d328 0x5bb28
RtlLookupFunctionEntry 0x0 0x18004a148 0x5d330 0x5bb30
RtlVirtualUnwind 0x0 0x18004a150 0x5d338 0x5bb38
IsDebuggerPresent 0x0 0x18004a158 0x5d340 0x5bb40
SetUnhandledExceptionFilter 0x0 0x18004a160 0x5d348 0x5bb48
UnhandledExceptionFilter 0x0 0x18004a168 0x5d350 0x5bb50
GetCurrentProcess 0x0 0x18004a170 0x5d358 0x5bb58
TerminateProcess 0x0 0x18004a178 0x5d360 0x5bb60
Sleep 0x0 0x18004a180 0x5d368 0x5bb68
DecodePointer 0x0 0x18004a188 0x5d370 0x5bb70
EncodePointer 0x0 0x18004a190 0x5d378 0x5bb78
GetModuleFileNameW 0x0 0x18004a198 0x5d380 0x5bb80
HeapFree 0x0 0x18004a1a0 0x5d388 0x5bb88
HeapAlloc 0x0 0x18004a1a8 0x5d390 0x5bb90
WerRegisterMemoryBlock 0x0 0x18004a1b0 0x5d398 0x5bb98
VirtualProtect 0x0 0x18004a1b8 0x5d3a0 0x5bba0
GetTickCount 0x0 0x18004a1c0 0x5d3a8 0x5bba8
GetSystemTimeAsFileTime 0x0 0x18004a1c8 0x5d3b0 0x5bbb0
GetCurrentThreadId 0x0 0x18004a1d0 0x5d3b8 0x5bbb8
GetCurrentProcessId 0x0 0x18004a1d8 0x5d3c0 0x5bbc0
HeapSetInformation 0x0 0x18004a1e0 0x5d3c8 0x5bbc8
GetProcessHeap 0x0 0x18004a1e8 0x5d3d0 0x5bbd0
QueryPerformanceCounter 0x0 0x18004a1f0 0x5d3d8 0x5bbd8
LoadLibraryA 0x0 0x18004a1f8 0x5d3e0 0x5bbe0
EnterCriticalSection 0x0 0x18004a200 0x5d3e8 0x5bbe8
LeaveCriticalSection 0x0 0x18004a208 0x5d3f0 0x5bbf0
InitializeCriticalSection 0x0 0x18004a210 0x5d3f8 0x5bbf8
DeleteCriticalSection 0x0 0x18004a218 0x5d400 0x5bc00
GetLastError 0x0 0x18004a220 0x5d408 0x5bc08
MultiByteToWideChar 0x0 0x18004a228 0x5d410 0x5bc10
WideCharToMultiByte 0x0 0x18004a230 0x5d418 0x5bc18
GetCPInfo 0x0 0x18004a238 0x5d420 0x5bc20
FreeLibrary 0x0 0x18004a240 0x5d428 0x5bc28
GetProcAddress 0x0 0x18004a248 0x5d430 0x5bc30
RaiseException 0x0 0x18004a250 0x5d438 0x5bc38
GetModuleHandleW 0x0 0x18004a258 0x5d440 0x5bc40
LoadLibraryExW 0x0 0x18004a260 0x5d448 0x5bc48
ADVAPI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegisterEventSourceW 0x0 0x18004a270 0x5d458 0x5bc58
RegOpenKeyExA 0x0 0x18004a278 0x5d460 0x5bc60
RegQueryValueExW 0x0 0x18004a280 0x5d468 0x5bc68
ReportEventW 0x0 0x18004a288 0x5d470 0x5bc70
RegCloseKey 0x0 0x18004a290 0x5d478 0x5bc78
DeregisterEventSource 0x0 0x18004a298 0x5d480 0x5bc80
RegGetValueW 0x0 0x18004a2a0 0x5d488 0x5bc88
RegOpenKeyExW 0x0 0x18004a2a8 0x5d490 0x5bc90
OLEAUT32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetErrorInfo 0xc8 0x18004a2b8 0x5d4a0 0x5bca0
SysAllocStringLen 0x4 0x18004a2c0 0x5d4a8 0x5bca8
VariantClear 0x9 0x18004a2c8 0x5d4b0 0x5bcb0
SetErrorInfo 0xc9 0x18004a2d0 0x5d4b8 0x5bcb8
SysAllocString 0x2 0x18004a2d8 0x5d4c0 0x5bcc0
SysFreeString 0x6 0x18004a2e0 0x5d4c8 0x5bcc8
VariantCopy 0xa 0x18004a2e8 0x5d4d0 0x5bcd0
VariantInit 0x8 0x18004a2f0 0x5d4d8 0x5bcd8
VarBstrFromDate 0x72 0x18004a2f8 0x5d4e0 0x5bce0
SysStringLen 0x7 0x18004a300 0x5d4e8 0x5bce8
Exports (3)
»
Api name EAT Address Ordinal
DllCanUnloadNow 0x18000667c 0x1
DllGetClassObject 0x18000300c 0x2
DllMain 0x18000fa40 0x3
Digital Signatures (2)
»
Signature Properties
InternalName aceoledb
FileVersion 15.0.4561.1000
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4561.1000
FileDescription Microsoft Access database engine OLE DB Provider
OriginalFilename aceoledb.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 33 E5 27 86 A3 0E 4A 2A 80 00 00 00 00 00 33
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\aceoledb.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\aceoledb.dll (Modified File)
c:\program files\common files\microsoft shared\office15\aceoledb.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 434.40 KB
Hash Values MD5: 5f559f7baa58dc93bc354d3f58765a64
SHA1: 32bca4100aaded3f9ca0a00bc39f72fe64a8c018
SHA256: 46674b4a9c0959840c2cc0bcbda88f46c745863bdc0c08f15c1409f539e60310
Actions
...
c:\program files\common files\microsoft shared\office15\acetxt.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acetxt.dll (Modified File)
Size 198.71 KB
Hash Values MD5: ab643cc9cfcd2f2da49e6d9e2b075a7c
SHA1: f41fed3ad8a6ed248e36f447954d56aa0553534b
SHA256: b9e48ff742d7b50cd760a11a7746562af25a742ef1acb43ef4ac7818593431c4
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180021e24
Size Of Code 0x22800
Size Of Initialized Data 0x13400
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:09:28
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x226b8 0x22800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.37
.rdata 0x180024000 0x7abc 0x7c00 0x22c00 CNT_INITIALIZED_DATA, MEM_READ 4.28
.data 0x18002c000 0x918c 0x3200 0x2a800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.09
.pdata 0x180036000 0x1770 0x1800 0x2da00 CNT_INITIALIZED_DATA, MEM_READ 5.16
.rsrc 0x180038000 0x498 0x600 0x2f200 CNT_INITIALIZED_DATA, MEM_READ 2.7
.reloc 0x180039000 0x6e4 0x800 0x2f800 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.04
Imports (145)
»
acecore.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
(by ordinal) 0x38c 0x180024000 0x29198 0x27d98
(by ordinal) 0x9f 0x180024008 0x291a0 0x27da0
(by ordinal) 0xac 0x180024010 0x291a8 0x27da8
(by ordinal) 0xb3 0x180024018 0x291b0 0x27db0
(by ordinal) 0x6c 0x180024020 0x291b8 0x27db8
(by ordinal) 0x9e 0x180024028 0x291c0 0x27dc0
(by ordinal) 0x88 0x180024030 0x291c8 0x27dc8
(by ordinal) 0x65 0x180024038 0x291d0 0x27dd0
(by ordinal) 0x76 0x180024040 0x291d8 0x27dd8
(by ordinal) 0xb0 0x180024048 0x291e0 0x27de0
(by ordinal) 0xaa 0x180024050 0x291e8 0x27de8
(by ordinal) 0x9b 0x180024058 0x291f0 0x27df0
(by ordinal) 0x9c 0x180024060 0x291f8 0x27df8
(by ordinal) 0xad 0x180024068 0x29200 0x27e00
(by ordinal) 0xa7 0x180024070 0x29208 0x27e08
(by ordinal) 0x92 0x180024078 0x29210 0x27e10
MSVCR100.dll (49)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x180024088 0x29220 0x27e20
_lock 0x0 0x180024090 0x29228 0x27e28
__dllonexit 0x0 0x180024098 0x29230 0x27e30
_unlock 0x0 0x1800240a0 0x29238 0x27e38
__clean_type_info_names_internal 0x0 0x1800240a8 0x29240 0x27e40
__crt_debugger_hook 0x0 0x1800240b0 0x29248 0x27e48
__CppXcptFilter 0x0 0x1800240b8 0x29250 0x27e50
_amsg_exit 0x0 0x1800240c0 0x29258 0x27e58
_encoded_null 0x0 0x1800240c8 0x29260 0x27e60
_initterm_e 0x0 0x1800240d0 0x29268 0x27e68
_initterm 0x0 0x1800240d8 0x29270 0x27e70
_malloc_crt 0x0 0x1800240e0 0x29278 0x27e78
wcsncat_s 0x0 0x1800240e8 0x29280 0x27e80
_wfullpath 0x0 0x1800240f0 0x29288 0x27e88
malloc 0x0 0x1800240f8 0x29290 0x27e90
free 0x0 0x180024100 0x29298 0x27e98
_stricmp 0x0 0x180024108 0x292a0 0x27ea0
__C_specific_handler 0x0 0x180024110 0x292a8 0x27ea8
strstr 0x0 0x180024118 0x292b0 0x27eb0
_wcsicmp 0x0 0x180024120 0x292b8 0x27eb8
floor 0x0 0x180024128 0x292c0 0x27ec0
_ecvt_s 0x0 0x180024130 0x292c8 0x27ec8
?terminate@@YAXXZ 0x0 0x180024138 0x292d0 0x27ed0
wcsncmp 0x0 0x180024140 0x292d8 0x27ed8
wcstod 0x0 0x180024148 0x292e0 0x27ee0
wcspbrk 0x0 0x180024150 0x292e8 0x27ee8
ldiv 0x0 0x180024158 0x292f0 0x27ef0
toupper 0x0 0x180024160 0x292f8 0x27ef8
_snwprintf_s 0x0 0x180024168 0x29300 0x27f00
atoi 0x0 0x180024170 0x29308 0x27f08
wcstok_s 0x0 0x180024178 0x29310 0x27f10
_wtoi 0x0 0x180024180 0x29318 0x27f18
swscanf_s 0x0 0x180024188 0x29320 0x27f20
_wtol 0x0 0x180024190 0x29328 0x27f28
towlower 0x0 0x180024198 0x29330 0x27f30
memmove 0x0 0x1800241a0 0x29338 0x27f38
wcsstr 0x0 0x1800241a8 0x29340 0x27f40
_wsplitpath_s 0x0 0x1800241b0 0x29348 0x27f48
iswctype 0x0 0x1800241b8 0x29350 0x27f50
wcsrchr 0x0 0x1800241c0 0x29358 0x27f58
wcsncpy_s 0x0 0x1800241c8 0x29360 0x27f60
wcschr 0x0 0x1800241d0 0x29368 0x27f68
memset 0x0 0x1800241d8 0x29370 0x27f70
memcpy 0x0 0x1800241e0 0x29378 0x27f78
memcmp 0x0 0x1800241e8 0x29380 0x27f80
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x1800241f0 0x29388 0x27f88
_errno 0x0 0x1800241f8 0x29390 0x27f90
_CxxThrowException 0x0 0x180024200 0x29398 0x27f98
__CxxFrameHandler3 0x0 0x180024208 0x293a0 0x27fa0
KERNEL32.dll (66)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadLibraryA 0x0 0x180024218 0x293b0 0x27fb0
LocalAlloc 0x0 0x180024220 0x293b8 0x27fb8
RtlCaptureContext 0x0 0x180024228 0x293c0 0x27fc0
RtlLookupFunctionEntry 0x0 0x180024230 0x293c8 0x27fc8
RtlVirtualUnwind 0x0 0x180024238 0x293d0 0x27fd0
IsDebuggerPresent 0x0 0x180024240 0x293d8 0x27fd8
SetUnhandledExceptionFilter 0x0 0x180024248 0x293e0 0x27fe0
UnhandledExceptionFilter 0x0 0x180024250 0x293e8 0x27fe8
GetCurrentProcess 0x0 0x180024258 0x293f0 0x27ff0
TerminateProcess 0x0 0x180024260 0x293f8 0x27ff8
Sleep 0x0 0x180024268 0x29400 0x28000
DecodePointer 0x0 0x180024270 0x29408 0x28008
EncodePointer 0x0 0x180024278 0x29410 0x28010
WerRegisterMemoryBlock 0x0 0x180024280 0x29418 0x28018
VirtualProtect 0x0 0x180024288 0x29420 0x28020
GetTickCount 0x0 0x180024290 0x29428 0x28028
GetSystemTimeAsFileTime 0x0 0x180024298 0x29430 0x28030
GetCurrentThreadId 0x0 0x1800242a0 0x29438 0x28038
HeapSetInformation 0x0 0x1800242a8 0x29440 0x28040
GetProcessHeap 0x0 0x1800242b0 0x29448 0x28048
QueryPerformanceCounter 0x0 0x1800242b8 0x29450 0x28050
GetLocaleInfoW 0x0 0x1800242c0 0x29458 0x28058
LoadLibraryExW 0x0 0x1800242c8 0x29460 0x28060
GetModuleHandleW 0x0 0x1800242d0 0x29468 0x28068
GetTempPathW 0x0 0x1800242d8 0x29470 0x28070
RemoveDirectoryW 0x0 0x1800242e0 0x29478 0x28078
GetFileAttributesW 0x0 0x1800242e8 0x29480 0x28080
FindNextFileW 0x0 0x1800242f0 0x29488 0x28088
FindFirstFileW 0x0 0x1800242f8 0x29490 0x28090
DeleteFileW 0x0 0x180024300 0x29498 0x28098
CreateDirectoryW 0x0 0x180024308 0x294a0 0x280a0
GetCurrentDirectoryW 0x0 0x180024310 0x294a8 0x280a8
SetCurrentDirectoryW 0x0 0x180024318 0x294b0 0x280b0
ExpandEnvironmentStringsW 0x0 0x180024320 0x294b8 0x280b8
MultiByteToWideChar 0x0 0x180024328 0x294c0 0x280c0
WideCharToMultiByte 0x0 0x180024330 0x294c8 0x280c8
GetACP 0x0 0x180024338 0x294d0 0x280d0
GetOEMCP 0x0 0x180024340 0x294d8 0x280d8
GetUserDefaultLCID 0x0 0x180024348 0x294e0 0x280e0
GlobalAlloc 0x0 0x180024350 0x294e8 0x280e8
GlobalLock 0x0 0x180024358 0x294f0 0x280f0
GlobalUnlock 0x0 0x180024360 0x294f8 0x280f8
GlobalFree 0x0 0x180024368 0x29500 0x28100
FileTimeToLocalFileTime 0x0 0x180024370 0x29508 0x28108
FindClose 0x0 0x180024378 0x29510 0x28110
GetFileTime 0x0 0x180024380 0x29518 0x28118
ReadFile 0x0 0x180024388 0x29520 0x28120
SetFilePointer 0x0 0x180024390 0x29528 0x28128
WriteFile 0x0 0x180024398 0x29530 0x28130
CloseHandle 0x0 0x1800243a0 0x29538 0x28138
GetLastError 0x0 0x1800243a8 0x29540 0x28140
FileTimeToDosDateTime 0x0 0x1800243b0 0x29548 0x28148
GetCurrentProcessId 0x0 0x1800243b8 0x29550 0x28150
GetVersionExW 0x0 0x1800243c0 0x29558 0x28158
FreeLibrary 0x0 0x1800243c8 0x29560 0x28160
GetProcAddress 0x0 0x1800243d0 0x29568 0x28168
DisableThreadLibraryCalls 0x0 0x1800243d8 0x29570 0x28170
GetPrivateProfileStringW 0x0 0x1800243e0 0x29578 0x28178
RaiseException 0x0 0x1800243e8 0x29580 0x28180
GetFileSize 0x0 0x1800243f0 0x29588 0x28188
GetStringTypeW 0x0 0x1800243f8 0x29590 0x28190
GetStringTypeA 0x0 0x180024400 0x29598 0x28198
IsValidCodePage 0x0 0x180024408 0x295a0 0x281a0
GetLocaleInfoA 0x0 0x180024410 0x295a8 0x281a8
GetSystemDefaultLangID 0x0 0x180024418 0x295b0 0x281b0
WritePrivateProfileStringA 0x0 0x180024420 0x295b8 0x281b8
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
EventWrite 0x0 0x180024430 0x295c8 0x281c8
RegGetValueW 0x0 0x180024438 0x295d0 0x281d0
RegQueryValueExW 0x0 0x180024440 0x295d8 0x281d8
RegOpenKeyExW 0x0 0x180024448 0x295e0 0x281e0
RegCloseKey 0x0 0x180024450 0x295e8 0x281e8
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SysAllocString 0x2 0x180024460 0x295f8 0x281f8
VarI2FromStr 0x36 0x180024468 0x29600 0x28200
SysAllocStringLen 0x4 0x180024470 0x29608 0x28208
VarDecFromStr 0xc5 0x180024478 0x29610 0x28210
SysFreeString 0x6 0x180024480 0x29618 0x28218
SysStringByteLen 0x95 0x180024488 0x29620 0x28220
VarBstrFromDec 0xe8 0x180024490 0x29628 0x28228
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StringFromGUID2 0x0 0x1800244a0 0x29638 0x28238
MSVCP100.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_Xlength_error@std@@YAXPEBD@Z 0x0 0x1800244b0 0x29648 0x28248
Exports (1)
»
Api name EAT Address Ordinal
None 0x18000d3b8 0x1
Digital Signatures (2)
»
Signature Properties
InternalName acetxt
FileVersion 15.0.4569.1503
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4569.1503
FileDescription Microsoft Access database engine Text ISAM
OriginalFilename acetxt.dll
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 34 24 31 40 C9 A0 C1 79 8D 00 00 00 00 00 34
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\acetxt.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acetxt.dll (Modified File)
c:\program files\common files\microsoft shared\office15\acetxt.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 198.89 KB
Hash Values MD5: a87956a3fae7d10956b7a6f122cfd807
SHA1: a78393563b3626e5247557be3935583320e9d8e2
SHA256: 3bdee139de0d75411cb7cf8e5943384ad903e7a8295481720f15769195f8c715
Actions
...
c:\program files\common files\microsoft shared\office15\acewdat.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acewdat.dll (Modified File)
Size 2.91 MB
Hash Values MD5: 647805170c08d2494f35f1437c998f6e
SHA1: 533abafbb1fb6ea0d287937f2d59e6e586260adc
SHA256: f0a6819c08a07b7b5b138f92203e201023351a7826e49e8b5990fe364f4a467f
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001c38
Size Of Code 0x1400
Size Of Initialized Data 0x2e6200
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2012-11-07 13:09:25
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x1224 0x1400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.04
.rdata 0x180003000 0xd78 0xe00 0x1800 CNT_INITIALIZED_DATA, MEM_READ 3.83
.data 0x180004000 0x2e49e8 0x2e4600 0x2600 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE Unknown
.pdata 0x1802e9000 0xf0 0x200 0x2e6c00 CNT_INITIALIZED_DATA, MEM_READ 1.97
.rsrc 0x1802ea000 0x4a0 0x600 0x2e6e00 CNT_INITIALIZED_DATA, MEM_READ 2.71
.reloc 0x1802eb000 0xe4 0x200 0x2e7400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 2.45
Imports (38)
»
MSVCR100.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_onexit 0x0 0x180003000 0x3870 0x2070
_lock 0x0 0x180003008 0x3878 0x2078
__dllonexit 0x0 0x180003010 0x3880 0x2080
_unlock 0x0 0x180003018 0x3888 0x2088
__clean_type_info_names_internal 0x0 0x180003020 0x3890 0x2090
__crt_debugger_hook 0x0 0x180003028 0x3898 0x2098
__CppXcptFilter 0x0 0x180003030 0x38a0 0x20a0
__C_specific_handler 0x0 0x180003038 0x38a8 0x20a8
_amsg_exit 0x0 0x180003040 0x38b0 0x20b0
_encoded_null 0x0 0x180003048 0x38b8 0x20b8
free 0x0 0x180003050 0x38c0 0x20c0
_initterm_e 0x0 0x180003058 0x38c8 0x20c8
_initterm 0x0 0x180003060 0x38d0 0x20d0
_malloc_crt 0x0 0x180003068 0x38d8 0x20d8
memcpy 0x0 0x180003070 0x38e0 0x20e0
KERNEL32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
HeapSetInformation 0x0 0x180003080 0x38f0 0x20f0
DisableThreadLibraryCalls 0x0 0x180003088 0x38f8 0x20f8
RtlCaptureContext 0x0 0x180003090 0x3900 0x2100
RtlLookupFunctionEntry 0x0 0x180003098 0x3908 0x2108
RtlVirtualUnwind 0x0 0x1800030a0 0x3910 0x2110
IsDebuggerPresent 0x0 0x1800030a8 0x3918 0x2118
SetUnhandledExceptionFilter 0x0 0x1800030b0 0x3920 0x2120
UnhandledExceptionFilter 0x0 0x1800030b8 0x3928 0x2128
GetCurrentProcess 0x0 0x1800030c0 0x3930 0x2130
TerminateProcess 0x0 0x1800030c8 0x3938 0x2138
Sleep 0x0 0x1800030d0 0x3940 0x2140
DecodePointer 0x0 0x1800030d8 0x3948 0x2148
EncodePointer 0x0 0x1800030e0 0x3950 0x2150
WerRegisterMemoryBlock 0x0 0x1800030e8 0x3958 0x2158
VirtualProtect 0x0 0x1800030f0 0x3960 0x2160
GetTickCount 0x0 0x1800030f8 0x3968 0x2168
GlobalAlloc 0x0 0x180003100 0x3970 0x2170
GlobalFree 0x0 0x180003108 0x3978 0x2178
QueryPerformanceCounter 0x0 0x180003110 0x3980 0x2180
GetProcessHeap 0x0 0x180003118 0x3988 0x2188
GetCurrentProcessId 0x0 0x180003120 0x3990 0x2190
GetCurrentThreadId 0x0 0x180003128 0x3998 0x2198
GetSystemTimeAsFileTime 0x0 0x180003130 0x39a0 0x21a0
Exports (1)
»
Api name EAT Address Ordinal
None 0x18000104c 0x1
Digital Signatures (2)
»
Signature Properties
InternalName acewdat
FileVersion 15.0.4454.1000
CompanyName Microsoft Corporation
LegalTrademarks1 Microsoft® is a registered trademark of Microsoft Corporation.
LegalTrademarks2 Windows® is a registered trademark of Microsoft Corporation.
ProductName Microsoft Office 2013
ProductVersion 15.0.4454.1000
FileDescription Microsoft Access database engine Sort Tables DLL
OriginalFilename acewdat.dll
Signature verification True
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2012-09-04 21:42
Valid to 2013-03-04 21:42
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 9D 1E 8D 27 AE B8 F3 D8 38 00 01 00 00 00 9D
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2012-01-09 22:25
Valid to 2013-04-09 22:25
Algorithm SHA-1 with RSA Encryption
Serial number 61 02 8E 42 00 00 00 00 00 1F
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
c:\program files\common files\microsoft shared\office15\acewdat.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acewdat.dll (Modified File)
c:\program files\common files\microsoft shared\office15\acewdat.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 2.91 MB
Hash Values MD5: f7e483ce003ef580ee6f7572ee09c914
SHA1: 1fdfb454abfd257e0d0a087d43799f9d667e2ea0
SHA256: 05eb82fdffd6c6ef627b2bdb557cfbba768f6280d79cb65d9f7ec1f4edc23cf8
Actions
...
c:\program files\common files\microsoft shared\office15\acewss.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acewss.dll (Modified File)
Size 306.73 KB
Hash Values MD5: b9295ce35a64cb40dade608be9ffe6c6
SHA1: 735ee1342a8db6797d461aefb11815513a7bc84b
SHA256: ebe5ca3172453f3793bbf4dd9a4626f08b1c00384b287b6bb0065b19fca449a5
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180001000
Size Of Code 0x39400
Size Of Initialized Data 0x13400
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:25:55
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x39208 0x39400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.3
.rdata 0x18003b000 0xd208 0xd400 0x39800 CNT_INITIALIZED_DATA, MEM_READ 5.5
.data 0x180049000 0x2e4c 0x1400 0x46c00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 3.45
.pdata 0x18004c000 0x26dc 0x2800 0x48000 CNT_INITIALIZED_DATA, MEM_READ 5.45
.rsrc 0x18004f000 0x3e8 0x400 0x4a800 CNT_INITIALIZED_DATA, MEM_READ 3.31
.reloc 0x180050000 0x34c 0x400 0x4ac00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.93
Imports (130)
»
MSVCR100.dll (43)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ 0x0 0x18003b000 0x427e8 0x40fe8
__clean_type_info_names_internal 0x0 0x18003b008 0x427f0 0x40ff0
_onexit 0x0 0x18003b010 0x427f8 0x40ff8
_lock 0x0 0x18003b018 0x42800 0x41000
__dllonexit 0x0 0x18003b020 0x42808 0x41008
_unlock 0x0 0x18003b028 0x42810 0x41010
?terminate@@YAXXZ 0x0 0x18003b030 0x42818 0x41018
__crt_debugger_hook 0x0 0x18003b038 0x42820 0x41020
__CppXcptFilter 0x0 0x18003b040 0x42828 0x41028
__C_specific_handler 0x0 0x18003b048 0x42830 0x41030
_amsg_exit 0x0 0x18003b050 0x42838 0x41038
_encoded_null 0x0 0x18003b058 0x42840 0x41040
_initterm_e 0x0 0x18003b060 0x42848 0x41048
_initterm 0x0 0x18003b068 0x42850 0x41050
_malloc_crt 0x0 0x18003b070 0x42858 0x41058
vswprintf_s 0x0 0x18003b078 0x42860 0x41060
_wtol 0x0 0x18003b080 0x42868 0x41068
??_U@YAPEAX_K@Z 0x0 0x18003b088 0x42870 0x41070
_vsnwprintf_s 0x0 0x18003b090 0x42878 0x41078
wcstoul 0x0 0x18003b098 0x42880 0x41080
_itow_s 0x0 0x18003b0a0 0x42888 0x41088
??2@YAPEAX_K@Z 0x0 0x18003b0a8 0x42890 0x41090
__CxxFrameHandler3 0x0 0x18003b0b0 0x42898 0x41098
wcsncat_s 0x0 0x18003b0b8 0x428a0 0x410a0
wcsncpy_s 0x0 0x18003b0c0 0x428a8 0x410a8
memcpy 0x0 0x18003b0c8 0x428b0 0x410b0
memset 0x0 0x18003b0d0 0x428b8 0x410b8
free 0x0 0x18003b0d8 0x428c0 0x410c0
malloc 0x0 0x18003b0e0 0x428c8 0x410c8
wcstol 0x0 0x18003b0e8 0x428d0 0x410d0
_wtoi 0x0 0x18003b0f0 0x428d8 0x410d8
_wfullpath 0x0 0x18003b0f8 0x428e0 0x410e0
wcsnlen 0x0 0x18003b100 0x428e8 0x410e8
wcsstr 0x0 0x18003b108 0x428f0 0x410f0
_wcsnicmp 0x0 0x18003b110 0x428f8 0x410f8
_snwprintf_s 0x0 0x18003b118 0x42900 0x41100
wcsncmp 0x0 0x18003b120 0x42908 0x41108
memcmp 0x0 0x18003b128 0x42910 0x41110
wcschr 0x0 0x18003b130 0x42918 0x41118
wcsrchr 0x0 0x18003b138 0x42920 0x41120
_wcsicmp 0x0 0x18003b140 0x42928 0x41128
??3@YAXPEAX@Z 0x0 0x18003b148 0x42930 0x41130
??_V@YAXPEAX@Z 0x0 0x18003b150 0x42938 0x41138
ADVAPI32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegisterEventSourceW 0x0 0x18003b160 0x42948 0x41148
DeregisterEventSource 0x0 0x18003b168 0x42950 0x41150
RegQueryValueExW 0x0 0x18003b170 0x42958 0x41158
RegOpenKeyExW 0x0 0x18003b178 0x42960 0x41160
RegCloseKey 0x0 0x18003b180 0x42968 0x41168
ReportEventW 0x0 0x18003b188 0x42970 0x41170
RegOpenKeyExA 0x0 0x18003b190 0x42978 0x41178
EventRegister 0x0 0x18003b198 0x42980 0x41180
EventUnregister 0x0 0x18003b1a0 0x42988 0x41188
EventWrite 0x0 0x18003b1a8 0x42990 0x41190
KERNEL32.dll (56)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateFileW 0x0 0x18003b1b8 0x429a0 0x411a0
FreeLibrary 0x0 0x18003b1c0 0x429a8 0x411a8
GetFileType 0x0 0x18003b1c8 0x429b0 0x411b0
SetLastError 0x0 0x18003b1d0 0x429b8 0x411b8
RtlCaptureContext 0x0 0x18003b1d8 0x429c0 0x411c0
RtlLookupFunctionEntry 0x0 0x18003b1e0 0x429c8 0x411c8
RtlVirtualUnwind 0x0 0x18003b1e8 0x429d0 0x411d0
IsDebuggerPresent 0x0 0x18003b1f0 0x429d8 0x411d8
UnhandledExceptionFilter 0x0 0x18003b1f8 0x429e0 0x411e0
GetCurrentProcess 0x0 0x18003b200 0x429e8 0x411e8
TerminateProcess 0x0 0x18003b208 0x429f0 0x411f0
Sleep 0x0 0x18003b210 0x429f8 0x411f8
DecodePointer 0x0 0x18003b218 0x42a00 0x41200
EncodePointer 0x0 0x18003b220 0x42a08 0x41208
LoadLibraryExW 0x0 0x18003b228 0x42a10 0x41210
GetModuleFileNameW 0x0 0x18003b230 0x42a18 0x41218
HeapFree 0x0 0x18003b238 0x42a20 0x41220
HeapAlloc 0x0 0x18003b240 0x42a28 0x41228
WerRegisterMemoryBlock 0x0 0x18003b248 0x42a30 0x41230
VirtualProtect 0x0 0x18003b250 0x42a38 0x41238
GetSystemTimeAsFileTime 0x0 0x18003b258 0x42a40 0x41240
GetCurrentThreadId 0x0 0x18003b260 0x42a48 0x41248
HeapSetInformation 0x0 0x18003b268 0x42a50 0x41250
GetProcessHeap 0x0 0x18003b270 0x42a58 0x41258
QueryPerformanceCounter 0x0 0x18003b278 0x42a60 0x41260
GetSystemDefaultLCID 0x0 0x18003b280 0x42a68 0x41268
LocalAlloc 0x0 0x18003b288 0x42a70 0x41270
LoadLibraryA 0x0 0x18003b290 0x42a78 0x41278
SetUnhandledExceptionFilter 0x0 0x18003b298 0x42a80 0x41280
GetLastError 0x0 0x18003b2a0 0x42a88 0x41288
MultiByteToWideChar 0x0 0x18003b2a8 0x42a90 0x41290
WideCharToMultiByte 0x0 0x18003b2b0 0x42a98 0x41298
GetTempPathW 0x0 0x18003b2b8 0x42aa0 0x412a0
GetUserDefaultLCID 0x0 0x18003b2c0 0x42aa8 0x412a8
lstrcmpiW 0x0 0x18003b2c8 0x42ab0 0x412b0
GlobalAlloc 0x0 0x18003b2d0 0x42ab8 0x412b8
GlobalLock 0x0 0x18003b2d8 0x42ac0 0x412c0
GlobalUnlock 0x0 0x18003b2e0 0x42ac8 0x412c8
GlobalFree 0x0 0x18003b2e8 0x42ad0 0x412d0
GetCurrentProcessId 0x0 0x18003b2f0 0x42ad8 0x412d8
GetModuleHandleW 0x0 0x18003b2f8 0x42ae0 0x412e0
GetProcAddress 0x0 0x18003b300 0x42ae8 0x412e8
DeleteFileW 0x0 0x18003b308 0x42af0 0x412f0
GetFileAttributesW 0x0 0x18003b310 0x42af8 0x412f8
ReadFile 0x0 0x18003b318 0x42b00 0x41300
RemoveDirectoryW 0x0 0x18003b320 0x42b08 0x41308
SetFilePointer 0x0 0x18003b328 0x42b10 0x41310
WriteFile 0x0 0x18003b330 0x42b18 0x41318
CloseHandle 0x0 0x18003b338 0x42b20 0x41320
RaiseException 0x0 0x18003b340 0x42b28 0x41328
GetLocalTime 0x0 0x18003b348 0x42b30 0x41330
GetACP 0x0 0x18003b350 0x42b38 0x41338
GetOEMCP 0x0 0x18003b358 0x42b40 0x41340
GetTickCount 0x0 0x18003b360 0x42b48 0x41348
lstrcmpW 0x0 0x18003b368 0x42b50 0x41350
CompareStringW 0x0 0x18003b370 0x42b58 0x41358
ole32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoCreateInstance 0x0 0x18003b380 0x42b68 0x41368
CoTaskMemRealloc 0x0 0x18003b388 0x42b70 0x41370
CLSIDFromString 0x0 0x18003b390 0x42b78 0x41378
CoTaskMemFree 0x0 0x18003b398 0x42b80 0x41380
CoTaskMemAlloc 0x0 0x18003b3a0 0x42b88 0x41388
CoGetMalloc 0x0 0x18003b3a8 0x42b90 0x41390
StringFromGUID2 0x0 0x18003b3b0 0x42b98 0x41398
OLEAUT32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VariantChangeType 0xc 0x18003b3c0 0x42ba8 0x413a8
VariantChangeTypeEx 0x93 0x18003b3c8 0x42bb0 0x413b0
VariantCopy 0xa 0x18003b3d0 0x42bb8 0x413b8
VariantInit 0x8 0x18003b3d8 0x42bc0 0x413c0
SysStringLen 0x7 0x18003b3e0 0x42bc8 0x413c8
GetErrorInfo 0xc8 0x18003b3e8 0x42bd0 0x413d0
SysAllocString 0x2 0x18003b3f0 0x42bd8 0x413d8
VariantClear 0x9 0x18003b3f8 0x42be0 0x413e0
SafeArrayUnaccessData 0x18 0x18003b400 0x42be8 0x413e8
SafeArrayAccessData 0x17 0x18003b408 0x42bf0 0x413f0
SafeArrayGetLBound 0x14 0x18003b410 0x42bf8 0x413f8
SafeArrayGetUBound 0x13 0x18003b418 0x42c00 0x41400
SysFreeString 0x6 0x18003b420 0x42c08 0x41408
SysAllocStringLen 0x4 0x18003b428 0x42c10 0x41410
Exports (1)
»
Api name EAT Address Ordinal
None 0x1800014ec 0x1
Digital Signatures (2)
»
Signature Properties
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName ACEWSS
FileVersion 15.00.4569.1503
CompanyName Microsoft Corporation
ProductName Microsoft Office System 2007
ProductVersion 15.00.4569.1503
FileDescription Microsoft Access database engine SharePoint ISAM
OriginalFilename ACEWSS.DLL
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-11-11 22:11
Valid to 2015-02-11 22:11
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 4C A1 E8 4D CC B4 74 7B 3B 00 00 00 00 00 4C
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\acewss.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\acewss.dll (Modified File)
c:\program files\common files\microsoft shared\office15\acewss.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 306.90 KB
Hash Values MD5: 7197d73393763191cde8ab7fa429821d
SHA1: 45c7e7c2c69c75f541c67bc90f55aec0035786ff
SHA256: cf74f95a22ff86b23f589a6229c94b59685bfbd2b62c1eaab2cc691f2e0b3f71
Actions
...
c:\program files\common files\microsoft shared\office15\adal.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\adal.dll (Modified File)
Size 852.66 KB
Hash Values MD5: 212886087460329da2309d9a331d9c6c
SHA1: 48fa1dcf769a7dc8d0e8fbbc0ffe7e9c20315f53
SHA256: f74bda64e3e6709c67dae82968b75a59c1c20d6c5727d70f8aae6f8a9215d79a
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x180054f88
Size Of Code 0x6fc00
Size Of Initialized Data 0x63800
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-10-29 07:26:27
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x6fb3e 0x6fc00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.37
.rdata 0x180071000 0x2dd54 0x2de00 0x70000 CNT_INITIALIZED_DATA, MEM_READ 4.73
.data 0x18009f000 0x7590 0x4a00 0x9de00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.15
.pdata 0x1800a7000 0x66cc 0x6800 0xa2800 CNT_INITIALIZED_DATA, MEM_READ 5.84
.rsrc 0x1800ae000 0x28ea4 0x29000 0xa9000 CNT_INITIALIZED_DATA, MEM_READ 7.21
.reloc 0x1800d7000 0x17a0 0x1800 0xd2000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.03
Imports (236)
»
USER32.dll (57)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CallNextHookEx 0x0 0x1800714a0 0x9d488 0x9c488
SetWindowsHookExW 0x0 0x1800714a8 0x9d490 0x9c490
UnhookWindowsHookEx 0x0 0x1800714b0 0x9d498 0x9c498
GetMessageW 0x0 0x1800714b8 0x9d4a0 0x9c4a0
TranslateMessage 0x0 0x1800714c0 0x9d4a8 0x9c4a8
DispatchMessageW 0x0 0x1800714c8 0x9d4b0 0x9c4b0
PostThreadMessageW 0x0 0x1800714d0 0x9d4b8 0x9c4b8
DefWindowProcW 0x0 0x1800714d8 0x9d4c0 0x9c4c0
CallWindowProcW 0x0 0x1800714e0 0x9d4c8 0x9c4c8
RegisterClassExW 0x0 0x1800714e8 0x9d4d0 0x9c4d0
GetClassInfoExW 0x0 0x1800714f0 0x9d4d8 0x9c4d8
CreateWindowExW 0x0 0x1800714f8 0x9d4e0 0x9c4e0
DestroyWindow 0x0 0x180071500 0x9d4e8 0x9c4e8
SetTimer 0x0 0x180071508 0x9d4f0 0x9c4f0
GetWindowLongPtrW 0x0 0x180071510 0x9d4f8 0x9c4f8
SetWindowLongPtrW 0x0 0x180071518 0x9d500 0x9c500
LoadCursorW 0x0 0x180071520 0x9d508 0x9c508
GetParent 0x0 0x180071528 0x9d510 0x9c510
SendMessageW 0x0 0x180071530 0x9d518 0x9c518
IsWindow 0x0 0x180071538 0x9d520 0x9c520
IsChild 0x0 0x180071540 0x9d528 0x9c528
MoveWindow 0x0 0x180071548 0x9d530 0x9c530
SetWindowPos 0x0 0x180071550 0x9d538 0x9c538
GetDlgItem 0x0 0x180071558 0x9d540 0x9c540
CharNextW 0x0 0x180071560 0x9d548 0x9c548
SetFocus 0x0 0x180071568 0x9d550 0x9c550
GetFocus 0x0 0x180071570 0x9d558 0x9c558
SetCapture 0x0 0x180071578 0x9d560 0x9c560
ReleaseCapture 0x0 0x180071580 0x9d568 0x9c568
CreateAcceleratorTableW 0x0 0x180071588 0x9d570 0x9c570
DestroyAcceleratorTable 0x0 0x180071590 0x9d578 0x9c578
GetDC 0x0 0x180071598 0x9d580 0x9c580
ReleaseDC 0x0 0x1800715a0 0x9d588 0x9c588
BeginPaint 0x0 0x1800715a8 0x9d590 0x9c590
EndPaint 0x0 0x1800715b0 0x9d598 0x9c598
RegisterWindowMessageW 0x0 0x1800715b8 0x9d5a0 0x9c5a0
GetDesktopWindow 0x0 0x1800715c0 0x9d5a8 0x9c5a8
UnregisterClassA 0x0 0x1800715c8 0x9d5b0 0x9c5b0
InvalidateRect 0x0 0x1800715d0 0x9d5b8 0x9c5b8
InvalidateRgn 0x0 0x1800715d8 0x9d5c0 0x9c5c0
RedrawWindow 0x0 0x1800715e0 0x9d5c8 0x9c5c8
SetWindowTextW 0x0 0x1800715e8 0x9d5d0 0x9c5d0
GetWindowTextW 0x0 0x1800715f0 0x9d5d8 0x9c5d8
PostQuitMessage 0x0 0x1800715f8 0x9d5e0 0x9c5e0
PostMessageW 0x0 0x180071600 0x9d5e8 0x9c5e8
LoadIconW 0x0 0x180071608 0x9d5f0 0x9c5f0
GetWindow 0x0 0x180071610 0x9d5f8 0x9c5f8
GetClassNameW 0x0 0x180071618 0x9d600 0x9c600
GetKeyState 0x0 0x180071620 0x9d608 0x9c608
SetWindowLongW 0x0 0x180071628 0x9d610 0x9c610
GetWindowLongW 0x0 0x180071630 0x9d618 0x9c618
FillRect 0x0 0x180071638 0x9d620 0x9c620
GetSysColor 0x0 0x180071640 0x9d628 0x9c628
ScreenToClient 0x0 0x180071648 0x9d630 0x9c630
ClientToScreen 0x0 0x180071650 0x9d638 0x9c638
GetClientRect 0x0 0x180071658 0x9d640 0x9c640
GetWindowTextLengthW 0x0 0x180071660 0x9d648 0x9c648
ole32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
OleRun 0x0 0x180071748 0x9d730 0x9c730
CreateStreamOnHGlobal 0x0 0x180071750 0x9d738 0x9c738
OleLockRunning 0x0 0x180071758 0x9d740 0x9c740
OleUninitialize 0x0 0x180071760 0x9d748 0x9c748
OleInitialize 0x0 0x180071768 0x9d750 0x9c750
CoTaskMemAlloc 0x0 0x180071770 0x9d758 0x9c758
CLSIDFromProgID 0x0 0x180071778 0x9d760 0x9c760
CLSIDFromString 0x0 0x180071780 0x9d768 0x9c768
CoGetClassObject 0x0 0x180071788 0x9d770 0x9c770
CoInitializeEx 0x0 0x180071790 0x9d778 0x9c778
CoUninitialize 0x0 0x180071798 0x9d780 0x9c780
CoCreateInstance 0x0 0x1800717a0 0x9d788 0x9c788
StringFromGUID2 0x0 0x1800717a8 0x9d790 0x9c790
OLEAUT32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DispCallFunc 0x92 0x180071410 0x9d3f8 0x9c3f8
VariantChangeType 0xc 0x180071418 0x9d400 0x9c400
VariantCopy 0xa 0x180071420 0x9d408 0x9c408
OleCreateFontIndirect 0x1a4 0x180071428 0x9d410 0x9c410
VariantClear 0x9 0x180071430 0x9d418 0x9c418
VariantInit 0x8 0x180071438 0x9d420 0x9c420
SysAllocStringLen 0x4 0x180071440 0x9d428 0x9c428
LoadRegTypeLib 0xa2 0x180071448 0x9d430 0x9c430
LoadTypeLib 0xa1 0x180071450 0x9d438 0x9c438
SysStringLen 0x7 0x180071458 0x9d440 0x9c440
SysAllocString 0x2 0x180071460 0x9d448 0x9c448
SysFreeString 0x6 0x180071468 0x9d450 0x9c450
GetErrorInfo 0xc8 0x180071470 0x9d458 0x9c458
ADVAPI32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DeregisterEventSource 0x0 0x180071000 0x9cfe8 0x9bfe8
CryptReleaseContext 0x0 0x180071008 0x9cff0 0x9bff0
CryptGetHashParam 0x0 0x180071010 0x9cff8 0x9bff8
CryptCreateHash 0x0 0x180071018 0x9d000 0x9c000
ReportEventW 0x0 0x180071020 0x9d008 0x9c008
RegisterEventSourceW 0x0 0x180071028 0x9d010 0x9c010
CryptAcquireContextW 0x0 0x180071030 0x9d018 0x9c018
CryptDestroyHash 0x0 0x180071038 0x9d020 0x9c020
CryptHashData 0x0 0x180071040 0x9d028 0x9c028
WINHTTP.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WinHttpOpenRequest 0x0 0x180071670 0x9d658 0x9c658
WinHttpQueryHeaders 0x0 0x180071678 0x9d660 0x9c660
WinHttpReceiveResponse 0x0 0x180071680 0x9d668 0x9c668
WinHttpSetCredentials 0x0 0x180071688 0x9d670 0x9c670
WinHttpSendRequest 0x0 0x180071690 0x9d678 0x9c678
WinHttpAddRequestHeaders 0x0 0x180071698 0x9d680 0x9c680
WinHttpSetStatusCallback 0x0 0x1800716a0 0x9d688 0x9c688
WinHttpSetOption 0x0 0x1800716a8 0x9d690 0x9c690
WinHttpQueryDataAvailable 0x0 0x1800716b0 0x9d698 0x9c698
WinHttpReadData 0x0 0x1800716b8 0x9d6a0 0x9c6a0
WinHttpConnect 0x0 0x1800716c0 0x9d6a8 0x9c6a8
WinHttpCloseHandle 0x0 0x1800716c8 0x9d6b0 0x9c6b0
WinHttpOpen 0x0 0x1800716d0 0x9d6b8 0x9c6b8
WinHttpCrackUrl 0x0 0x1800716d8 0x9d6c0 0x9c6c0
WININET.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
InternetOpenW 0x0 0x1800716e8 0x9d6d0 0x9c6d0
InternetCloseHandle 0x0 0x1800716f0 0x9d6d8 0x9c6d8
InternetConnectW 0x0 0x1800716f8 0x9d6e0 0x9c6e0
InternetReadFile 0x0 0x180071700 0x9d6e8 0x9c6e8
InternetQueryDataAvailable 0x0 0x180071708 0x9d6f0 0x9c6f0
InternetSetStatusCallbackW 0x0 0x180071710 0x9d6f8 0x9c6f8
HttpOpenRequestW 0x0 0x180071718 0x9d700 0x9c700
HttpAddRequestHeadersW 0x0 0x180071720 0x9d708 0x9c708
HttpSendRequestW 0x0 0x180071728 0x9d710 0x9c710
HttpQueryInfoW 0x0 0x180071730 0x9d718 0x9c718
InternetSetOptionW 0x0 0x180071738 0x9d720 0x9c720
CRYPT32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CryptUnprotectData 0x0 0x180071050 0x9d038 0x9c038
CryptProtectData 0x0 0x180071058 0x9d040 0x9c040
RPCRT4.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
UuidCreate 0x0 0x180071480 0x9d468 0x9c468
KERNEL32.dll (105)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SetHandleCount 0x0 0x1800710c0 0x9d0a8 0x9c0a8
GetTimeZoneInformation 0x0 0x1800710c8 0x9d0b0 0x9c0b0
IsValidCodePage 0x0 0x1800710d0 0x9d0b8 0x9c0b8
GetOEMCP 0x0 0x1800710d8 0x9d0c0 0x9c0c0
GetACP 0x0 0x1800710e0 0x9d0c8 0x9c0c8
ExitProcess 0x0 0x1800710e8 0x9d0d0 0x9c0d0
HeapCreate 0x0 0x1800710f0 0x9d0d8 0x9c0d8
GetVersion 0x0 0x1800710f8 0x9d0e0 0x9c0e0
HeapSetInformation 0x0 0x180071100 0x9d0e8 0x9c0e8
FlsAlloc 0x0 0x180071108 0x9d0f0 0x9c0f0
FlsFree 0x0 0x180071110 0x9d0f8 0x9c0f8
FlsGetValue 0x0 0x180071118 0x9d100 0x9c100
GetLocaleInfoW 0x0 0x180071120 0x9d108 0x9c108
GetStdHandle 0x0 0x180071128 0x9d110 0x9c110
WriteFile 0x0 0x180071130 0x9d118 0x9c118
GetCPInfo 0x0 0x180071138 0x9d120 0x9c120
LCMapStringW 0x0 0x180071140 0x9d128 0x9c128
GetCommandLineA 0x0 0x180071148 0x9d130 0x9c130
FlsSetValue 0x0 0x180071150 0x9d138 0x9c138
RtlCaptureContext 0x0 0x180071158 0x9d140 0x9c140
RtlVirtualUnwind 0x0 0x180071160 0x9d148 0x9c148
IsDebuggerPresent 0x0 0x180071168 0x9d150 0x9c150
SetUnhandledExceptionFilter 0x0 0x180071170 0x9d158 0x9c158
UnhandledExceptionFilter 0x0 0x180071178 0x9d160 0x9c160
TerminateProcess 0x0 0x180071180 0x9d168 0x9c168
GetTimeFormatW 0x0 0x180071188 0x9d170 0x9c170
GetDateFormatW 0x0 0x180071190 0x9d178 0x9c178
CreateThread 0x0 0x180071198 0x9d180 0x9c180
ExitThread 0x0 0x1800711a0 0x9d188 0x9c188
GetSystemTimeAsFileTime 0x0 0x1800711a8 0x9d190 0x9c190
RtlUnwindEx 0x0 0x1800711b0 0x9d198 0x9c198
RtlLookupFunctionEntry 0x0 0x1800711b8 0x9d1a0 0x9c1a0
RtlPcToFileHeader 0x0 0x1800711c0 0x9d1a8 0x9c1a8
TerminateThread 0x0 0x1800711c8 0x9d1b0 0x9c1b0
GetCurrentProcess 0x0 0x1800711d0 0x9d1b8 0x9c1b8
FlushInstructionCache 0x0 0x1800711d8 0x9d1c0 0x9c1c0
GetFileType 0x0 0x1800711e0 0x9d1c8 0x9c1c8
GetStartupInfoW 0x0 0x1800711e8 0x9d1d0 0x9c1d0
GetModuleFileNameA 0x0 0x1800711f0 0x9d1d8 0x9c1d8
FreeEnvironmentStringsW 0x0 0x1800711f8 0x9d1e0 0x9c1e0
GetEnvironmentStringsW 0x0 0x180071200 0x9d1e8 0x9c1e8
QueryPerformanceCounter 0x0 0x180071208 0x9d1f0 0x9c1f0
GetTickCount 0x0 0x180071210 0x9d1f8 0x9c1f8
GetCurrentProcessId 0x0 0x180071218 0x9d200 0x9c200
RaiseException 0x0 0x180071220 0x9d208 0x9c208
FormatMessageW 0x0 0x180071228 0x9d210 0x9c210
LocalAlloc 0x0 0x180071230 0x9d218 0x9c218
DeleteCriticalSection 0x0 0x180071238 0x9d220 0x9c220
InitializeCriticalSectionAndSpinCount 0x0 0x180071240 0x9d228 0x9c228
GetCurrentThreadId 0x0 0x180071248 0x9d230 0x9c230
GetExitCodeThread 0x0 0x180071250 0x9d238 0x9c238
WideCharToMultiByte 0x0 0x180071258 0x9d240 0x9c240
LocalFree 0x0 0x180071260 0x9d248 0x9c248
GetModuleHandleW 0x0 0x180071268 0x9d250 0x9c250
GetModuleFileNameW 0x0 0x180071270 0x9d258 0x9c258
lstrlenW 0x0 0x180071278 0x9d260 0x9c260
LeaveCriticalSection 0x0 0x180071280 0x9d268 0x9c268
EnterCriticalSection 0x0 0x180071288 0x9d270 0x9c270
GetProcAddress 0x0 0x180071290 0x9d278 0x9c278
GetUserDefaultLCID 0x0 0x180071298 0x9d280 0x9c280
GetLocaleInfoA 0x0 0x1800712a0 0x9d288 0x9c288
EnumSystemLocalesA 0x0 0x1800712a8 0x9d290 0x9c290
IsValidLocale 0x0 0x1800712b0 0x9d298 0x9c298
LoadLibraryW 0x0 0x1800712b8 0x9d2a0 0x9c2a0
SetFilePointer 0x0 0x1800712c0 0x9d2a8 0x9c2a8
GetConsoleCP 0x0 0x1800712c8 0x9d2b0 0x9c2b0
GetConsoleMode 0x0 0x1800712d0 0x9d2b8 0x9c2b8
SetStdHandle 0x0 0x1800712d8 0x9d2c0 0x9c2c0
WriteConsoleW 0x0 0x1800712e0 0x9d2c8 0x9c2c8
CreateFileW 0x0 0x1800712e8 0x9d2d0 0x9c2d0
InterlockedPopEntrySList 0x0 0x1800712f0 0x9d2d8 0x9c2d8
VirtualAlloc 0x0 0x1800712f8 0x9d2e0 0x9c2e0
VirtualFree 0x0 0x180071300 0x9d2e8 0x9c2e8
InterlockedPushEntrySList 0x0 0x180071308 0x9d2f0 0x9c2f0
GetProcessHeap 0x0 0x180071310 0x9d2f8 0x9c2f8
HeapSize 0x0 0x180071318 0x9d300 0x9c300
HeapReAlloc 0x0 0x180071320 0x9d308 0x9c308
HeapFree 0x0 0x180071328 0x9d310 0x9c310
HeapAlloc 0x0 0x180071330 0x9d318 0x9c318
HeapDestroy 0x0 0x180071338 0x9d320 0x9c320
DecodePointer 0x0 0x180071340 0x9d328 0x9c328
EncodePointer 0x0 0x180071348 0x9d330 0x9c330
InitializeCriticalSection 0x0 0x180071350 0x9d338 0x9c338
Sleep 0x0 0x180071358 0x9d340 0x9c340
GetStringTypeW 0x0 0x180071360 0x9d348 0x9c348
lstrlenA 0x0 0x180071368 0x9d350 0x9c350
GetTickCount64 0x0 0x180071370 0x9d358 0x9c358
lstrcmpW 0x0 0x180071378 0x9d360 0x9c360
MulDiv 0x0 0x180071380 0x9d368 0x9c368
GlobalUnlock 0x0 0x180071388 0x9d370 0x9c370
GlobalLock 0x0 0x180071390 0x9d378 0x9c378
GlobalAlloc 0x0 0x180071398 0x9d380 0x9c380
CloseHandle 0x0 0x1800713a0 0x9d388 0x9c388
WaitForSingleObject 0x0 0x1800713a8 0x9d390 0x9c390
SetLastError 0x0 0x1800713b0 0x9d398 0x9c398
FlushFileBuffers 0x0 0x1800713b8 0x9d3a0 0x9c3a0
CompareStringW 0x0 0x1800713c0 0x9d3a8 0x9c3a8
SetEnvironmentVariableA 0x0 0x1800713c8 0x9d3b0 0x9c3b0
MultiByteToWideChar 0x0 0x1800713d0 0x9d3b8 0x9c3b8
GetLastError 0x0 0x1800713d8 0x9d3c0 0x9c3c0
LockResource 0x0 0x1800713e0 0x9d3c8 0x9c3c8
LoadResource 0x0 0x1800713e8 0x9d3d0 0x9c3d0
SizeofResource 0x0 0x1800713f0 0x9d3d8 0x9c3d8
FindResourceW 0x0 0x1800713f8 0x9d3e0 0x9c3e0
FindResourceExW 0x0 0x180071400 0x9d3e8 0x9c3e8
GDI32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
BitBlt 0x0 0x180071068 0x9d050 0x9c050
CreateCompatibleBitmap 0x0 0x180071070 0x9d058 0x9c058
CreateCompatibleDC 0x0 0x180071078 0x9d060 0x9c060
CreateSolidBrush 0x0 0x180071080 0x9d068 0x9c068
DeleteDC 0x0 0x180071088 0x9d070 0x9c070
DeleteObject 0x0 0x180071090 0x9d078 0x9c078
GetDeviceCaps 0x0 0x180071098 0x9d080 0x9c080
GetStockObject 0x0 0x1800710a0 0x9d088 0x9c088
SelectObject 0x0 0x1800710a8 0x9d090 0x9c090
GetObjectW 0x0 0x1800710b0 0x9d098 0x9c098
Secur32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetUserNameExW 0x0 0x180071490 0x9d478 0x9c478
Exports (40)
»
Api name EAT Address Ordinal
ADALAcquireToken 0x180034230 0x1
ADALCreateAuthenticationContext 0x180033e80 0x2
ADALCreateAuthenticationContextNoUI 0x180033f30 0x3
ADALDeleteRequest 0x180034580 0x4
ADALDeserializeAuthenticationContext 0x180033fc0 0x5
ADALGetAccessToken 0x1800345e0 0x6
ADALGetAccessTokenExpirationTime 0x1800346c0 0x7
ADALGetAccountType 0x1800360a0 0x8
ADALGetClientSecret 0x180036340 0x9
ADALGetContext 0x180034550 0xa
ADALGetErrorCode 0x180034b50 0xb
ADALGetErrorDescription 0x180034ab0 0xc
ADALGetFamilyName 0x180034950 0xd
ADALGetGivenName 0x1800348a0 0xe
ADALGetOption 0x180035df0 0xf
ADALGetRefreshToken 0x180034bf0 0x10
ADALGetRequestStatus 0x1800345b0 0x11
ADALGetTenantId 0x180034a00 0x12
ADALGetUniqueName 0x1800347f0 0x13
ADALGetUserId 0x180034740 0x14
ADALReleaseAuthenticationContext 0x180034200 0x15
ADALSerializeAuthenticationContext 0x180033ff0 0x16
ADALSetAccountType 0x180035f60 0x17
ADALSetAdditionalHttpHeaders 0x180035940 0x18
ADALSetAdditionalQueryParams 0x1800358b0 0x19
ADALSetClientSecret 0x180036200 0x1a
ADALSetLogOptions 0x1800359b0 0x1b
ADALSetOption 0x180035ca0 0x1c
ADALSetRefreshToken 0x180034d20 0x1d
ADALSetSilentLogonOptions 0x180035a40 0x1e
ADALUICreateHostWindow 0x180035630 0x1f
ADALUIGetHostRequirements 0x180035090 0x20
ADALUIGetHostRequirementsEx 0x1800351b0 0x21
ADALUIGetWebBrowser 0x180035830 0x22
ADALUIUseWebBrowser 0x180034da0 0x23
ADALUseClientCredential 0x180035020 0x24
ADALUseEndpoint 0x180035b50 0x25
ADALUseSAMLAssertion 0x180034f90 0x26
ADALUseUsernamePassword 0x180034e80 0x27
ADALUseWindowsAuthentication 0x180034f10 0x28
Icons (6)
»
Digital Signatures (2)
»
Signature Properties
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName ADAL
FileVersion 1.0.1867.0
CompanyName Microsoft Corporation
ProductName Microsoft® ADAL
ProductVersion 1.0.1867.0
FileDescription Windows Azure Active Directory Authentication Library
OriginalFilename adal
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-03-27 20:08
Valid to 2014-06-27 20:08
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 37 FE BD ED DC D2 54 01 6B 00 00 00 00 00 37
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\adal.dll, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\adal.dll (Modified File)
c:\program files\common files\microsoft shared\office15\adal.dll.[sepsis@protonmail.com].sepsis (Created File)
Size 852.84 KB
Hash Values MD5: e71420c3b7525406739bcf2b4acf5da1
SHA1: 27c0469956357ac7d4e8d0bf7441dfa281d7a379
SHA256: 759e788d30f00e4ab556b864b337813811eaa0619bd074e81a8d94b658f41aa4
Actions
...
c:\program files\common files\microsoft shared\office15\cmigrate.exe
»
File Properties
Names c:\program files\common files\microsoft shared\office15\cmigrate.exe (Modified File)
Size 6.78 MB
Hash Values MD5: 86abd59e7c4cf6bfa97651417625dc1d
SHA1: 615b8469602b5353538f0c3dfeb7e36c415fe634
SHA256: e92c7a19b85d4515c9b0257cd7d45eca2ee10449ad01cae25831fb46c4828d86
Actions
...
PE Information
»
Information Value
Image Base 0x140000000
Entry Point 0x1403490d4
Size Of Code 0x42c400
Size Of Initialized Data 0x29ba00
Size Of Uninitialized Data 0x0
Format x64
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:13:52
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x42c3c8 0x42c400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ Unknown
.rdata 0x14042e000 0x20c004 0x20c200 0x42c800 CNT_INITIALIZED_DATA, MEM_READ Unknown
.data 0x14063b000 0x46db8 0x45c00 0x638a00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 6.71
.pdata 0x140682000 0x3750c 0x37600 0x67e600 CNT_INITIALIZED_DATA, MEM_READ 6.36
.rsrc 0x1406ba000 0x498 0x600 0x6b5c00 CNT_INITIALIZED_DATA, MEM_READ 2.7
.reloc 0x1406bb000 0x10cf0 0x10e00 0x6b6200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.47
Digital Signatures (2)
»
Signature Properties
Signature verification True
Certificate: Microsoft Time-Stamp Service
»
Certificate Properties
Issued by Microsoft Time-Stamp PCA
Valid from 2013-11-11 22:11
Valid to 2015-02-11 22:11
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 4C A1 E8 4D CC B4 74 7B 3B 00 00 00 00 00 4C
Issuer Certificate: Microsoft Time-Stamp PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2007-04-03 12:53
Valid to 2021-04-03 13:03
Algorithm SHA-1 with RSA Encryption
Serial number 61 16 68 34 00 00 00 00 00 1C
Certificate: Microsoft Corporation
»
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2013-01-24 22:33
Valid to 2014-04-24 22:33
Algorithm SHA-1 with RSA Encryption
Serial number 33 00 00 00 B0 11 AF 0A 8B D0 3B 9F DD 00 01 00 00 00 B0
Issuer Certificate: Microsoft Code Signing PCA
»
Certificate Properties
Issued by Microsoft Root Certificate Authority
Valid from 2010-08-31 22:19
Valid to 2020-08-31 22:29
Algorithm SHA-1 with RSA Encryption
Serial number 61 33 26 1A 00 00 00 00 00 31
c:\program files\common files\microsoft shared\office15\cmigrate.exe, ...
»
File Properties
Names c:\program files\common files\microsoft shared\office15\cmigrate.exe (Modified File)
c:\program files\common files\microsoft shared\office15\cmigrate.exe.[sepsis@protonmail.com].sepsis (Created File)
Size 6.78 MB
Hash Values MD5: 9f725b0706fda1c639d4026b5bde2aa0
SHA1: 0cd8377d8a3d74a0a47111938f180aab4731fbc1
SHA256: e1299636ddaf703af48d75620110a84467a024e97886f034e82eabfcf45070e5
Actions
...
c:\program files\common files\microsoft shared\office15\csi.dll
»
File Properties
Names c:\program files\common files\microsoft shared\office15\csi.dll (Modified File)
Size 5.30 MB
Hash Values MD5: 0b148a75bbcef7dfd2e0dbf1d36c6c69
SHA1: a34e172145ec418af791a16bb9e589edb84cebe0
SHA256: 5f0b6860a34a25f30e93d4cbd6dcaa601bd6edd89347886627016c10d5f849a2
Actions
...
PE Information
»
Information Value
Image Base 0x180000000
Entry Point 0x18012ecd8
Size Of Code 0x3fdc00
Size Of Initialized Data 0x28a400
Size Of Uninitialized Data 0x0
Format x64
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2013-12-17 22:25:21
Compiler/Packer Unknown
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x3fdb90 0x3fdc00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ Unknown
.rdata 0x1803ff000 0x1f1a78 0x1f1c00 0x3fe000 CNT_INITIALIZED_DATA, MEM_READ 4.76
.data 0x1805f1000 0x43bd8 0x43600 0x5efc00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.0
.pdata 0x180635000 0x449dc 0x44a00 0x633200 CNT_INITIALIZED_DATA, MEM_READ 0.0
.rsrc 0x18067a000 0x488 0x600 0x677c00 CNT_INITIALIZED_DATA, MEM_READ 0.0
.reloc 0x18067b000 0xfa90 0xfc00 0x678200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.0
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image