filename | ntdll.dll | |
---|---|---|
size | 1540768 (0x1782a0) | |
md5 | 4a64bb092a36e6b75007b1ab40b57c5f | |
type | PE32 executable (DLL) (console) Intel 80386, for MS Windows | |
mimetype | application/x-dosexec | |
clamav | OK | |
virustotal | → scan with virustotal.com | |
histogram |
MZ Header
signature | MZ |
bytes_in_last_block | 0x90 |
blocks_in_file | 3 |
num_relocs | 0 |
header_paragraphs | 4 |
min_extra_paragraphs | 0 |
max_extra_paragraphs | 0xffff |
ss | 0 |
sp | 0xb8 |
checksum | 0 |
ip | 0 |
cs | 0 |
reloc_table_offset | 0x40 |
overlay_number | 0 |
reserved0 | 0 |
oem_id | 0 |
oem_info | 0 |
reserved2 | 0 |
reserved3 | 0 |
reserved4 | 0 |
reserved5 | 0 |
reserved6 | 0 |
lfanew | 0xe8 |
Rich Header
lib id | version | times used |
---|---|---|
241 | 30703 | 3 |
238 | 40116 | 1 |
241 | 40116 | 70 |
252 | 40116 | 266 |
243 | 40116 | 27 |
242 | 40116 | 119 |
237 | 40116 | 1 |
240 | 40116 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Signature | PE |
Machine | 0x14c |
NumberOfSections | 7 |
TimeDateStamp | 0x5632d13a |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics | 0x2102 |
Magic | 0x10b |
LinkerVersion | 12.10 |
SizeOfCode | 0x104c00 |
SizeOfInitializedData | 0x70e00 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0 |
BaseOfCode | 0x1000 |
BaseOfData | 0x108000 |
ImageBase | 0x6a200000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 10.0 |
ImageVersion | 10.0 |
SubsystemVersion | 10.0 |
Reserved1 | 0 |
SizeOfImage | 0x17b000 |
SizeOfHeaders | 0x400 |
CheckSum | 0x17e199 |
Subsystem | 3 |
DllCharacteristics | 0x4140 |
SizeOfStackReserve | 0x40000 |
SizeOfStackCommit | 0x1000 |
SizeOfHeapReserve | 0x100000 |
SizeOfHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 0x10 |
Sections
Data Directory
StringTable 040904B0
CompanyName | Microsoft Corporation |
FileDescription | NT Layer DLL |
FileVersion | 10.0.10586.0 (th2_release.151029-1700) |
InternalName | ntdll.dll |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | ntdll.dll |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.10586.0 |
VS_FIXEDFILEINFO
FileVersion | 10.0.10586.0 |
ProductVersion | 10.0.10586.0 |
StrucVersion | 0x10000 |
FileFlagsMask | 0x3f |
FileFlags | 0 |
FileOS | 0x40004 |
FileType | 2 |
FileSubtype | 0 |
Signers (1)
issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows Production PCA 2011
serial: 33000000BCE120FDD27CC8EE930000000000BC
Certificates (2)
Certificate: Data: Version: 3 (0x2) Serial Number: 33:00:00:00:bc:e1:20:fd:d2:7c:c8:ee:93:00:00:00:00:00:bc Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 Validity Not Before: Aug 18 17:15:28 2015 GMT Not After : Nov 18 17:15:28 2016 GMT Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:9a:90:1e:3e:f7:5f:68:c0:7e:45:c7:88:5c:08: fb:5c:41:e0:83:bc:40:ae:f9:c5:bd:f0:79:42:d1: 4f:6d:f1:06:11:c3:f6:81:0d:b7:c1:7f:24:37:82: 03:e0:5f:da:cc:16:d8:36:c5:e7:0c:7b:d6:ca:46: 46:16:fa:f1:aa:bb:ab:6e:12:cd:f9:0e:e8:7d:24: b2:b3:57:44:92:b3:3d:4f:1d:63:6c:47:7f:a8:51: 30:7b:6e:cc:a1:74:ac:2b:ed:31:82:12:de:98:42: 22:19:84:cd:76:da:05:39:ee:7b:34:d0:2e:85:5a: a8:59:d5:d4:2c:d1:08:aa:c2:93:95:6d:51:6b:54: 53:21:a3:16:d6:1f:c2:05:fd:41:af:53:31:9e:a9: 69:31:84:29:a1:0a:99:cf:d4:39:85:14:77:7c:43: 14:d2:ad:45:af:b4:c2:8b:da:e5:65:09:e3:77:e6: c5:d5:49:ce:05:d5:c7:ba:e6:51:cf:04:51:39:07: 67:28:0c:aa:24:0a:54:ac:cf:a9:8f:4b:ac:d9:74: 2a:a8:e0:d4:08:7c:b5:e1:65:f5:71:e2:0e:58:37: 16:15:57:0f:0f:6e:eb:dc:e0:ed:af:32:39:08:38: 61:3f:37:d1:b2:d0:47:87:56:8b:77:80:49:fb:85: 91:e3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Extended Key Usage: Code Signing, 1.3.6.1.4.1.311.10.3.6 X509v3 Subject Key Identifier: B3:49:0E:7F:0D:44:50:2F:D8:6F:E7:4D:94:81:FE:54:14:06:D9:1B X509v3 Subject Alternative Name: DirName:/OU=MOPR/serialNumber=31612\+85cef474-af76-4076-90ff-a35e1e23d7de X509v3 Authority Key Identifier: A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53 X509v3 CRL Distribution Points: Full Name: URI:http://www.microsoft.com/pkiops/crl/MicWinProPCA2011_2011-10-19.crl Authority Information Access: CA Issuers - URI:http://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt X509v3 Basic Constraints: critical CA:FALSE Signature Algorithm: sha256WithRSAEncryption Signature Value: 60:74:3a:2c:8b:9d:1d:20:75:9f:d3:27:47:2b:3f:b9:c4:34: cf:9d:f5:a4:50:11:99:ca:fd:1d:0f:68:06:65:9b:e7:8f:53: 46:fc:de:de:ad:6c:26:15:21:4f:65:3b:03:06:30:25:08:cc: 80:e3:86:fb:54:dc:8d:0b:8c:63:13:1e:54:f2:59:c4:f8:79: 23:35:18:7e:2d:4f:64:9a:82:49:08:07:f1:29:59:0c:1a:5c: 76:d8:c5:6a:12:e5:1f:4c:9b:b2:0f:35:bb:27:b3:dd:c0:df: bd:84:9e:50:6e:d3:90:be:f2:7d:16:0c:5f:a3:32:91:23:1b: 73:cf:fd:df:7b:cc:42:94:8b:50:9b:88:24:2d:40:1a:b8:8f: 42:83:99:7b:b6:70:7c:2f:d2:fa:cf:67:e2:63:9b:5b:02:da: 89:75:56:8d:e5:6d:c9:6e:ee:80:61:c6:9b:c5:52:d6:1a:0f: a4:9e:a5:27:56:36:81:fb:35:f6:8d:de:6e:ee:37:2b:99:f6: 97:61:de:0e:ac:9b:72:b1:51:0f:80:e6:6f:65:60:bf:1d:06: 69:dc:bd:d9:15:ff:e1:34:54:50:28:33:fe:26:93:2c:01:8a: d8:39:9a:d2:84:0a:93:b0:c2:22:b7:90:01:51:dc:9d:db:44: 75:e1:d7:b7
Certificate: Data: Version: 3 (0x2) Serial Number: 61:07:76:56:00:00:00:00:00:08 Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 Validity Not Before: Oct 19 18:41:42 2011 GMT Not After : Oct 19 18:51:42 2026 GMT Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:dd:0c:bb:a2:e4:2e:09:e3:e7:c5:f7:96:69:bc: 00:21:bd:69:33:33:ef:ad:04:cb:54:80:ee:06:83: bb:c5:20:84:d9:f7:d2:8b:f3:38:b0:ab:a4:ad:2d: 7c:62:79:05:ff:e3:4a:3f:04:35:20:70:e3:c4:e7: 6b:e0:9c:c0:36:75:e9:8a:31:dd:8d:70:e5:dc:37: b5:74:46:96:28:5b:87:60:23:2c:bf:dc:47:a5:67: f7:51:27:9e:72:eb:07:a6:c9:b9:1e:3b:53:35:7c: e5:d3:ec:27:b9:87:1c:fe:b9:c9:23:09:6f:a8:46: 91:c1:6e:96:3c:41:d3:cb:a3:3f:5d:02:6a:4d:ec: 69:1f:25:28:5c:36:ff:fd:43:15:0a:94:e0:19:b4: cf:df:c2:12:e2:c2:5b:27:ee:27:78:30:8b:5b:2a: 09:6b:22:89:53:60:16:2c:c0:68:1d:53:ba:ec:49: f3:9d:61:8c:85:68:09:73:44:5d:7d:a2:54:2b:dd: 79:f7:15:cf:35:5d:6c:1c:2b:5c:ce:bc:9c:23:8b: 6f:6e:b5:26:d9:36:13:c3:4f:d6:27:ae:b9:32:3b: 41:92:2c:e1:c7:cd:77:e8:aa:54:4e:f7:5c:0b:04: 87:65:b4:43:18:a8:b2:e0:6d:19:77:ec:5a:24:fa: 48:03 Exponent: 65537 (0x10001) X509v3 extensions: 1.3.6.1.4.1.311.21.1: ... X509v3 Subject Key Identifier: A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53 1.3.6.1.4.1.311.20.2: . .S.u.b.C.A X509v3 Key Usage: Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Authority Key Identifier: D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4 X509v3 CRL Distribution Points: Full Name: URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl Authority Information Access: CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt Signature Algorithm: sha256WithRSAEncryption Signature Value: 14:fc:7c:71:51:a5:79:c2:6e:b2:ef:39:3e:bc:3c:52:0f:6e: 2b:3f:10:13:73:fe:a8:68:d0:48:a6:34:4d:8a:96:05:26:ee: 31:46:90:61:79:d6:ff:38:2e:45:6b:f4:c0:e5:28:b8:da:1d: 8f:8a:db:09:d7:1a:c7:4c:0a:36:66:6a:8c:ec:1b:d7:04:90: a8:18:17:a4:9b:b9:e2:40:32:36:76:c4:c1:5a:c6:bf:e4:04: c0:ea:16:d3:ac:c3:68:ef:62:ac:dd:54:6c:50:30:58:a6:eb: 7c:fe:94:a7:4e:8e:f4:ec:7c:86:73:57:c2:52:21:73:34:5a: f3:a3:8a:56:c8:04:da:07:09:ed:f8:8b:e3:ce:f4:7e:8e:ae: f0:f6:0b:8a:08:fb:3f:c9:1d:72:7f:53:b8:eb:be:63:e0:e3: 3d:31:65:b0:81:e5:f2:ac:cd:16:a4:9f:3d:a8:b1:9b:c2:42: d0:90:84:5f:54:1d:ff:89:ea:ba:1d:47:90:6f:b0:73:4e:41: 9f:40:9f:5f:e5:a1:2a:b2:11:91:73:8a:21:28:f0:ce:de:73: 39:5f:3e:ab:5c:60:ec:df:03:10:a8:d3:09:e9:f4:f6:96:85: b6:7f:51:88:66:47:19:8d:a2:b0:12:3d:81:2a:68:05:77:bb: 91:4c:62:7b:b6:c1:07:c7:ba:7a:87:34:03:0e:4b:62:7a:99: e9:ca:fc:ce:4a:37:c9:2d:a4:57:7c:1c:fe:3d:dc:b8:0f:5a: fa:d6:c4:b3:02:85:02:3a:ea:b3:d9:6e:e4:69:21:37:de:81: d1:f6:75:19:05:67:d3:93:57:5e:29:1b:39:c8:ee:2d:e1:cd: e4:45:73:5b:d0:d2:ce:7a:ab:16:19:82:46:58:d0:5e:9d:81: b3:67:af:6c:35:f2:bc:e5:3f:24:e2:35:a2:0a:75:06:f6:18: 56:99:d4:78:2c:d1:05:1b:eb:d0:88:01:9d:aa:10:f1:05:df: ba:7e:2c:63:b7:06:9b:23:21:c4:f9:78:6c:e2:58:17:06:36: 2b:91:12:03:cc:a4:d9:f2:2d:ba:f9:94:9d:40:ed:18:45:f1: ce:8a:5c:6b:3e:ab:03:d3:70:18:2a:0a:6a:e0:5f:47:d1:d5: 63:0a:32:f2:af:d7:36:1f:2a:70:5a:e5:42:59:08:71:4b:57: ba:7e:83:81:f0:21:3c:f4:1c:c1:c5:b9:90:93:0e:88:45:93: 86:e9:b1:20:99:be:98:cb:c5:95:a4:5d:62:d6:a0:63:08:20: bd:75:10:77:7d:3d:f3:45:b9:9f:97:9f:cb:57:80:6f:33:a9: 04:cf:77:a4:62:1c:59:7e
undefined method `first' for #
offset | size | type | comment | |
---|---|---|---|---|
0 | 1518592 | DLL | 10/30/2015 02:08:58 | # |
15c1 | 15 | HTM | # | |
172c00 | 22176 | PKCS7 | Authenticode Signature | # |
Please donate some bucks to keep this site up and running: | |
Ko-fi | |
---|---|
Yandex.Money | |
Thank you! |
everything is OK