| filename | ntdll.dll | |
|---|---|---|
| size | 1772312 (0x1b0b18) | |
| md5 | 9da87b98d5bd763672604a857fd28c6b | |
| type | PE32+ executable (DLL) (console) x86-64, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | OK | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xd8 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 238 | 30102 | 1 |
| 241 | 30102 | 32 |
| 242 | 30102 | 125 |
| 252 | 30102 | 265 |
| 243 | 30102 | 27 |
| 237 | 30102 | 1 |
| 240 | 30102 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
| Signature | PE�� |
| Machine | 0x8664 |
| NumberOfSections | 9 |
| TimeDateStamp | 0x5413c504 |
| PointerToSymbolTable | 0 |
| NumberOfSymbols | 0 |
| SizeOfOptionalHeader | 0xf0 |
| Characteristics | 0x2022 |
| Magic | 0x20b |
| LinkerVersion | 12.10 |
| SizeOfCode | 0xf6c00 |
| SizeOfInitializedData | 0xb8600 |
| SizeOfUninitializedData | 0 |
| AddressOfEntryPoint | 0 |
| BaseOfCode | 0x1000 |
| ImageBase | 0x180000000 |
| SectionAlignment | 0x1000 |
| FileAlignment | 0x200 |
| OperatingSystemVersion | 6.4 |
| ImageVersion | 6.4 |
| SubsystemVersion | 6.4 |
| Reserved1 | 0 |
| SizeOfImage | 0x1b6000 |
| SizeOfHeaders | 0x400 |
| CheckSum | 0x1b7faa |
| Subsystem | 3 |
| DllCharacteristics | 0x4160 |
| SizeOfStackReserve | 0x40000 |
| SizeOfStackCommit | 0x1000 |
| SizeOfHeapReserve | 0x100000 |
| SizeOfHeapCommit | 0x1000 |
| LoaderFlags | 0 |
| NumberOfRvaAndSizes | 0x10 |
Sections
Data Directory
StringTable 040904B0
| CompanyName | Microsoft Corporation |
| FileDescription | NT Layer DLL |
| FileVersion | 6.4.9841.0 (fbl_release.140912-1613) |
| InternalName | ntdll.dll |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | ntdll.dll |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 6.4.9841.0 |
VS_FIXEDFILEINFO
| FileVersion | 6.4.9841.0 |
| ProductVersion | 6.4.9841.0 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 2 |
| FileSubtype | 0 |
Signers (1)
issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows PCA 2010
serial: 33000001364C4ED9674670DA3B000000000136
Certificates (2)
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:00:00:01:36:4c:4e:d9:67:46:70:da:3b:00:00:00:00:01:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows PCA 2010
Validity
Not Before: Aug 4 20:33:34 2014 GMT
Not After : Apr 30 20:33:34 2015 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a7:65:79:c1:03:ea:ea:eb:a2:0b:7d:18:99:a7:
74:49:b8:49:81:e6:f0:fe:2d:10:64:93:b7:ee:fc:
87:24:75:f8:c7:53:49:90:22:30:c6:e7:15:df:a3:
15:6f:69:ad:73:23:ad:54:5c:6b:c6:34:57:64:11:
d8:db:9b:d9:5c:f1:21:44:af:da:fa:4b:eb:90:31:
96:8e:98:98:6f:37:87:06:19:67:e4:e9:87:8c:83:
e9:18:7e:48:51:aa:a2:07:d3:99:5d:76:d7:d0:c6:
c8:60:da:5e:c5:c6:a9:ff:f8:b6:ac:00:e8:dc:b4:
20:f8:1a:c1:2d:27:c9:a6:04:7d:91:b7:69:f2:3a:
0e:93:f3:60:ab:e2:98:7f:7f:a0:b0:b6:57:0b:a3:
93:6d:21:19:9a:03:22:4a:df:c2:e5:78:b5:c1:7d:
d2:da:3b:a4:f3:74:46:cd:ac:d1:26:48:ef:b0:6e:
00:c1:7a:b0:ef:eb:a2:12:cf:3d:62:40:96:5a:04:
2d:32:89:dc:e5:87:76:ae:a5:87:1d:9c:df:d7:de:
62:1d:ac:f3:12:b3:b8:d9:0d:98:89:8c:7f:66:27:
c2:af:b2:2d:22:ea:0b:a8:b4:32:af:9d:ea:86:4e:
45:8d:3e:99:9f:ef:2d:41:ff:40:1c:4f:a1:c1:e2:
82:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
Code Signing, 1.3.6.1.4.1.311.10.3.6, 1.3.6.1.4.1.311.10.3.13, 1.3.6.1.4.1.311.10.3.27
X509v3 Subject Key Identifier:
2F:A9:7B:9E:D9:2F:69:52:15:E8:DE:AE:EA:3F:80:98:0F:02:B6:80
X509v3 Subject Alternative Name:
DirName:/OU=MOPR/serialNumber=49896\+7ab2b363-87f4-4c20-898b-77b4432dbebb
X509v3 Authority Key Identifier:
D1:4F:A9:8A:07:08:CE:F4:24:18:98:E5:00:FF:F3:D6:79:1D:37:BC
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.microsoft.com/pki/crl/products/MicWinPCA_2010-07-06.crl
Authority Information Access:
CA Issuers - URI:http://www.microsoft.com/pki/certs/MicWinPCA_2010-07-06.crt
X509v3 Basic Constraints: critical
CA:FALSE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
07:31:ab:f5:ce:95:9f:b1:68:45:88:a7:17:41:97:51:e0:ee:
d0:7e:e6:62:24:db:c3:48:49:a8:ae:68:45:9e:91:63:9f:f1:
82:d2:89:ea:2c:6b:31:f4:36:52:f5:fd:b6:7a:e0:ac:62:fd:
5c:67:c1:83:21:04:40:55:7d:48:8c:51:95:f3:9e:cc:da:89:
11:e8:de:1e:3e:01:84:4c:00:28:3f:c5:21:47:ad:d0:d9:51:
03:11:f4:17:3a:04:89:8d:f7:dd:6e:5e:2a:fc:6e:90:3b:40:
1a:66:cc:69:1c:2d:9e:2a:58:85:96:a1:0e:69:35:1a:4f:c3:
9c:cf:6f:ee:fe:4e:b0:07:3e:69:ce:48:5a:f2:21:bb:01:44:
ad:c2:3d:01:24:8a:39:5d:f5:76:ee:e1:44:09:13:02:c5:49:
bd:ec:18:4d:6a:88:14:d6:a6:0d:23:1b:f3:7a:e6:f0:57:9e:
e9:dd:b7:3d:97:58:64:8f:22:4f:58:70:6c:9b:7c:da:89:d7:
ce:af:fb:1a:f4:ed:45:01:ef:74:c4:8a:91:f3:52:60:0b:e8:
10:09:63:77:f7:26:f1:53:02:68:94:a3:83:6b:71:28:db:05:
90:e4:1f:05:35:b9:88:e0:ec:17:ff:6e:0e:40:9a:94:ce:03:
14:91:0d:de
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:0c:6a:19:00:00:00:00:00:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
Validity
Not Before: Jul 6 20:40:23 2010 GMT
Not After : Jul 6 20:50:23 2025 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows PCA 2010
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c0:79:bb:3a:b1:f0:0f:84:b8:ad:64:2a:75:16:
73:d0:bb:07:f6:3e:0d:9d:14:e4:b1:9f:c1:c8:94:
b0:38:7c:1f:d0:33:55:f5:ba:23:66:f5:2e:28:48:
53:c7:16:83:ba:f5:51:ac:7e:ac:e0:26:7f:0f:74:
fc:59:95:dc:c9:c6:a2:f7:52:70:5a:2c:1d:94:ab:
19:bf:af:95:7d:af:66:a1:6f:9b:62:6e:6d:4b:bc:
2f:35:6c:de:a4:6a:63:5a:5f:fb:f3:0d:4d:61:cc:
0a:7e:31:eb:6c:0a:d0:4d:97:0f:fd:7f:38:46:e6:
8a:c7:73:69:76:55:69:96:4c:e4:d8:f0:34:eb:ba:
b1:1f:ce:29:7e:c4:4f:9d:13:15:ab:13:1b:72:58:
62:56:6c:8a:81:a3:64:77:98:46:65:29:9d:83:14:
a5:4c:08:a0:83:d7:23:1f:f3:5f:df:6f:2c:cf:da:
16:d8:0e:72:04:28:d8:6b:3e:f8:13:b1:7c:a2:17:
79:4f:7e:dc:3a:e4:9d:70:27:6b:bf:db:fc:1e:c7:
07:d8:c0:be:0b:93:1e:28:e0:73:6d:d2:54:e9:28:
4c:bf:6b:5d:9f:ff:5d:33:12:37:95:25:61:34:6a:
42:cb:7c:9d:3a:bb:88:59:e1:a3:42:6d:3a:50:5b:
48:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
1.3.6.1.4.1.311.21.1:
...
X509v3 Subject Key Identifier:
D1:4F:A9:8A:07:08:CE:F4:24:18:98:E5:00:FF:F3:D6:79:1D:37:BC
1.3.6.1.4.1.311.20.2:
.
.S.u.b.C.A
X509v3 Key Usage:
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Authority Key Identifier:
D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
Authority Information Access:
CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.311.46.3
CPS: http://www.microsoft.com/PKI/docs/CPS/default.htm
User Notice:
Explicit Text:
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2e:41:a6:86:b5:06:6f:f0:80:85:fa:3b:ca:17:e9:c9:fa:e4:
39:c2:94:70:c3:64:94:c3:d8:56:a6:90:8e:fe:e4:9a:f4:6d:
f5:6f:8e:53:8d:5a:a8:f3:ae:db:46:6c:be:7f:1d:54:56:1b:
3c:1d:71:c4:51:15:54:7e:bf:ee:a5:95:42:33:fd:0d:90:24:
24:e3:f9:dc:96:ca:fc:b8:ac:bf:f4:c2:39:56:b8:bb:ed:73:
b3:17:dd:7e:86:50:23:8b:56:24:ca:bb:a6:1d:9a:87:2f:27:
85:e7:a1:b6:0a:9c:0d:1b:8c:f3:00:62:41:ba:48:74:87:82:
fd:50:c9:f4:87:29:c3:03:aa:2b:df:1a:29:79:e8:12:24:9a:
86:ed:d0:2e:d3:40:81:f5:07:5f:33:06:54:5d:40:b5:f7:b1:
62:fd:4d:48:f7:6e:41:47:52:1c:bb:1b:c2:57:3a:a8:99:56:
93:d4:c6:de:26:a8:60:75:86:bb:ec:62:a6:f0:1d:04:45:df:
3e:a7:84:d1:5b:44:23:63:25:36:77:6f:ae:5b:dc:22:d5:14:
23:6a:41:7f:d0:42:a6:db:ef:25:7b:04:e3:d2:96:37:62:06:
af:f8:1b:0f:8e:b3:39:9a:bb:89:f5:35:06:e5:a4:5b:c3:8c:
9e:37:5f:53:d1:a3:37:fd:a4:4f:e8:1b:0e:6b:76:e4:b8:8f:
b0:c2:ea:fd:75:f7:2c:41:b7:9c:a3:e1:1e:05:fe:97:92:cb:
7f:59:03:6d:a8:4e:8d:4e:80:17:d4:d5:72:f6:56:e4:48:9f:
a3:23:ba:06:a0:c0:8e:d1:88:4f:93:20:f2:70:5f:d8:6b:72:
a3:20:49:fc:77:0c:5d:c5:c7:e1:02:0f:38:42:10:0e:db:02:
ae:9a:37:1d:50:80:29:1e:a4:a7:d9:c6:9a:25:55:fd:40:ca:
ad:64:10:e8:31:f9:12:54:79:1a:f2:0e:d8:d6:ab:1e:33:fe:
02:e7:26:6d:61:49:8f:f1:25:c2:8b:74:99:df:f9:93:1a:90:
1c:ee:dd:94:33:0e:42:50:db:7f:50:f8:9f:62:82:ec:a6:82:
16:7c:66:bc:ec:99:b0:c1:58:5d:a8:b0:9a:61:14:91:d1:99:
2f:49:e4:3e:81:99:d6:e6:ef:ca:e3:fd:3e:ee:ec:09:86:03:
07:0d:1b:0d:7c:eb:f4:5a:c9:95:cf:87:12:0a:5d:ec:c5:02:
92:cd:05:99:72:ca:7d:f1:2a:10:18:38:e4:31:a3:28:b4:e6:
4c:c5:52:a3:9c:6a:c7:7d:c0:71:09:04:0d:70:de:02:3f:87:
ee:56:a1:ec:eb:b5:4c:85
undefined method `first' for #
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
everything is OK