0f182787c6f384915c24411a2fb2f1651b80b9276f1037d6ddc6912057db47c9

Sharing

Copy URL Twitter E-mail

General

Target

0f182787c6f384915c24411a2fb2f1651b80b9276f1037d6ddc6912057db47c9
Size

481KB
MD5

e940b2c0d78899fcb79466f8cf990670
SHA1

d3bf66ce34138c4d8c2394440558f4cc3fcb2cbc
SHA256

0f182787c6f384915c24411a2fb2f1651b80b9276f1037d6ddc6912057db47c9
SHA512

3e8de21679b0d9bbbfed2de8d2dd35690d07a7ce64e083ac9bbbe87a7b20c111bdaf4fcf5b3967b63fbd802951701579fa7f69ebcd6b9de909989822c4dd783b
SSDEEP

12288:EoC9oDEXYRQLTgB8y7oo/tTjeiuZJAfYgUZqY5+k:EoC95XYRQLUBoo/8/GYgMqDk

Score

N/A

Malware Config

Signatures

Files

0f182787c6f384915c24411a2fb2f1651b80b9276f1037d6ddc6912057db47c9
.rar
NcaApi.dll
.dll windows x64

2e4b626bfcc4585f71fa8c79a540843b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
malloc
free
_amsg_exit
_XcptFilter
__C_specific_handler
memset

ntdll

EtwTraceMessage
EtwGetTraceLoggerHandle
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel

rpcrt4

RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
Ndr64AsyncClientCall
RpcAsyncCompleteCall
RpcBindingSetOption
RpcBindingFree
RpcStringFreeW
RpcAsyncInitializeHandle
NdrClientCall3

kernel32

UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
QueryPerformanceCounter
SetThreadpoolWait
CloseHandle
HeapFree
GetProcessHeap
HeapAlloc
SetLastError
CreateThreadpoolWait
CreateEventW
CloseThreadpoolWait
GetLastError
DisableThreadLibraryCalls
TerminateProcess

api-ms-win-security-base-l1-1-0

CreateWellKnownSid

api-ms-win-security-lsalookup-l1-1-0

LookupAccountSidLocalW

Exports

Exports

DllMain
NcaEngineClose
NcaEngineOpen
NcaExecuteAndCaptureLogs
NcaGetConfig
NcaGetEvidenceCollectorResult
NcaNetworkClose
NcaNetworkOpen
NcaStatusEventSubscribe
NcaStatusEventUnsubscribe
NcaToggleNamePreferenceState

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
microsoft-windows-hal-events.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
microsoft-windows-kernel-pnp-events.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
microsoft-windows-kernel-power-events.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
microsoft-windows-kernel-processor-power-events.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
microsoft-windows-pdc.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
microsoft-windows-sleepstudy-events.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
microsoft-windows-storage-tiering-events.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nbtstat.exe
.exe windows x64

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

Sleep
HeapSetInformation
LocalFree
GetFileType
WideCharToMultiByte
GetLastError
FormatMessageW
SetThreadUILanguage
GetEnvironmentVariableW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
GetConsoleMode

msvcrt

_fileno
_write
_setmode
vswprintf_s
_wcsicmp
memset
_get_osfhandle
__iob_func
fgetpos
wcschr
fwprintf
fflush
memmove
?terminate@@YAXXZ
_commode
_fmode
__C_specific_handler
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
_XcptFilter
iswprint
_wtoi
_vsnwprintf
exit
_vscwprintf

ntdll

RtlVirtualUnwind
RtlCaptureContext
NtWaitForSingleObject
NtCreateFile
RtlUpcaseUnicodeStringToOemString
RtlIpv4StringToAddressW
RtlLookupFunctionEntry
NtDeviceIoControlFile
RtlInitUnicodeString
RtlIpv4AddressToStringW
RtlGUIDFromString
NtClose

ws2_32

ntohl

user32

OemToCharBuffW

mswsock

GetSocketErrorMessageW

iphlpapi

NhGetInterfaceNameFromDeviceGuid

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nci.dll
.dll windows x64

4beed05e079c84d46b28566540961c64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

??1exception@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
__C_specific_handler
_initterm
free
??0exception@@QEAA@XZ
??1type_info@@UEAA@XZ
__CxxFrameHandler3
_XcptFilter
_vsnprintf_s
memmove
memcpy
_CxxThrowException
?what@exception@@UEBAPEBDXZ
_purecall
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBD@Z
_callnewh
_amsg_exit
??3@YAXPEAX@Z
memcpy_s
_vsnwprintf
malloc
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
DisableThreadLibraryCalls
GetProcAddress

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
CreateMutexExW
OpenSemaphoreW
CreateSemaphoreExW
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

NciGetConnectionName
NciSetConnectionName

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ncobjapi.dll
.dll windows x64

fb847bb14f274c20c6167ff970399280

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memset
memmove_s
memcpy_s
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBV0@@Z
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
_wcsicmp
_CxxThrowException
wcschr
wcstok
wcsstr
_wcsdup
free
_purecall
memmove
memcpy
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
_wcsupr
__CxxFrameHandler3
_vsnwprintf
realloc
wcscmp

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-synch-l1-1-0

WaitForMultipleObjectsEx
SetEvent
WaitForSingleObject
OpenEventW
ResetEvent
CreateEventA
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateEventW

api-ms-win-core-localization-l1-2-0

LCMapStringW

api-ms-win-core-string-l1-1-0

GetStringTypeExW

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-file-l1-1-0

ReadFile
ReadFileEx
CreateFileW
WriteFile

api-ms-win-core-namedpipe-l1-1-0

SetNamedPipeHandleState

api-ms-win-core-io-l1-1-0

GetOverlappedResult

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

ntdll

EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

WmiAddObjectProp
WmiCommitObject
WmiCreateObject
WmiCreateObjectWithFormat
WmiCreateObjectWithProps
WmiDestroyObject
WmiEventSourceConnect
WmiEventSourceDisconnect
WmiIsObjectActive
WmiSetAndCommitObject

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ncpa.cpl
.dll windows x64

a990ca9dfefc11965fadd555d3c4f596

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
malloc
memset

kernel32

GetTickCount
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter

ole32

CoCreateInstance

shell32

ShellExecuteW

user32

LoadCursorW
SetCursor

Exports

Exports

CPlApplet
DllMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ncrypt.dll
.dll windows x64

4458cb6de6246c2447ee885de013644d

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:be:e9:be:5a:25:52:8e:ce:82:20:bc:1e:e4:de:cb:23:6c:40:06:73:7b:2b:bc:dc:e2:a1:79:97:57:83:1c
Signer

Actual PE Digest

72:be:e9:be:5a:25:52:8e:ce:82:20:bc:1e:e4:de:cb:23:6c:40:06:73:7b:2b:bc:dc:e2:a1:79:97:57:83:1c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLeaveCriticalSection
_vsnwprintf
RtlInitUnicodeString
__C_specific_handler
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlCompareUnicodeString
_wcsicmp
RtlImageNtHeader
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlFreeHeap
RtlAllocateHeap
EtwGetTraceEnableFlags
LdrDisableThreadCalloutsForDll
EtwTraceMessage
EtwUnregisterTraceGuids
EtwEventUnregister
EtwEventRegister
NtTerminateProcess
RtlCaptureContext
EtwEventWriteTransfer
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlInitializeCriticalSection
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsA
strcmp
EtwGetTraceEnableLevel
RtlLookupFunctionEntry
__chkstk
memcmp
memcpy
memmove
memset
wcscmp

bcrypt

BCryptGetProperty
BCryptDecrypt
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptResolveProviders
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptExportKey
BCryptImportKey
BCryptDestroyKey
BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptGenRandom
BCryptFreeBuffer

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
FreeLibrary
LoadLibraryExW
GetModuleFileNameW

api-ms-win-security-base-l1-1-0

IsValidSecurityDescriptor
GetSecurityDescriptorLength
PrivilegeCheck
MakeSelfRelativeSD
GetSecurityDescriptorControl

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW

api-ms-win-core-errorhandling-l1-1-0

GetLastError

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
GetCurrentProcess
OpenProcessToken

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemDirectoryW

ntasn1

ord3
ord5
ord4
ord2
ord6
ord37

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualProtect
VirtualQuery

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

Exports

Exports

BCryptAddContextFunction
BCryptAddContextFunctionProvider
BCryptCloseAlgorithmProvider
BCryptConfigureContext
BCryptConfigureContextFunction
BCryptCreateContext
BCryptCreateHash
BCryptDecrypt
BCryptDeleteContext
BCryptDeriveKey
BCryptDeriveKeyCapi
BCryptDeriveKeyPBKDF2
BCryptDestroyHash
BCryptDestroyKey
BCryptDestroySecret
BCryptDuplicateHash
BCryptDuplicateKey
BCryptEncrypt
BCryptEnumAlgorithms
BCryptEnumContextFunctionProviders
BCryptEnumContextFunctions
BCryptEnumContexts
BCryptEnumProviders
BCryptEnumRegisteredProviders
BCryptExportKey
BCryptFinalizeKeyPair
BCryptFinishHash
BCryptFreeBuffer
BCryptGenRandom
BCryptGenerateKeyPair
BCryptGenerateSymmetricKey
BCryptGetFipsAlgorithmMode
BCryptGetProperty
BCryptHash
BCryptHashData
BCryptImportKey
BCryptImportKeyPair
BCryptKeyDerivation
BCryptOpenAlgorithmProvider
BCryptQueryContextConfiguration
BCryptQueryContextFunctionConfiguration
BCryptQueryContextFunctionProperty
BCryptQueryProviderRegistration
BCryptRegisterConfigChangeNotify
BCryptRegisterProvider
BCryptRemoveContextFunction
BCryptRemoveContextFunctionProvider
BCryptResolveProviders
BCryptSecretAgreement
BCryptSetAuditingInterface
BCryptSetContextFunctionProperty
BCryptSetProperty
BCryptSignHash
BCryptUnregisterConfigChangeNotify
BCryptUnregisterProvider
BCryptVerifySignature
GetIsolationServerInterface
GetKeyStorageInterface
GetSChannelInterface
NCryptCloseKeyProtector
NCryptCloseProtectionDescriptor
NCryptCreateClaim
NCryptCreatePersistedKey
NCryptCreateProtectionDescriptor
NCryptDecrypt
NCryptDeleteKey
NCryptDeriveKey
NCryptDuplicateKeyProtectorHandle
NCryptEncrypt
NCryptEnumAlgorithms
NCryptEnumKeys
NCryptEnumStorageProviders
NCryptExportKey
NCryptFinalizeKey
NCryptFreeBuffer
NCryptFreeObject
NCryptGetProperty
NCryptGetProtectionDescriptorInfo
NCryptImportKey
NCryptIsAlgSupported
NCryptIsKeyHandle
NCryptKeyDerivation
NCryptNotifyChangeKey
NCryptOpenKey
NCryptOpenKeyProtector
NCryptOpenStorageProvider
NCryptProtectKey
NCryptProtectSecret
NCryptQueryProtectionDescriptorName
NCryptRegisterProtectionDescriptorName
NCryptSecretAgreement
NCryptSetAuditingInterface
NCryptSetProperty
NCryptSignHash
NCryptStreamClose
NCryptStreamOpenToProtect
NCryptStreamOpenToUnprotect
NCryptStreamOpenToUnprotectEx
NCryptStreamUpdate
NCryptTranslateHandle
NCryptUnprotectKey
NCryptUnprotectSecret
NCryptVerifyClaim
NCryptVerifySignature
SslChangeNotify
SslComputeClientAuthHash
SslComputeEapKeyBlock
SslComputeFinishedHash
SslComputeSessionHash
SslCreateClientAuthHash
SslCreateEphemeralKey
SslCreateHandshakeHash
SslDecrementProviderReferenceCount
SslDecryptPacket
SslEncryptPacket
SslEnumCipherSuites
SslEnumCipherSuitesEx
SslEnumEccCurves
SslEnumProtocolProviders
SslExpandExporterMasterKey
SslExpandTrafficKeys
SslExpandWriteKey
SslExportKey
SslExportKeyingMaterial
SslExtractEarlyKey
SslExtractHandshakeKey
SslExtractMasterKey
SslFreeBuffer
SslFreeObject
SslGenerateMasterKey
SslGeneratePreMasterKey
SslGenerateSessionKeys
SslGetCipherSuitePRFHashAlgorithm
SslGetKeyProperty
SslGetProviderProperty
SslHashHandshake
SslImportKey
SslImportMasterKey
SslIncrementProviderReferenceCount
SslLookupCipherLengths
SslLookupCipherSuiteInfo
SslOpenPrivateKey
SslOpenProvider
SslSignHash
SslVerifySignature

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ncryptprov.dll
.dll windows x64

c2779d8f8830fc426c5c0cbf2b5cd4f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlCompareMemory
EtwGetTraceLoggerHandle
EtwTraceMessage
EtwGetTraceEnableLevel
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
WinSqmIncrementDWORD
WinSqmSetString
RtlInitAnsiString
RtlAllocateHeap
RtlImageNtHeader
NtOpenKey
NtQuerySystemInformationEx
NtQueryValueKey
RtlAppendUnicodeToString
RtlCheckTokenCapability
RtlSidDominates
RtlFreeSid
NtQueryInformationToken
RtlAllocateAndInitializeSid
NtSetInformationThread
NtSetInformationToken
NtDuplicateToken
NtCreateFile
RtlNtStatusToDosError
RtlFreeHeap
RtlAbsoluteToSelfRelativeSD
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U
RtlGetControlSecurityDescriptor
RtlAcquireResourceExclusive
RtlInitializeResource
NtClose
RtlReleaseResource
RtlAcquireResourceShared
RtlDeleteResource
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlInitializeSRWLock
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlDeleteCriticalSection
RtlUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtTerminateProcess
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
LdrDisableThreadCalloutsForDll
EtwRegisterTraceGuidsW

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
LoadLibraryExW
LoadStringW
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptGenerateSymmetricKey
BCryptSecretAgreement
BCryptSetProperty
BCryptFinishHash
BCryptDestroyKey
BCryptKeyDerivation
BCryptSignHash
BCryptVerifySignature
BCryptImportKeyPair
BCryptDuplicateKey
BCryptHash
BCryptFinalizeKeyPair
BCryptGenerateKeyPair
BCryptCloseAlgorithmProvider
BCryptDestroySecret
BCryptCreateHash
BCryptDeriveKey
BCryptExportKey
BCryptEncrypt
BCryptImportKey
BCryptDecrypt

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegCreateKeyExW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
SetThreadStackGuarantee
OpenProcessToken
SetThreadToken
GetCurrentProcess
OpenThreadToken

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
GetTokenInformation
RevertToSelf
CopySid
GetSidSubAuthority
IsValidSid
PrivilegeCheck
EqualSid
GetLengthSid
GetSidIdentifierAuthority
GetAce
GetSecurityDescriptorLength
GetSecurityDescriptorDacl
IsValidSecurityDescriptor
SetFileSecurityW
GetAclInformation
GetSecurityDescriptorControl
GetFileSecurityW

api-ms-win-core-synch-l1-1-0

CreateEventW
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
SetEvent

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

WriteFile
ReadFile
FindClose
CreateFileW
DeleteFileW
GetFileSize
FindFirstFileExW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextFileW
FindNextChangeNotification
GetTempFileNameW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

ncrypt

NCryptProtectSecret
NCryptCreateProtectionDescriptor
NCryptCloseProtectionDescriptor
NCryptUnprotectSecret

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoTaskMemAlloc

profapi

ord104

msvcrt

_strlwr
_wcslwr
_vsnwprintf
_wcsicmp
wcsncmp
wcscat_s
__C_specific_handler
memcmp
memcpy
memset
wcscmp
strcmp

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualAlloc
VirtualQuery

api-ms-win-core-xstate-l2-1-0

GetEnabledXStateFeatures

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback
CallbackMayRunLong

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

GetKeyStorageInterface
SKCacheFlush
SetAuditingInterface

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ncryptsslp.dll
.dll windows x64

afa0db2e14a797ea10d25c2c2edc4ab9

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

16:a4:75:e2:ad:75:b6:f6:62:89:6e:39:0c:6d:bc:7b:f8:4f:84:e5:24:f9:95:f2:d6:4a:8b:53:28:06:ec:50
Signer

Actual PE Digest

16:a4:75:e2:ad:75:b6:f6:62:89:6e:39:0c:6d:bc:7b:f8:4f:84:e5:24:f9:95:f2:d6:4a:8b:53:28:06:ec:50

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09/09/2022, 12:35
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
memset
RtlVirtualUnwind
RtlUnhandledExceptionFilter
RtlCaptureContext
NtTerminateProcess
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
LdrDisableThreadCalloutsForDll
EtwGetTraceLoggerHandle
NtEnumerateKey
RtlFreeHeap
RtlDeleteCriticalSection
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
_wcsnicmp
__C_specific_handler
RtlAppendUnicodeToString
NtOpenKey
RtlInitUnicodeString
NtClose
NtQueryValueKey
_wcsicmp
RtlImageNtHeader
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
EtwTraceMessage
strnlen
NtQueryInformationToken
RtlAcquireResourceExclusive
RtlInitializeResource
RtlReleaseResource
RtlAcquireResourceShared
RtlDeleteResource
wcscpy_s
RtlAllocateHeap
__chkstk
memcmp
memcpy
memmove
wcscmp

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExW
RegQueryValueExW

bcrypt

BCryptExportKey
BCryptDestroyKey
BCryptFinishHash
BCryptGetProperty
BCryptImportKey
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptGenerateSymmetricKey
BCryptDecrypt
BCryptDuplicateHash
BCryptHashData
BCryptSetProperty
BCryptKeyDerivation
BCryptCreateHash
BCryptEncrypt
BCryptGenRandom

ncrypt

NCryptDeriveKey
NCryptFreeObject
NCryptSecretAgreement
NCryptEncrypt
NCryptDecrypt
NCryptCreatePersistedKey
NCryptSetProperty
NCryptVerifySignature
NCryptOpenKey
NCryptOpenStorageProvider
NCryptSignHash
NCryptImportKey
NCryptExportKey
NCryptFinalizeKey
NCryptGetProperty

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW

api-ms-win-core-processthreads-l1-1-0

SetThreadStackGuarantee
GetCurrentProcess
OpenThreadToken
OpenProcessToken
GetCurrentThread

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GetSChannelInterface

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e4b626bfcc4585f71fa8c79a540843b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

rpcrt4

kernel32

api-ms-win-security-base-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 612B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 172B

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 5KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 41KB - Virtual size: 40KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 263KB - Virtual size: 262KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 122KB - Virtual size: 122KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 69KB - Virtual size: 69KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 5KB - Virtual size: 5KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 5KB - Virtual size: 4KB

207f3d1f113deb58d9e4c6aca8e0fa3f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ws2_32

user32

mswsock

iphlpapi

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 172B

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 41KB - Virtual size: 40KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 263KB - Virtual size: 262KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 122KB - Virtual size: 122KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 69KB - Virtual size: 69KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 5KB - Virtual size: 4KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 86KB

.pdata
Size: 512B - Virtual size: 492B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 32B

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 468B