c93f9ad381ac6f3c1c6d705eb2854705d04778bd5f9e95306069826594e8854f

Sharing

Copy URL Twitter E-mail

General

Target

c93f9ad381ac6f3c1c6d705eb2854705d04778bd5f9e95306069826594e8854f
Size

1.3MB
MD5

3dc3a28772619c848f054291cc860b27
SHA1

38457cba0f61eb613020681258bb7033c99d25a9
SHA256

c93f9ad381ac6f3c1c6d705eb2854705d04778bd5f9e95306069826594e8854f
SHA512

915dd4616251573bde875189f8a8ce560c3b54b4214118d3c3a730912e21cb011b57317cfad95d098f939440d667f2a4fedeb835a3a59c70d12c76ea1cc79a7e
SSDEEP

24576:z/KvDo00+tf1wi0PSea5CVflqhxbkF57AoC5++dKrMjAuIp:DKbDfai0PSea5CTYxMFedKrMjAuq

Score

N/A

Malware Config

Signatures

Files

c93f9ad381ac6f3c1c6d705eb2854705d04778bd5f9e95306069826594e8854f
.rar
amd64_microsoft-windows-advpack.resources_31bf3856ad364e35_11.0.17763.1_en-us_5bdf31e2cba025e8/advpack.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-advpack_31bf3856ad364e35_11.0.17763.1_none_d082ca37b5d3d7c3/advpack.dll
.dll windows x64

f4527a6ef5afe648805e2a19f417a141

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_lock
_unlock
_setjmp
__dllonexit
_onexit
iswalpha
wcschr
wcsncmp
memmove
_initterm
malloc
free
_amsg_exit
_XcptFilter
_ultow_s
longjmp
_wtoi
memcpy_s
_wtol
_vsnwprintf
_vsnprintf
memset

user32

ExitWindowsEx
IsWindow
SendDlgItemMessageW
PeekMessageW
LoadStringW
CharNextW
SystemParametersInfoW
CharPrevW
MessageBeep
MessageBoxW
DialogBoxParamW
GetDesktopWindow
SetWindowTextW
CharNextA
DestroyWindow
UpdateWindow
SetDlgItemTextW
EndDialog
EnableWindow
GetDlgItem
GetDlgItemTextW
SendMessageW
GetWindowRect
GetDC
ReleaseDC
SetWindowPos
OemToCharA
CharUpperW
MsgWaitForMultipleObjects
DispatchMessageW
GetSystemMetrics
CreateDialogParamW
ShowWindow

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
CreateFontIndirectW

kernel32

IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
ReleaseMutex
OutputDebugStringW
MulDiv
GetDiskFreeSpaceW
EnumResourceLanguagesW
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
WaitForSingleObjectEx
OpenSemaphoreW
HeapFree
GetLastError
LocalFree
GetDriveTypeW
GetEnvironmentVariableW
GetTempPathW
GetWindowsDirectoryW
GetTempFileNameW
FindResourceW
SizeofResource
LockResource
LoadResource
WritePrivateProfileStringW
CreateFileW
WriteFile
CloseHandle
LocalAlloc
SetFilePointer
GetModuleFileNameW
DeleteFileW
EnterCriticalSection
LeaveCriticalSection
LocalReAlloc
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
GetFullPathNameW
GetFileAttributesW
CompareStringW
FormatMessageW
GetPrivateProfileIntW
GetCurrentProcess
SearchPathW
GetPrivateProfileStringW
lstrcmpW
FreeLibrary
GetVersionExW
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetShortPathNameW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetFileSize
GetVolumeInformationW
CreateDirectoryW
SetFileAttributesW
CreateProcessW
CopyFileW
GetPrivateProfileSectionW
LoadLibraryW
CreateFileMappingW
MapViewOfFileEx
SetLastError
UnmapViewOfFile
MoveFileExW
MoveFileW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetSystemInfo
GetCurrentProcessId
GetProcessHeap
GetLocalTime
HeapAlloc
lstrcmpiA
GetProfileStringW
WritePrivateProfileSectionW
GetFileTime
ReadFile
SetFileTime
Sleep
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
CreateMutexExW

advapi32

AllocateAndInitializeSid
RegUnLoadKeyW
RegLoadKeyW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegSetValueExW
OpenProcessToken
RegSaveKeyW
RegFlushKey
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueW
RegDeleteValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
GetTokenInformation
RegDeleteKeyW
EqualSid
FreeSid
RegQueryInfoKeyW

ole32

OleInitialize
OleUninitialize
CoTaskMemFree

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupInstallFromInfSectionW
SetupCloseFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindNextLine
SetupFindFirstLineW
SetupGetLineTextW
SetupSetDirectoryIdW
SetupCloseInfFile
SetupInitDefaultQueueCallbackEx

shlwapi

StrChrW
ord217
StrStrIW
PathAddBackslashW
StrRChrW
PathRemoveFileSpecW
PathFileExistsW
PathBuildRootW
PathCombineW
ord215

Exports

Exports

AddDelBackupEntry
AddDelBackupEntryA
AddDelBackupEntryW
AdvInstallFile
AdvInstallFileA
AdvInstallFileW
CloseINFEngine
DelNode
DelNodeA
DelNodeRunDLL32
DelNodeRunDLL32A
DelNodeRunDLL32W
DelNodeW
DoInfInstall
DoInfInstallA
DoInfInstallW
ExecuteCab
ExecuteCabA
ExecuteCabW
ExtractFiles
ExtractFilesA
ExtractFilesW
FileSaveMarkNotExist
FileSaveMarkNotExistA
FileSaveMarkNotExistW
FileSaveRestore
FileSaveRestoreA
FileSaveRestoreOnINF
FileSaveRestoreOnINFA
FileSaveRestoreOnINFW
FileSaveRestoreW
GetVersionFromFile
GetVersionFromFileA
GetVersionFromFileEx
GetVersionFromFileExA
GetVersionFromFileExW
GetVersionFromFileW
IsNTAdmin
LaunchINFSection
LaunchINFSectionA
LaunchINFSectionEx
LaunchINFSectionExA
LaunchINFSectionExW
LaunchINFSectionW
NeedReboot
NeedRebootInit
OpenINFEngine
OpenINFEngineA
OpenINFEngineW
RebootCheckOnInstall
RebootCheckOnInstallA
RebootCheckOnInstallW
RegInstall
RegInstallA
RegInstallW
RegRestoreAll
RegRestoreAllA
RegRestoreAllW
RegSaveRestore
RegSaveRestoreA
RegSaveRestoreOnINF
RegSaveRestoreOnINFA
RegSaveRestoreOnINFW
RegSaveRestoreW
RegisterOCX
RegisterOCXW
RunSetupCommand
RunSetupCommandA
RunSetupCommandW
SetPerUserSecValues
SetPerUserSecValuesA
SetPerUserSecValuesW
TranslateInfString
TranslateInfStringA
TranslateInfStringEx
TranslateInfStringExA
TranslateInfStringExW
TranslateInfStringW
UserInstStubWrapper
UserInstStubWrapperA
UserInstStubWrapperW
UserUnInstStubWrapper
UserUnInstStubWrapperA
UserUnInstStubWrapperW

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-aero.resources_31bf3856ad364e35_10.0.17763.1_en-us_2b0c6c72b22dbfd6/aero.msstyles.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-aero_31bf3856ad364e35_10.0.17763.253_none_209ecc079f1d6d98/aero.msstyles
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-aero_31bf3856ad364e35_10.0.17763.253_none_209ecc079f1d6d98/f/aero.msstyles
amd64_microsoft-windows-aero_31bf3856ad364e35_10.0.17763.253_none_209ecc079f1d6d98/r/aero.msstyles
amd64_microsoft-windows-apisetschema-windows_31bf3856ad364e35_10.0.17763.1_none_1af2796db2d393ff/apisetschema.dll
.dll windows x64

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:f8:fb:46:63:72:14:48:e1:43:26:12:de:d9:1d:ec:e7:97:0d:2b:f9:50:ee:9c:d2:b1:36:a0:d2:ed:ba:0b
Signer

Actual PE Digest

ae:f8:fb:46:63:72:14:48:e1:43:26:12:de:d9:1d:ec:e7:97:0d:2b:f9:50:ee:9c:d2:b1:36:a0:d2:ed:ba:0b

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.apiset
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-atbroker.resources_31bf3856ad364e35_10.0.17763.1_en-us_57fef390867ff9d5/AtBroker.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_10.0.17763.1_en-us_3a53f18449b821a4/autochk.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 270KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-autochk_31bf3856ad364e35_10.0.17763.1_none_d2b9d72f19ea8eeb/autochk.exe
.exe windows x64

262dac4db20d08b06c59a7f5dbe43e61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

__C_specific_handler
RtlCompareUnicodeString
RtlQueryRegistryValuesEx
RtlWriteRegistryValue
NtQuerySystemTime
NtOpenSymbolicLinkObject
RtlEqualUnicodeString
NtWriteFile
_wcsicmp
NtOpenKey
RtlPublishWnfStateData
NtQuerySymbolicLinkObject
LdrSetMUICacheType
RtlSetSystemBootStatus
RtlInitUnicodeString
RtlGetSystemBootStatus
RtlPrefixUnicodeString
NtSerializeBoot
NtClose
NtOpenDirectoryObject
NtFsControlFile
wcsstr
NtQueryDirectoryObject
NtCreateFile
NtOpenFile
NtQueryValueKey
NtTerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memset
RtlFreeAnsiString
RtlAllocateHeap
RtlNormalizeProcessParams
RtlUnicodeStringToAnsiString
isspace
_vsnprintf
_vsnwprintf
RtlMultiByteToUnicodeN
RtlOemToUnicodeN
RtlUnicodeToMultiByteN
RtlUnicodeToOemN
wcsspn
_wtol
_wtoi64
_wcsupr
_wcslwr
wcschr
NtDeviceIoControlFile
NtQueryInformationFile
NtQueryVolumeInformationFile
wcstoul
_wcstoui64
NtReadFile
RtlRaiseStatus
qsort
NtDelayExecution
NtQuerySystemInformation
RtlSizeHeap
RtlFreeHeap
NtDrawText
swprintf_s
NtCreateEvent
NtClearEvent
NtSetThreadExecutionState
NtWaitForMultipleObjects
NtCancelIoFile
RtlNumberGenericTableElementsAvl
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
NtOpenProcessToken
NtAdjustPrivilegesToken
NtShutdownSystem
RtlExpandEnvironmentStrings_U
NtSetInformationFile
RtlValidRelativeSecurityDescriptor
RtlGetVersion
RtlTimeToTimeFields
VerSetConditionMask
RtlVerifyVersionInfo
NtDisplayString
RtlRandomEx
NtQueryPerformanceCounter
isprint
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlEnterCriticalSection
RtlTryEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeSRWLock
RtlInitializeCriticalSection
NtFreeVirtualMemory
NtSetEvent
RtlCaptureStackBackTrace
NtAllocateVirtualMemory
NtWaitForSingleObject
NtResetEvent
wcsncmp
RtlFindMessage
RtlInitAnsiStringEx
RtlAnsiStringToUnicodeString
RtlFormatMessage
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlLengthSid
RtlCopySid
RtlAddAce
RtlCreateAcl
RtlQueryInformationAcl
RtlCreateSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlAddAccessAllowedAce
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlInitializeBitMap
RtlSetBits
RtlLookupElementGenericTable
RtlClearBits
RtlFindSetBits
RtlDeleteElementGenericTable
RtlEnumerateGenericTableWithoutSplaying
RtlNumberOfSetBits
RtlInitializeGenericTableAvl
RtlEnumerateGenericTableAvl
RtlLookupFirstMatchingElementGenericTableAvl
RtlEnumerateGenericTableWithoutSplayingAvl
RtlDeleteElementGenericTableAvl
RtlLookupElementGenericTableFullAvl
RtlInsertElementGenericTableFullAvl
RtlDeleteElementGenericTableAvlEx
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlSystemTimeToLocalTime
RtlCrc64
RtlUpcaseUnicodeString
RtlComputeCrc32
DbgPrint
NtOpenThreadToken
_wcsnicmp
RtlCreateSystemVolumeInformationFolder
EtwEventUnregister
EtwEventRegister
EtwEventSetInformation
EtwEventWriteTransfer
DbgPrintEx
NtFlushBuffersFile
__chkstk
memcmp
memcpy
memmove
wcscmp

Sections

.text
Size: 596KB - Virtual size: 595KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-autochkconfigurator_31bf3856ad364e35_10.0.17763.1_none_0988657ddfede1c4/chkntfs.exe
.exe windows x64

d41bf2f313e9ee8cbb20ef9ad2025250

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

?terminate@@YAXXZ
_commode
_fmode
_initterm
__setusermatherr
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__C_specific_handler
exit

ulib

?Initialize@WSTRING@@QEAAEPEBV1@KK@Z
?Initialize@WSTRING@@QEAAEPEBGK@Z
?Initialize@WSTRING@@QEAAEPEBDK@Z
??8WSTRING@@QEBAEAEBV0@@Z
?QueryString@WSTRING@@QEBAPEAV1@KK@Z
??1PROGRAM@@UEAA@XZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@PEADZZ
?DisplayMessage@PROGRAM@@UEBAEKW4MESSAGE_TYPE@@@Z
?Fatal@PROGRAM@@UEBAXKKPEADZZ
?Fatal@PROGRAM@@UEBAXXZ
?Strcat@WSTRING@@QEAAEPEBV1@@Z
?GetStandardOutput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?GetStandardError@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Usage@PROGRAM@@UEBAXXZ
?ValidateVersion@PROGRAM@@UEBAXKK@Z
??0PROGRAM@@IEAA@XZ
??0STRING_ARGUMENT@@QEAA@XZ
??1STRING_ARGUMENT@@UEAA@XZ
?Initialize@STRING_ARGUMENT@@QEAAEPEAD@Z
??0ARGUMENT_LEXEMIZER@@QEAA@XZ
??1ARGUMENT_LEXEMIZER@@UEAA@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QEAAEPEAVARRAY@@@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QEAAXPEBD@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QEAAEPEAVWSTRING@@@Z
??0PATH@@QEAA@XZ
??1PATH@@UEAA@XZ
?Initialize@PROGRAM@@QEAAEKKK@Z
??0CLASS_DESCRIPTOR@@QEAA@XZ
?GetStandardInput@PROGRAM@@UEAAPEAVSTREAM@@XZ
?Initialize@CLASS_DESCRIPTOR@@QEAAEPEBD@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QEAAXE@Z
??1OBJECT@@UEAA@XZ
?Compare@OBJECT@@UEBAJPEBV1@@Z
?DebugDump@OBJECT@@UEBAXE@Z
?GetLexeme@ARGUMENT@@QEAAPEAVWSTRING@@XZ
?IsValueSet@ARGUMENT@@QEAAEXZ
??0MULTIPLE_PATH_ARGUMENT@@QEAA@XZ
??1MULTIPLE_PATH_ARGUMENT@@UEAA@XZ
?Initialize@MULTIPLE_PATH_ARGUMENT@@QEAAEPEADEE@Z
?QueryDriveType@SYSTEM@@SA?AW4DRIVE_TYPE@@PEBVWSTRING@@@Z
??0FLAG_ARGUMENT@@QEAA@XZ
?Initialize@FLAG_ARGUMENT@@QEAAEPEAD@Z
??0ARRAY@@QEAA@XZ
??1ARRAY@@UEAA@XZ
?Initialize@ARRAY@@QEAAEKK@Z
?Put@ARRAY@@UEAAEPEAVOBJECT@@@Z
??0LONG_ARGUMENT@@QEAA@XZ
?Initialize@LONG_ARGUMENT@@QEAAEPEAD@Z
??0DSTRING@@QEAA@XZ
??1DSTRING@@UEAA@XZ
?AnalyzePath@PATH@@QEAA?AW4PATH_ANALYZE_CODE@@PEAVWSTRING@@PEAV1@0@Z

ifsutil

??1DP_DRIVE@@UEAA@XZ
??0DP_DRIVE@@QEAA@XZ
?IsFrontEndPresent@AUTOREG@@SAEPEBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@E@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SAEPEBVWSTRING@@00@Z
?PushEntry@AUTOREG@@SAEPEBVWSTRING@@@Z
??0MOUNT_POINT_MAP@@QEAA@XZ
?IsVolumeDirty@IFS_SYSTEM@@SAEPEAVWSTRING@@PEAE1PEAJ@Z
?QueryIsSystemUEFI@IFS_SYSTEM@@SAEXZ
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@@Z
?QueryFileSystemName@IFS_SYSTEM@@SAEPEBVWSTRING@@PEAV2@PEAJ1@Z
??0MOUNT_POINT_TUPLE@@QEAA@XZ
?Initialize@DP_DRIVE@@QEAAEPEBVWSTRING@@PEAVMESSAGE@@EE@Z
??1MOUNT_POINT_MAP@@UEAA@XZ
?Initialize@MOUNT_POINT_MAP@@QEAAEXZ
?AddEntry@AUTOREG@@SAEPEBVWSTRING@@@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SAEK@Z
?QueryAutochkTimeOut@VOL_LIODPDRV@@SAEPEAK@Z

ntdll

RtlCaptureContext
RtlFreeHeap
RtlAllocateHeap
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
UnhandledExceptionFilter
Sleep
HeapSetInformation
GetLastError
GetVersionExW
SetErrorMode
GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

user32

ExitWindowsEx

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-autoconv.resources_31bf3856ad364e35_10.0.17763.1_en-us_f78fb408f32c4bc4/autoconv.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 270KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..-configuration-data_31bf3856ad364e35_10.0.17763.1_none_f3325b577818ab48/bcd.dll
.dll windows x64

f762917c0a8d43573015fffa75032daf

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:99:9b:b8:c8:75:2f:54:e0:ba:6e:95:56:64:3f:d1:6e:bb:74:bb:38:20:14:ab:e1:e8:89:90:e6:a1:ca:bd
Signer

Actual PE Digest

27:99:9b:b8:c8:75:2f:54:e0:ba:6e:95:56:64:3f:d1:6e:bb:74:bb:38:20:14:ab:e1:e8:89:90:e6:a1:ca:bd

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

wcscpy_s
wcscat_s
wcsrchr
wcsncpy_s
ZwAllocateUuids
__C_specific_handler
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
ZwQueryKey
RtlSetDaclSecurityDescriptor
ZwCreateFile
ZwCreateKey
ZwLoadKey
RtlAddAccessAllowedAceEx
RtlAllocateAndInitializeSid
RtlLengthSid
ZwFlushKey
ZwDeleteValueKey
ZwSaveKey
RtlFreeSid
ZwDeleteKey
wcschr
ZwEnumerateKey
ZwQueryValueKey
RtlCreateAcl
ZwSetSecurityObject
ZwUnloadKey
ZwQuerySystemInformation
ZwSetValueKey
ZwQueryAttributesFile
ZwOpenKey
RtlAppendUnicodeToString
_ultow_s
wcstoul
_vsnwprintf
ZwQuerySymbolicLinkObject
ZwDeviceIoControlFile
_wcsicmp
ZwOpenSymbolicLinkObject
_wcsnicmp
_vsnwprintf_s
ZwWaitForSingleObject
ZwReleaseMutant
ZwOpenMutant
LdrGetProcedureAddress
ZwQueryVolumeInformationFile
LdrGetDllHandle
ZwQueryInformationProcess
RtlInitAnsiString
ZwDeleteFile
ZwQueryInformationFile
ZwOpenProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
memmove
RtlCompareMemory
wcsstr
swprintf_s
strncmp
_wcsupr
RtlGUIDFromString
wcsnlen
ZwClose
ZwOpenFile
RtlFreeHeap
RtlStringFromGUID
RtlInitUnicodeString
RtlFreeUnicodeString
RtlCreateSecurityDescriptor
RtlAllocateHeap
NtQuerySystemInformation
NtAdjustPrivilegesToken
NtOpenProcessTokenEx
NtSetInformationThread
NtOpenThreadTokenEx
NtClose
NtPrivilegeCheck
RtlImpersonateSelf
NtOpenSymbolicLinkObject
NtOpenKey
NtQuerySymbolicLinkObject
_snwscanf_s
_wcslwr
NtDeviceIoControlFile
NtSetValueKey
NtOpenFile
NtQueryValueKey
NtDeleteKey
NtQueryBootEntryOrder
NtQueryBootOptions
NtSetSecurityObject
NtTranslateFilePath
NtOpenDirectoryObject
NtQueryDirectoryObject
NtEnumerateBootEntries
NtCreateKey
memcmp
memcpy
memset

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Exports

Exports

BcdCloseObject
BcdCloseStore
BcdCopyObject
BcdCopyObjectEx
BcdCopyObjects
BcdCreateObject
BcdCreateStore
BcdDeleteElement
BcdDeleteObject
BcdDeleteObjectReferences
BcdDeleteSystemStore
BcdEnumerateAndUnpackElements
BcdEnumerateElementTypes
BcdEnumerateElements
BcdEnumerateElementsWithFlags
BcdEnumerateObjects
BcdExportStore
BcdFlushStore
BcdForciblyUnloadStore
BcdGetElementData
BcdGetElementDataWithFlags
BcdImportStore
BcdImportStoreWithFlags
BcdMarkAsSystemStore
BcdMigrateObjectElementValues
BcdOpenObject
BcdOpenStore
BcdOpenStoreFromFile
BcdOpenSystemStore
BcdQueryObject
BcdSetElementData
BcdSetElementDataWithFlags
BcdSetLogging
BcdSetSystemStoreDevice
GUID_BAD_MEMORY_GROUP
GUID_BOOT_LOADER_SETTINGS_GROUP
GUID_CURRENT_BOOT_ENTRY
GUID_DEBUGGER_SETTINGS_GROUP
GUID_DEFAULT_BOOT_ENTRY
GUID_EMS_SETTINGS_GROUP
GUID_FIRMWARE_BOOTMGR
GUID_GLOBAL_SETTINGS_GROUP
GUID_HYPERVISOR_SETTINGS_GROUP
GUID_KERNEL_DEBUGGER_SETTINGS_GROUP
GUID_RESUME_LOADER_SETTINGS_GROUP
GUID_WINDOWS_BOOTMGR
GUID_WINDOWS_LEGACY_NTLDR
GUID_WINDOWS_MEMORY_TESTER
GUID_WINDOWS_OS_TARGET_TEMPLATE_EFI
GUID_WINDOWS_OS_TARGET_TEMPLATE_PCAT
GUID_WINDOWS_RESUME_TARGET_TEMPLATE_EFI
GUID_WINDOWS_RESUME_TARGET_TEMPLATE_PCAT
GUID_WINDOWS_SETUP_EFI
GUID_WINDOWS_SETUP_PCAT
GUID_WINDOWS_SETUP_RAMDISK_OPTIONS
PARTITION_BASIC_DATA_GUID
PARTITION_CLUSTER_GUID
PARTITION_ENTRY_UNUSED_GUID
PARTITION_LDM_DATA_GUID
PARTITION_LDM_METADATA_GUID
PARTITION_MSFT_RECOVERY_GUID
PARTITION_MSFT_RESERVED_GUID
PARTITION_MSFT_SNAPSHOT_GUID
PARTITION_SPACES_GUID
PARTITION_SYSTEM_GUID
SyspartDirectGetSystemDisk
SyspartDirectGetSystemPartition
SyspartDirectSetSystemDevice
SyspartGetSystemDisk
SyspartGetSystemPartition

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-b..buggertransport-usb_31bf3856ad364e35_10.0.17763.1_none_8e43938062b0d3cf/kdusb.dll
.dll windows x64

3c30629630bbd25f22166792aed2420a

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/07/2018, 20:45

Not After

26/07/2019, 20:45

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:33:78:16:56:b5:f6:48:50:9e:5e:98:00:14:46:67:ac:da:5e:67:b4:67:2f:4a:14:d1:34:de:be:3e:1d:13
Signer

Actual PE Digest

a5:33:78:16:56:b5:f6:48:50:9e:5e:98:00:14:46:67:ac:da:5e:67:b4:67:2f:4a:14:d1:34:de:be:3e:1d:13

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/09/2022, 14:52
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

strstr
HalPrivateDispatchTable
MmGetPhysicalAddress
EtwRegister
KdDebuggerNotPresent
PoSetHiberRange
EtwSetInformation
_vsnprintf
EtwWriteTransfer
_strupr

hal

KeStallExecutionProcessor
KeFlushWriteBuffer

Exports

Exports

KdInitialize
KdPower
KdReceivePacket
KdSendPacket
KdSetHiberRange

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 166B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFIDS
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 9KB - Virtual size: 12KB

f4527a6ef5afe648805e2a19f417a141

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

gdi32

kernel32

advapi32

ole32

version

setupapi

shlwapi

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 55KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 92B

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 3KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

Code Sign

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

ae:f8:fb:46:63:72:14:48:e1:43:26:12:de:d9:1d:ec:e7:97:0d:2b:f9:50:ee:9c:d2:b1:36:a0:d2:ed:ba:0bSigner

Signature Validations

Verification

15/09/2022, 14:52 Valid: false

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 316B

.apiset Size: 102KB - Virtual size: 102KB

.rsrc Size: 1KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 1KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 176B

.rsrc Size: 270KB - Virtual size: 272KB

262dac4db20d08b06c59a7f5dbe43e61

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 9KB - Virtual size: 12KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 55KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 92B

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 3KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

ae:f8:fb:46:63:72:14:48:e1:43:26:12:de:d9:1d:ec:e7:97:0d:2b:f9:50:ee:9c:d2:b1:36:a0:d2:ed:ba:0b
Signer

15/09/2022, 14:52
Valid: false

.rdata
Size: 512B - Virtual size: 316B

.apiset
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 1KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 270KB - Virtual size: 272KB

.text
Size: 596KB - Virtual size: 595KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 11KB - Virtual size: 14KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 271KB - Virtual size: 270KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 276B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 56B

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 270KB - Virtual size: 272KB

33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

27:99:9b:b8:c8:75:2f:54:e0:ba:6e:95:56:64:3f:d1:6e:bb:74:bb:38:20:14:ab:e1:e8:89:90:e6:a1:ca:bd
Signer

15/09/2022, 14:52
Valid: false

.text
Size: 74KB - Virtual size: 74KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 28B