418b4449e50870ebcb2a97aabd0270ccd460e072604d571488f792290b2b795e

Sharing

Copy URL Twitter E-mail

General

Target

418b4449e50870ebcb2a97aabd0270ccd460e072604d571488f792290b2b795e
Size

96KB
MD5

e300653190c2915be281211fe5d07ec2
SHA1

26c67bbe6891e07f972e75e8a0bbb63b600cae1b
SHA256

418b4449e50870ebcb2a97aabd0270ccd460e072604d571488f792290b2b795e
SHA512

9a3bb0cffce9f6676a2bf6782763483d3f4d77aa572c3c06d4040a67b61baba48594f0a22bfac1f065235d1ff791bdd1d9e60ad5cdfbaa0b6945b7d9758586b3
SSDEEP

1536:gkVfS57v24KWnLCnEzYjbykYs2cgwJX13opRYobAgmOgbXIzQ2:gkVfEDfKy8j5YVcg/pRYoshOgbXIzH

Score

N/A

Malware Config

Signatures

Files

418b4449e50870ebcb2a97aabd0270ccd460e072604d571488f792290b2b795e
.rar
amd64_microsoft-windows-s..-schannel.resources_31bf3856ad364e35_10.0.22621.1_en-us_48b6925b2ca14917/schannel.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..os-filter.resources_31bf3856ad364e35_10.0.22621.1_en-us_b798cbf565f1e4a6/storqosflt.sys.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..owershell.resources_31bf3856ad364e35_10.0.22621.1_en-us_30611d78e2e9b659/SmbLocalization.psd1
amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.22621.1_en-us_9adfe384d5cbbec8/slc.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..pp-client.resources_31bf3856ad364e35_10.0.22621.1_en-us_9adfe384d5cbbec8/sppc.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..ransformers-onecore_31bf3856ad364e35_10.0.22621.1_none_85ec816def3e6766/AriTransformer.dll
.dll windows x64

3fd145eb867e2dc5600e1eb742793ee9

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:3e:44:eb:03:28:74:b0:49:b8:93:4f:bf:15:75:37:4e:56:e7:37:26:2d:a2:18:af:84:77:e6:8b:01:a5:d5
Signer

Actual PE Digest

c1:3e:44:eb:03:28:74:b0:49:b8:93:4f:bf:15:75:37:4e:56:e7:37:26:2d:a2:18:af:84:77:e6:8b:01:a5:d5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 10:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

memcpy
_onexit
__C_specific_handler
_unlock
_lock
realloc
_errno
_initterm
_amsg_exit
_XcptFilter
_callnewh
memcpy_s
free
malloc
wcsncpy_s
__dllonexit
memset

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-core-libraryloader-l1-1-0

GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
FindResourceExW
LoadResource
FreeLibrary
SizeofResource
DisableThreadLibraryCalls

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegQueryInfoKeyW
RegSetValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

oleaut32

VarUI4FromStr

ntdll

RtlRaiseStatus

wcp

RtlReallocateLUnicodeString
RtlCombineNtPathSegments
?RtlTraceFormat_PCLUNICODE_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
RtlFreeLBlob
RtlSplitNtPath
RtlReportErrorOrigination
ConvertNtStatusToHResult
RtlSplitLUnicodeString
?RtlTraceVa@Rtl@WCP@Windows@@YAXKKPEAU_RTL_TRACING_FACILITY@123@QEBD_KPEAD@Z
RtlConvertWin32FilePathToNtFilePath
?SilCreateDirectories@Rtl@Windows@@YAJPEAUIRtlSystemIsolationLayerPublic@12@AEBU_LUNICODE_STRING@@@Z
RtlFreeLUnicodeString
?RtlTraceFormat_PCULONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z

Exports

Exports

DllCanUnloadNow
DllCsiGetHandler

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..ransformers-onecore_31bf3856ad364e35_10.0.22621.1_none_85ec816def3e6766/WpnDataTransformer.dll
.dll windows x64

ccbc3d76d3c7d812be4afcd914800df7

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:01:f3:a4:72:d1:36:4b:fe:6a:30:ff:53:fa:be:b5:b1:82:32:8e:49:54:23:35:81:1a:c9:6e:65:e5:b2:94
Signer

Actual PE Digest

1f:01:f3:a4:72:d1:36:4b:fe:6a:30:ff:53:fa:be:b5:b1:82:32:8e:49:54:23:35:81:1a:c9:6e:65:e5:b2:94

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

23/09/2022, 10:47
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_callnewh
__C_specific_handler
_initterm
malloc
_amsg_exit
_XcptFilter
free
_purecall
memcpy_s
_lock
memset

api-ms-win-core-com-l1-1-0

CoCreateFreeThreadedMarshaler

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter

wcp

?RtlTraceFormat_PCULONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLUNICODE_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
RtlFreeLBlob
RtlAllocateLBlob
?GetLUnicodeParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAK@Z
?GetNtRegistryPathParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAKK@Z
?GetNtFilePathParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAKK@Z
RtlFreeLUnicodeString
?RtlTraceVa@Rtl@WCP@Windows@@YAXKKPEAU_RTL_TRACING_FACILITY@123@QEBD_KPEAD@Z
?RtlTraceFormat_PCHRESULT@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCULONGLONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

Exports

Exports

DllCanUnloadNow
DllCsiGetHandler
DllGetClassObject

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..rity-ntlm.resources_31bf3856ad364e35_10.0.22621.1_en-us_c9aaca0e602645d4/msv1_0.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..rtup-core.resources_31bf3856ad364e35_10.0.22621.1_en-us_b6b721ca2159f7aa/fveapi.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.22621.1_en-us_c0e56e8296bc951f/smbwmiv2.dll.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..rver-apis.resources_31bf3856ad364e35_10.0.22621.1_en-us_c0e56e8296bc951f/smbwmiv2.mfl
amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.22621.1_none_30f58c1bc1073149/scm.mof
amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_10.0.22621.1_none_30f58c1bc1073149/services.mof
amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_10.0.22621.1_en-us_b2debc8d9b37d3af/svchost.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64_microsoft-windows-s..spaceutil.resources_31bf3856ad364e35_10.0.22621.1_en-us_6c3d46bf8499e5a3/spaceutil.exe.mui
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 3KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 75KB - Virtual size: 76KB

Headers

DLL Characteristics

File Characteristics

Sections

.rdata Size: 512B - Virtual size: 224B

.rsrc Size: 75KB - Virtual size: 76KB

3fd145eb867e2dc5600e1eb742793ee9

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

c1:3e:44:eb:03:28:74:b0:49:b8:93:4f:bf:15:75:37:4e:56:e7:37:26:2d:a2:18:af:84:77:e6:8b:01:a5:d5Signer

Signature Validations

Verification

23/09/2022, 10:47 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

oleaut32

ntdll

wcp

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 4KB - Virtual size: 996B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 204B

ccbc3d76d3c7d812be4afcd914800df7

Code Sign

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

1f:01:f3:a4:72:d1:36:4b:fe:6a:30:ff:53:fa:be:b5:b1:82:32:8e:49:54:23:35:81:1a:c9:6e:65:e5:b2:94Signer

Signature Validations

Verification

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 3KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 75KB - Virtual size: 76KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 75KB - Virtual size: 76KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

c1:3e:44:eb:03:28:74:b0:49:b8:93:4f:bf:15:75:37:4e:56:e7:37:26:2d:a2:18:af:84:77:e6:8b:01:a5:d5
Signer

23/09/2022, 10:47
Valid: false

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 4KB - Virtual size: 996B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 204B

33:00:00:03:3b:65:5f:ae:fa:db:75:e9:d6:00:00:00:00:03:3b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

1f:01:f3:a4:72:d1:36:4b:fe:6a:30:ff:53:fa:be:b5:b1:82:32:8e:49:54:23:35:81:1a:c9:6e:65:e5:b2:94
Signer

23/09/2022, 10:47
Valid: false

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.pdata
Size: 4KB - Virtual size: 888B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 156B

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 19KB - Virtual size: 20KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 41KB - Virtual size: 44KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 1KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 25KB - Virtual size: 28KB