2fcec8cf31e17e159da8723cc3cc05b2652b38fa29d4ba74057d546922955404

Sharing

Copy URL

Twitter E-mail

General

Target

2fcec8cf31e17e159da8723cc3cc05b2652b38fa29d4ba74057d546922955404
Size

3.1MB
MD5

7b6695042d5eea8332f4390d6d3cdc5e
SHA1

7dc5d3b71e030bd93908788eb8b38197086c9e8c
SHA256

2fcec8cf31e17e159da8723cc3cc05b2652b38fa29d4ba74057d546922955404
SHA512

30366f4d1c30cad356ed011a62e7224303a4026004dcb93a4d3bf9f0bf142d193772b176f2344e0098a4a5fde54de9b54b667348162c260a36295d64b22c9538
SSDEEP

98304:en7aLYhAfVXKBZ/YUMeP1qmFMr2JmmMFcKYfVrA:k7aUbAsjhXzvfVE

Score

N/A

Malware Config

Signatures

Files

2fcec8cf31e17e159da8723cc3cc05b2652b38fa29d4ba74057d546922955404
.rar
2.8.7.4(2k-XP)/1023limit.png
.png
2.8.7.4(2k-XP)/Blog/blog.html
.js
2.8.7.4(2k-XP)/Blog/blog.png
.png
2.8.7.4(2k-XP)/Blog/deloreandelete.png
.png
2.8.7.4(2k-XP)/Blog/deloreandelete_sequence.png
.png
2.8.7.4(2k-XP)/Blog/lnbirthday.png
.png
2.8.7.4(2k-XP)/amazon.de.png
.png
2.8.7.4(2k-XP)/anchorpath.png
.png
2.8.7.4(2k-XP)/bat/DeLoreanCopy.bat
.bat .vbs
2.8.7.4(2k-XP)/bat/DeLoreanHanoi.bat
.bat .vbs
2.8.7.4(2k-XP)/bat/DeleteAllHardlinks.bat
.bat .vbs
2.8.7.4(2k-XP)/bat/QueryPath.cmd
2.8.7.4(2k-XP)/bat/dosdev.exe
.exe windows x86

0e0b737b9b62b409a5c81a4fde6b262e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
DefineDosDeviceA
QueryDosDeviceA
GetLastError
FormatMessageA
LocalFree

crtdll

printf
fflush
_iob
_amsg_exit
__GetMainArgs
exit
puts
fprintf

user32

CharToOemA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.8.7.4(2k-XP)/bat/vshadow.zip
.zip
2.8.7.4(2k-XP)/bat/vss-exec.cmd
.cmd .vbs
2.8.7.4(2k-XP)/bat/vss_drivecopy.cmd
.cmd .vbs
2.8.7.4(2k-XP)/bat/vss_raw.cmd
.cmd .vbs
2.8.7.4(2k-XP)/bat/vss_unc.cmd
.cmd .vbs
2.8.7.4(2k-XP)/bitcoinlogo.png
.png
2.8.7.4(2k-XP)/bitcoinlseqr.png
.png
2.8.7.4(2k-XP)/delete.png
.png
2.8.7.4(2k-XP)/deletefollow.png
.png
2.8.7.4(2k-XP)/deloreanmerge.png
.png
2.8.7.4(2k-XP)/hardlinkcloneshowto.png
.png
2.8.7.4(2k-XP)/hardlinkclonessmart.png
.png
2.8.7.4(2k-XP)/junctionshowto.png
.png
2.8.7.4(2k-XP)/license.txt
2.8.7.4(2k-XP)/license_tre.txt
2.8.7.4(2k-XP)/license_ultragetop.txt
2.8.7.4(2k-XP)/ln.exe
.exe windows x86

4efcbcd0f20b76eb5fe9c83f16c8fef4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

strtol
qsort
wcsrtombs
calloc
memchr
iswctype
towupper
towlower
mbrtowc
___mb_cur_max_func
wcsncat
feof
fwscanf
strncpy
_vsnprintf
isupper
sprintf
fwscanf_s
_wcslwr
_wsplitpath
memmove_s
_towlower_l
_purecall
wcsncpy
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
vfprintf
toupper
tolower
strchr
__iob_func
strncmp
_strnicmp
getenv
islower
fflush
_wtoi
_get_current_locale
??_V@YAXPAX@Z
setlocale
_fdopen
_open_osfhandle
fwprintf
wcscpy_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
swprintf_s
??_U@YAPAXI@Z
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
exit
fclose
??0exception@std@@QAE@ABV01@@Z
wcsncmp
swscanf_s
??0exception@std@@QAE@ABQBD@Z
wcscat_s
_invalid_parameter_noinfo
_wfopen
_stricmp
wprintf
wcstok
_wcsicmp
memmove
wcsrchr
fgetws
sprintf_s
_CxxThrowException
memset
wcsncpy_s
wcsstr
__CxxFrameHandler3
free
printf
memcpy
realloc
malloc
??2@YAPAXI@Z

netapi32

NetApiBufferFree
NetShareGetInfo

shlwapi

PathStripToRootW
StrTrimW
PathCanonicalizeW
PathIsRootW
PathIsUNCW
PathFindFileNameW
PathSkipRootW
PathFindExtensionW
PathRemoveExtensionW
PathAddBackslashW
PathRemoveFileSpecW
PathRelativePathToW
PathIsRelativeW
PathCombineW

mpr

WNetGetResourceInformationW
WNetAddConnection3W
WNetGetUniversalNameW

ntdll

RtlDosPathNameToNtPathName_U
NtOpenFile
NtQuerySystemInformation
NtSetSecurityObject
NtQuerySecurityObject
NtSetEaFile
NtQueryEaFile
NtQueryInformationFile
NtSetInformationFile
NtQueryDirectoryFile

user32

wsprintfW

msvcp80

?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1locale@std@@QAE@XZ
?global@locale@std@@SA?AV12@ABV12@@Z
??0locale@std@@QAE@PBDH@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
wctype
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

wsock32

gethostname
WSAStartup
WSACleanup

advapi32

WriteEncryptedFileRaw
GetSecurityDescriptorDacl
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
OpenEncryptedFileRawW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
GetNamedSecurityInfoW

kernel32

GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
GetFileAttributesExW
SetFileTime
GetVersionExW
GetSystemInfo
LocalFree
DeleteCriticalSection
InitializeCriticalSection
GetCurrentDirectoryW
LoadLibraryW
GetProcAddress
OpenProcess
FreeLibrary
GetDriveTypeW
GlobalAlloc
EnterCriticalSection
LeaveCriticalSection
BackupWrite
SetLastError
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
SetEndOfFile
GetFileSizeEx
CreateEventW
CreateThread
GetTempPathW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CreateDirectoryW
CreateFileMappingW
SetFilePointerEx
MapViewOfFileEx
UnmapViewOfFile
SetEvent
CreateFileA
GetFileSize
DeviceIoControl
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetLastError
WideCharToMultiByte
GetStdHandle
FindClose
QueryDosDeviceW
GetFullPathNameW
RemoveDirectoryW
GetVolumeInformationW
MoveFileW
WaitForSingleObject
GetFileInformationByHandle
CloseHandle
DeleteFileW
SetStdHandle
GetLocalTime
CreateFileW
FileTimeToSystemTime
SystemTimeToFileTime
CopyFileW
GetSystemTime
WaitForMultipleObjects
GetFileAttributesW
Sleep
LockResource
LoadResource
FindResourceW
FindResourceExW
FormatMessageW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedExchangeAdd
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
GlobalMemoryStatus
ReleaseSemaphore
CreateSemaphoreA
WriteFile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
EnumProcessModules

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.8.7.4(2k-XP)/ln.html
.js
2.8.7.4(2k-XP)/ln.png
.png
2.8.7.4(2k-XP)/mappednetworkdrive.png
.png
2.8.7.4(2k-XP)/mountpointssplice.png
.png
2.8.7.4(2k-XP)/multiplesource.png
.png
2.8.7.4(2k-XP)/nestedreparsepoints.png
.png
2.8.7.4(2k-XP)/ontheflydupemerge.png
.png
2.8.7.4(2k-XP)/outerjunctionscrop.png
.png
2.8.7.4(2k-XP)/outerjunctionssplice.png
.png
2.8.7.4(2k-XP)/outerjunctionsunroll.png
.png
2.8.7.4(2k-XP)/outerjunctionsunrollcircularity.png
.png
2.8.7.4(2k-XP)/outerjunctionsunrolldiskid.png
.png
2.8.7.4(2k-XP)/outerjunctionsunrollinner.png
.png
2.8.7.4(2k-XP)/outerjunctionsunrollinnernested.png
.png
2.8.7.4(2k-XP)/outerjunctionsunrollinnersymlink.png
.png
2.8.7.4(2k-XP)/outerjunctionsunrollmultitraverse.png
.png
2.8.7.4(2k-XP)/smartcopyhowto.png
.png
2.8.7.4(2k-XP)/smartmovehowto.png
.png
2.8.7.4(2k-XP)/symboliclinkhowto.png
.png
2.8.7.4(2k-XP)/symlinkssmart.png
.png
2.8.7.4(2k-XP)/zeiteisen.png
.png
2.9.3.3/win32/Doc/1023limit.png
.png
2.9.3.3/win32/Doc/Blog/blog.html
.js
2.9.3.3/win32/Doc/Blog/blog.png
.png
2.9.3.3/win32/Doc/Blog/deloreandelete.png
.png
2.9.3.3/win32/Doc/Blog/deloreandelete_sequence.png
.png
2.9.3.3/win32/Doc/Blog/lnbirthday.png
.png
2.9.3.3/win32/Doc/amazon.de.png
.png
2.9.3.3/win32/Doc/anchorpath.png
.png
2.9.3.3/win32/Doc/bitcoinlogo.png
.png
2.9.3.3/win32/Doc/bitcoinlseqr.png
.png
2.9.3.3/win32/Doc/delete.png
.png
2.9.3.3/win32/Doc/deletefollow.png
.png
2.9.3.3/win32/Doc/deloreanmerge.png
.png
2.9.3.3/win32/Doc/hardlinkcloneshowto.png
.png
2.9.3.3/win32/Doc/hardlinkclonessmart.png
.png
2.9.3.3/win32/Doc/junctionshowto.png
.png
2.9.3.3/win32/Doc/license.txt
2.9.3.3/win32/Doc/license_tre.txt
2.9.3.3/win32/Doc/license_uint128.txt
2.9.3.3/win32/Doc/license_ultragetop.txt
2.9.3.3/win32/Doc/ln.html
.js
2.9.3.3/win32/Doc/ln.png
.png
2.9.3.3/win32/Doc/mappednetworkdrive.png
.png
2.9.3.3/win32/Doc/mountpointssplice.png
.png
2.9.3.3/win32/Doc/multiplesource.png
.png
2.9.3.3/win32/Doc/nestedreparsepoints.png
.png
2.9.3.3/win32/Doc/ontheflydupemerge.png
.png
2.9.3.3/win32/Doc/outerjunctionscrop.png
.png
2.9.3.3/win32/Doc/outerjunctionssplice.png
.png
2.9.3.3/win32/Doc/outerjunctionsunroll.png
.png
2.9.3.3/win32/Doc/outerjunctionsunrollcircularity.png
.png
2.9.3.3/win32/Doc/outerjunctionsunrolldiskid.png
.png
2.9.3.3/win32/Doc/outerjunctionsunrollinner.png
.png
2.9.3.3/win32/Doc/outerjunctionsunrollinnernested.png
.png
2.9.3.3/win32/Doc/outerjunctionsunrollinnersymlink.png
.png
2.9.3.3/win32/Doc/outerjunctionsunrollmultitraverse.png
.png
2.9.3.3/win32/Doc/smartcopyhowto.png
.png
2.9.3.3/win32/Doc/smartmovehowto.png
.png
2.9.3.3/win32/Doc/symboliclinkhowto.png
.png
2.9.3.3/win32/Doc/symlinkssmart.png
.png
2.9.3.3/win32/Doc/zeiteisen.png
.png
2.9.3.3/win32/bat/DeLoreanCopy.bat
.bat .vbs
2.9.3.3/win32/bat/DeLoreanHanoi.bat
.bat .vbs
2.9.3.3/win32/bat/DeleteAllHardlinks.bat
.bat .vbs
2.9.3.3/win32/bat/QueryPath.cmd
2.9.3.3/win32/bat/dosdev.exe
.exe windows x86

0e0b737b9b62b409a5c81a4fde6b262e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
DefineDosDeviceA
QueryDosDeviceA
GetLastError
FormatMessageA
LocalFree

crtdll

printf
fflush
_iob
_amsg_exit
__GetMainArgs
exit
puts
fprintf

user32

CharToOemA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.9.3.3/win32/bat/vshadow.zip
.zip
2.9.3.3/win32/bat/vss-exec.cmd
.cmd .vbs
2.9.3.3/win32/bat/vss_drivecopy.cmd
.cmd .vbs
2.9.3.3/win32/bat/vss_raw.cmd
.cmd .vbs
2.9.3.3/win32/bat/vss_unc.cmd
.cmd .vbs
2.9.3.3/win32/ln.exe
.exe windows x86

0021664c9a298da4fd505cff6d9605e2

Code Sign

27:2b:d8:f7:7a:18:da:16:94:d4:00:6c:c1:11:74:8d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-10-2019 00:00

Not After

13-10-2022 23:59

Subject

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22-07-2020 15:33

Not After

29-12-2030 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6f:ed:65:57:ef:25:bc:70:f9:51:c5:eb:36:eb:c0:ac:f5:d0:64:b1:61:cb:98:f0:9f:b4:b5:95:e2:8b:78:77
Signer

Actual PE Digest

6f:ed:65:57:ef:25:bc:70:f9:51:c5:eb:36:eb:c0:ac:f5:d0:64:b1:61:cb:98:f0:9f:b4:b5:95:e2:8b:78:77

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

09-02-2021 20:26
Valid: true

Chain 1

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetShareGetInfo

shlwapi

PathRelativePathToW
PathCanonicalizeW
PathCombineW
PathIsUNCW
PathIsRootW
PathFindFileNameW
PathAddBackslashW
PathFindNextComponentA
StrTrimW
PathSkipRootW
PathStripToRootW
PathRemoveFileSpecW
PathIsRelativeW

mpr

WNetGetUniversalNameW
WNetGetResourceInformationW

ntdll

NtSetInformationFile
NtQueryDirectoryFile
NtOpenFile
RtlDosPathNameToNtPathName_U
NtQueryEaFile
NtSetEaFile
NtQuerySecurityObject
NtSetSecurityObject
NtQueryInformationFile

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameW
QueryDosDeviceW
FindFirstFileNameW
FindNextFileNameW
FindClose
GetLastError
GetFileAttributesW
WaitForSingleObject
GetLocalTime
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
Sleep
WaitForMultipleObjects
CloseHandle
WideCharToMultiByte
CopyFileW
CreateFileW
SetStdHandle
DeleteFileW
GetFileInformationByHandle
MoveFileW
GetVolumeInformationW
RemoveDirectoryW
GetVersionExW
SetLastError
CreateHardLinkW
CreateSymbolicLinkW
GetCurrentThreadId
FindFirstFileW
FindNextFileW
CreateDirectoryW
DeviceIoControl
GetCurrentDirectoryW
GetDriveTypeW
GetVolumeNameForVolumeMountPointW
GetSystemInfo
CreateThread
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetFileAttributesExW
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentProcess
WriteFile
SetEvent
CreateEventW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetSystemTimeAsFileTime
GetFileSize
GetModuleHandleW
InitializeSListHead
IsDebuggerPresent
SetFileAttributesW

advapi32

OpenProcessToken
ReadEncryptedFileRaw
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW

msvcp140

?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?global@locale@std@@SA?AV12@ABV12@@Z
?_Xruntime_error@std@@YAXPBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@HPBD@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

wsock32

ioctlsocket
gethostname
WSAStartup
gethostbyaddr
WSACleanup

vcruntime140

_purecall
__std_terminate
wcsstr
wcsrchr
__std_exception_destroy
__CxxFrameHandler3
strstr
_except_handler4_common
_CxxThrowException
memset
memcpy
strchr
__std_exception_copy
memmove

api-ms-win-crt-string-l1-1-0

_strnicmp
wctype
wcscat_s
towupper
iswctype
towlower
wcsncpy
tolower
_towlower_l
strcpy_s
strncmp
_wcslwr_s
toupper
wcsncat_s
wcsncpy_s
_wcsicmp
wcsncmp
_stricmp
wcstok
wcscpy_s
islower

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
fgetws
__stdio_common_vsprintf_s
__acrt_iob_func
_wfopen_s
__p__commode
__stdio_common_vswprintf_s
__stdio_common_vswscanf
_wfopen
setvbuf
_open_osfhandle
fclose
fflush
__stdio_common_vfwprintf
_set_fmode

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_c_exit
_initterm
_register_onexit_function
_register_thread_local_exe_atexit_callback
_cexit
__p___wargv
exit
_crt_atexit
terminate
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
__p___argc
_initterm_e
_exit
_controlfp_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
_configthreadlocale
setlocale
_get_current_locale

api-ms-win-crt-convert-l1-1-0

strtol
_wtoi
wcsrtombs
wcstombs_s

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
_callnewh
realloc
malloc
calloc

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.9.3.3/win32_static/Doc/1023limit.png
.png
2.9.3.3/win32_static/Doc/Blog/blog.html
.js
2.9.3.3/win32_static/Doc/Blog/blog.png
.png
2.9.3.3/win32_static/Doc/Blog/deloreandelete.png
.png
2.9.3.3/win32_static/Doc/Blog/deloreandelete_sequence.png
.png
2.9.3.3/win32_static/Doc/Blog/lnbirthday.png
.png
2.9.3.3/win32_static/Doc/amazon.de.png
.png
2.9.3.3/win32_static/Doc/anchorpath.png
.png
2.9.3.3/win32_static/Doc/bitcoinlogo.png
.png
2.9.3.3/win32_static/Doc/bitcoinlseqr.png
.png
2.9.3.3/win32_static/Doc/delete.png
.png
2.9.3.3/win32_static/Doc/deletefollow.png
.png
2.9.3.3/win32_static/Doc/deloreanmerge.png
.png
2.9.3.3/win32_static/Doc/hardlinkcloneshowto.png
.png
2.9.3.3/win32_static/Doc/hardlinkclonessmart.png
.png
2.9.3.3/win32_static/Doc/junctionshowto.png
.png
2.9.3.3/win32_static/Doc/license.txt
2.9.3.3/win32_static/Doc/license_tre.txt
2.9.3.3/win32_static/Doc/license_uint128.txt
2.9.3.3/win32_static/Doc/license_ultragetop.txt
2.9.3.3/win32_static/Doc/ln.html
.js
2.9.3.3/win32_static/Doc/ln.png
.png
2.9.3.3/win32_static/Doc/mappednetworkdrive.png
.png
2.9.3.3/win32_static/Doc/mountpointssplice.png
.png
2.9.3.3/win32_static/Doc/multiplesource.png
.png
2.9.3.3/win32_static/Doc/nestedreparsepoints.png
.png
2.9.3.3/win32_static/Doc/ontheflydupemerge.png
.png
2.9.3.3/win32_static/Doc/outerjunctionscrop.png
.png
2.9.3.3/win32_static/Doc/outerjunctionssplice.png
.png
2.9.3.3/win32_static/Doc/outerjunctionsunroll.png
.png
2.9.3.3/win32_static/Doc/outerjunctionsunrollcircularity.png
.png
2.9.3.3/win32_static/Doc/outerjunctionsunrolldiskid.png
.png
2.9.3.3/win32_static/Doc/outerjunctionsunrollinner.png
.png
2.9.3.3/win32_static/Doc/outerjunctionsunrollinnernested.png
.png
2.9.3.3/win32_static/Doc/outerjunctionsunrollinnersymlink.png
.png
2.9.3.3/win32_static/Doc/outerjunctionsunrollmultitraverse.png
.png
2.9.3.3/win32_static/Doc/smartcopyhowto.png
.png
2.9.3.3/win32_static/Doc/smartmovehowto.png
.png
2.9.3.3/win32_static/Doc/symboliclinkhowto.png
.png
2.9.3.3/win32_static/Doc/symlinkssmart.png
.png
2.9.3.3/win32_static/Doc/zeiteisen.png
.png
2.9.3.3/win32_static/bat/DeLoreanCopy.bat
.bat .vbs
2.9.3.3/win32_static/bat/DeLoreanHanoi.bat
.bat .vbs
2.9.3.3/win32_static/bat/DeleteAllHardlinks.bat
.bat .vbs
2.9.3.3/win32_static/bat/QueryPath.cmd
2.9.3.3/win32_static/bat/dosdev.exe
.exe windows x86

0e0b737b9b62b409a5c81a4fde6b262e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
DefineDosDeviceA
QueryDosDeviceA
GetLastError
FormatMessageA
LocalFree

crtdll

printf
fflush
_iob
_amsg_exit
__GetMainArgs
exit
puts
fprintf

user32

CharToOemA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.9.3.3/win32_static/bat/vshadow.zip
.zip
2.9.3.3/win32_static/bat/vss-exec.cmd
.cmd .vbs
2.9.3.3/win32_static/bat/vss_drivecopy.cmd
.cmd .vbs
2.9.3.3/win32_static/bat/vss_raw.cmd
.cmd .vbs
2.9.3.3/win32_static/bat/vss_unc.cmd
.cmd .vbs
2.9.3.3/win32_static/ln.exe
.exe windows x86

2f521374f141fe173e398b7f487c0aaa

Code Sign

27:2b:d8:f7:7a:18:da:16:94:d4:00:6c:c1:11:74:8d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-10-2019 00:00

Not After

13-10-2022 23:59

Subject

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22-07-2020 15:33

Not After

29-12-2030 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:7e:98:e1:dc:df:de:7d:78:3b:0f:63:33:4d:04:5e:01:66:6e:0c:e0:53:43:14:69:9f:07:38:04:8a:a8:86
Signer

Actual PE Digest

ba:7e:98:e1:dc:df:de:7d:78:3b:0f:63:33:4d:04:5e:01:66:6e:0c:e0:53:43:14:69:9f:07:38:04:8a:a8:86

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

09-02-2021 20:26
Valid: true

Chain 1

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetShareGetInfo

shlwapi

PathSkipRootW
PathStripToRootW
PathRemoveFileSpecW
StrTrimW
PathRelativePathToW
PathCanonicalizeW
PathCombineW
PathIsRelativeW
PathFindNextComponentA
PathIsRootW
PathAddBackslashW
PathIsUNCW
PathFindFileNameW

mpr

WNetGetResourceInformationW
WNetGetUniversalNameW

ntdll

NtSetEaFile
NtQueryEaFile
NtQueryInformationFile
NtSetInformationFile
NtQuerySecurityObject
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlUnwind
NtQueryDirectoryFile
NtSetSecurityObject

kernel32

GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
GetFullPathNameW
QueryDosDeviceW
FindFirstFileNameW
FindNextFileNameW
FindClose
GetLastError
GetFileAttributesW
WaitForSingleObject
GetLocalTime
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
Sleep
WaitForMultipleObjects
CloseHandle
WideCharToMultiByte
CopyFileW
CreateFileW
SetStdHandle
DeleteFileW
GetFileInformationByHandle
MoveFileW
GetVolumeInformationW
RemoveDirectoryW
GetVersionExW
SetLastError
CreateHardLinkW
CreateSymbolicLinkW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CreateDirectoryW
DeviceIoControl
GetCurrentDirectoryW
GetDriveTypeW
FreeLibraryAndExitThread
GetSystemInfo
CreateThread
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetFileAttributesExW
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentProcess
WriteFile
SetEvent
CreateEventW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSize
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
GetConsoleCP
GetModuleHandleA
VirtualAlloc
VirtualProtect
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
GetConsoleMode
IsValidCodePage
GetOEMCP
HeapReAlloc
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
GetVolumeNameForVolumeMountPointW
FlushFileBuffers
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
WriteConsoleW
GetTimeZoneInformation
ReadConsoleW
ReadFile
HeapSize
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetFileType
GetACP
GetCommandLineA
GetCommandLineW
GetCurrentThread
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
ReadEncryptedFileRaw
OpenProcessToken

wsock32

WSACleanup
gethostname
ioctlsocket
gethostbyaddr
WSAStartup

Sections

.text
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.9.3.3/x64/Doc/1023limit.png
.png
2.9.3.3/x64/Doc/Blog/blog.html
.js
2.9.3.3/x64/Doc/Blog/blog.png
.png
2.9.3.3/x64/Doc/Blog/deloreandelete.png
.png
2.9.3.3/x64/Doc/Blog/deloreandelete_sequence.png
.png
2.9.3.3/x64/Doc/Blog/lnbirthday.png
.png
2.9.3.3/x64/Doc/amazon.de.png
.png
2.9.3.3/x64/Doc/anchorpath.png
.png
2.9.3.3/x64/Doc/bitcoinlogo.png
.png
2.9.3.3/x64/Doc/bitcoinlseqr.png
.png
2.9.3.3/x64/Doc/delete.png
.png
2.9.3.3/x64/Doc/deletefollow.png
.png
2.9.3.3/x64/Doc/deloreanmerge.png
.png
2.9.3.3/x64/Doc/hardlinkcloneshowto.png
.png
2.9.3.3/x64/Doc/hardlinkclonessmart.png
.png
2.9.3.3/x64/Doc/junctionshowto.png
.png
2.9.3.3/x64/Doc/license.txt
2.9.3.3/x64/Doc/license_tre.txt
2.9.3.3/x64/Doc/license_uint128.txt
2.9.3.3/x64/Doc/license_ultragetop.txt
2.9.3.3/x64/Doc/ln.html
.js
2.9.3.3/x64/Doc/ln.png
.png
2.9.3.3/x64/Doc/mappednetworkdrive.png
.png
2.9.3.3/x64/Doc/mountpointssplice.png
.png
2.9.3.3/x64/Doc/multiplesource.png
.png
2.9.3.3/x64/Doc/nestedreparsepoints.png
.png
2.9.3.3/x64/Doc/ontheflydupemerge.png
.png
2.9.3.3/x64/Doc/outerjunctionscrop.png
.png
2.9.3.3/x64/Doc/outerjunctionssplice.png
.png
2.9.3.3/x64/Doc/outerjunctionsunroll.png
.png
2.9.3.3/x64/Doc/outerjunctionsunrollcircularity.png
.png
2.9.3.3/x64/Doc/outerjunctionsunrolldiskid.png
.png
2.9.3.3/x64/Doc/outerjunctionsunrollinner.png
.png
2.9.3.3/x64/Doc/outerjunctionsunrollinnernested.png
.png
2.9.3.3/x64/Doc/outerjunctionsunrollinnersymlink.png
.png
2.9.3.3/x64/Doc/outerjunctionsunrollmultitraverse.png
.png
2.9.3.3/x64/Doc/smartcopyhowto.png
.png
2.9.3.3/x64/Doc/smartmovehowto.png
.png
2.9.3.3/x64/Doc/symboliclinkhowto.png
.png
2.9.3.3/x64/Doc/symlinkssmart.png
.png
2.9.3.3/x64/Doc/zeiteisen.png
.png
2.9.3.3/x64/bat/DeLoreanCopy.bat
.bat .vbs
2.9.3.3/x64/bat/DeLoreanHanoi.bat
.bat .vbs
2.9.3.3/x64/bat/DeleteAllHardlinks.bat
.bat .vbs
2.9.3.3/x64/bat/QueryPath.cmd
2.9.3.3/x64/bat/dosdev.exe
.exe windows x86

0e0b737b9b62b409a5c81a4fde6b262e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
DefineDosDeviceA
QueryDosDeviceA
GetLastError
FormatMessageA
LocalFree

crtdll

printf
fflush
_iob
_amsg_exit
__GetMainArgs
exit
puts
fprintf

user32

CharToOemA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.9.3.3/x64/bat/vshadow.zip
.zip
2.9.3.3/x64/bat/vss-exec.cmd
.cmd .vbs
2.9.3.3/x64/bat/vss_drivecopy.cmd
.cmd .vbs
2.9.3.3/x64/bat/vss_raw.cmd
.cmd .vbs
2.9.3.3/x64/bat/vss_unc.cmd
.cmd .vbs
2.9.3.3/x64/ln.exe
.exe windows x64

aa68a780c66ffdbf85d05959def193ed

Code Sign

27:2b:d8:f7:7a:18:da:16:94:d4:00:6c:c1:11:74:8d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-10-2019 00:00

Not After

13-10-2022 23:59

Subject

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22-07-2020 15:33

Not After

29-12-2030 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

73:71:bc:02:5b:ce:d9:08:9f:fd:9d:61:d7:5d:d0:e6:53:92:5a:dc:7c:cf:4d:1d:e4:9c:87:4e:97:0b:fa:47
Signer

Actual PE Digest

73:71:bc:02:5b:ce:d9:08:9f:fd:9d:61:d7:5d:d0:e6:53:92:5a:dc:7c:cf:4d:1d:e4:9c:87:4e:97:0b:fa:47

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

09-02-2021 20:26
Valid: true

Chain 1

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netapi32

NetApiBufferFree
NetShareGetInfo

shlwapi

PathRelativePathToW
PathAddBackslashW
PathCanonicalizeW
PathCombineW
PathIsUNCW
PathIsRootW
PathFindFileNameW
PathFindNextComponentA
StrTrimW
PathSkipRootW
PathStripToRootW
PathRemoveFileSpecW
PathIsRelativeW

mpr

WNetGetUniversalNameW
WNetGetResourceInformationW

ntdll

NtQueryInformationFile
NtSetInformationFile
NtQueryDirectoryFile
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlVirtualUnwind
RtlLookupFunctionEntry
NtQueryEaFile
NtSetEaFile
NtQuerySecurityObject
NtSetSecurityObject
RtlCaptureContext

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetFullPathNameW
QueryDosDeviceW
FindFirstFileNameW
FindNextFileNameW
FindClose
GetLastError
GetFileAttributesW
WaitForSingleObject
GetLocalTime
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
Sleep
WaitForMultipleObjects
CloseHandle
WideCharToMultiByte
CopyFileW
CreateFileW
SetStdHandle
DeleteFileW
GetFileInformationByHandle
MoveFileW
GetVolumeInformationW
RemoveDirectoryW
GetVersionExW
SetLastError
GetSystemTimeAsFileTime
CreateSymbolicLinkW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CreateDirectoryW
DeviceIoControl
GetCurrentDirectoryW
GetDriveTypeW
GetVolumeNameForVolumeMountPointW
GetSystemInfo
CreateThread
GetFileAttributesExW
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentProcess
WriteFile
SetEvent
CreateEventW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
InitializeSListHead
GetFileSize
GetModuleHandleW
IsDebuggerPresent
CreateHardLinkW

advapi32

OpenProcessToken
ReadEncryptedFileRaw
OpenEncryptedFileRawW
WriteEncryptedFileRaw
CloseEncryptedFileRaw
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?global@locale@std@@SA?AV12@AEBV12@@Z
?_Xruntime_error@std@@YAXPEBD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

wsock32

WSACleanup
gethostname
WSAStartup
ioctlsocket
gethostbyaddr

vcruntime140

__CxxFrameHandler3
_purecall
__std_terminate
wcsstr
wcsrchr
strchr
__std_exception_destroy
__std_exception_copy
strstr
_CxxThrowException
memset
memcmp
memcpy
__C_specific_handler
memmove

api-ms-win-crt-string-l1-1-0

_strnicmp
wctype
wcstok
towupper
iswctype
towlower
wcsncpy
tolower
_towlower_l
strcpy_s
strncmp
_wcslwr_s
toupper
wcsncat_s
wcsncpy_s
_wcsicmp
wcsncmp
wcscat_s
_stricmp
wcscpy_s
islower

api-ms-win-crt-stdio-l1-1-0

fflush
fclose
_open_osfhandle
__stdio_common_vfprintf
_set_fmode
setvbuf
__stdio_common_vfwprintf
__p__commode
_wfopen
fgetws
__stdio_common_vswscanf
__stdio_common_vsprintf_s
__acrt_iob_func
_wfopen_s
__stdio_common_vswprintf_s

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_register_thread_local_exe_atexit_callback
_c_exit
exit
_cexit
terminate
__p___wargv
_invalid_parameter_noinfo_noreturn
_seh_filter_exe
_initterm_e
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
__p___argc
_exit

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
setlocale
_configthreadlocale
_get_current_locale

api-ms-win-crt-convert-l1-1-0

strtol
wcstombs_s
_wtoi
wcsrtombs

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-heap-l1-1-0

realloc
free
_set_new_mode
_callnewh
malloc
calloc

api-ms-win-crt-utility-l1-1-0

qsort

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.9.3.3/x64_static/Doc/1023limit.png
.png
2.9.3.3/x64_static/Doc/Blog/blog.html
.js
2.9.3.3/x64_static/Doc/Blog/blog.png
.png
2.9.3.3/x64_static/Doc/Blog/deloreandelete.png
.png
2.9.3.3/x64_static/Doc/Blog/deloreandelete_sequence.png
.png
2.9.3.3/x64_static/Doc/Blog/lnbirthday.png
.png
2.9.3.3/x64_static/Doc/amazon.de.png
.png
2.9.3.3/x64_static/Doc/anchorpath.png
.png
2.9.3.3/x64_static/Doc/bitcoinlogo.png
.png
2.9.3.3/x64_static/Doc/bitcoinlseqr.png
.png
2.9.3.3/x64_static/Doc/delete.png
.png
2.9.3.3/x64_static/Doc/deletefollow.png
.png
2.9.3.3/x64_static/Doc/deloreanmerge.png
.png
2.9.3.3/x64_static/Doc/hardlinkcloneshowto.png
.png
2.9.3.3/x64_static/Doc/hardlinkclonessmart.png
.png
2.9.3.3/x64_static/Doc/junctionshowto.png
.png
2.9.3.3/x64_static/Doc/license.txt
2.9.3.3/x64_static/Doc/license_tre.txt
2.9.3.3/x64_static/Doc/license_uint128.txt
2.9.3.3/x64_static/Doc/license_ultragetop.txt
2.9.3.3/x64_static/Doc/ln.html
.js
2.9.3.3/x64_static/Doc/ln.png
.png
2.9.3.3/x64_static/Doc/mappednetworkdrive.png
.png
2.9.3.3/x64_static/Doc/mountpointssplice.png
.png
2.9.3.3/x64_static/Doc/multiplesource.png
.png
2.9.3.3/x64_static/Doc/nestedreparsepoints.png
.png
2.9.3.3/x64_static/Doc/ontheflydupemerge.png
.png
2.9.3.3/x64_static/Doc/outerjunctionscrop.png
.png
2.9.3.3/x64_static/Doc/outerjunctionssplice.png
.png
2.9.3.3/x64_static/Doc/outerjunctionsunroll.png
.png
2.9.3.3/x64_static/Doc/outerjunctionsunrollcircularity.png
.png
2.9.3.3/x64_static/Doc/outerjunctionsunrolldiskid.png
.png
2.9.3.3/x64_static/Doc/outerjunctionsunrollinner.png
.png
2.9.3.3/x64_static/Doc/outerjunctionsunrollinnernested.png
.png
2.9.3.3/x64_static/Doc/outerjunctionsunrollinnersymlink.png
.png
2.9.3.3/x64_static/Doc/outerjunctionsunrollmultitraverse.png
.png
2.9.3.3/x64_static/Doc/smartcopyhowto.png
.png
2.9.3.3/x64_static/Doc/smartmovehowto.png
.png
2.9.3.3/x64_static/Doc/symboliclinkhowto.png
.png
2.9.3.3/x64_static/Doc/symlinkssmart.png
.png
2.9.3.3/x64_static/Doc/zeiteisen.png
.png
2.9.3.3/x64_static/bat/DeLoreanCopy.bat
.bat .vbs
2.9.3.3/x64_static/bat/DeLoreanHanoi.bat
.bat .vbs
2.9.3.3/x64_static/bat/DeleteAllHardlinks.bat
.bat .vbs
2.9.3.3/x64_static/bat/QueryPath.cmd
2.9.3.3/x64_static/bat/dosdev.exe
.exe windows x86

0e0b737b9b62b409a5c81a4fde6b262e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
DefineDosDeviceA
QueryDosDeviceA
GetLastError
FormatMessageA
LocalFree

crtdll

printf
fflush
_iob
_amsg_exit
__GetMainArgs
exit
puts
fprintf

user32

CharToOemA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.9.3.3/x64_static/bat/vshadow.zip
.zip
2.9.3.3/x64_static/bat/vss-exec.cmd
.cmd .vbs
2.9.3.3/x64_static/bat/vss_drivecopy.cmd
.cmd .vbs
2.9.3.3/x64_static/bat/vss_raw.cmd
.cmd .vbs
2.9.3.3/x64_static/bat/vss_unc.cmd
.cmd .vbs
2.9.3.3/x64_static/ln.exe
.exe windows x64

bc02103e5039eaf7d3e8e0373817fb4b

Code Sign

27:2b:d8:f7:7a:18:da:16:94:d4:00:6c:c1:11:74:8d
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

14-10-2019 00:00

Not After

13-10-2022 23:59

Subject

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24-12-1999 17:50

Not After

24-07-2029 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22-07-2015 19:02

Not After

22-06-2029 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22-07-2020 15:33

Not After

29-12-2030 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e2:98:ed:ba:62:c7:35:20:7d:f5:8a:05:31:cf:fb:c3:75:0f:ad:97:ef:01:11:1c:22:be:c4:ec:18:15:fc:fb
Signer

Actual PE Digest

e2:98:ed:ba:62:c7:35:20:7d:f5:8a:05:31:cf:fb:c3:75:0f:ad:97:ef:01:11:1c:22:be:c4:ec:18:15:fc:fb

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

09-02-2021 20:26
Valid: true

Chain 1

CN=schinagl.priv.at,O=schinagl.priv.at,POSTALCODE=8046,STREET=Sonnenhang 14,L=Graz,ST=Styria,C=AT

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

netapi32

NetApiBufferFree
NetShareGetInfo

shlwapi

PathCombineW
PathIsRelativeW
PathRelativePathToW
PathIsUNCW
PathAddBackslashW
PathFindFileNameW
PathRemoveFileSpecW
PathFindNextComponentA
PathStripToRootW
PathSkipRootW
StrTrimW
PathCanonicalizeW
PathIsRootW

mpr

WNetGetResourceInformationW
WNetGetUniversalNameW

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
NtSetSecurityObject
NtQuerySecurityObject
NtSetEaFile
NtQueryEaFile
NtQueryInformationFile
NtSetInformationFile
NtQueryDirectoryFile
NtOpenFile
RtlDosPathNameToNtPathName_U
RtlCaptureContext
RtlUnwind

kernel32

VirtualFree
VirtualProtect
VirtualAlloc
GetTimeZoneInformation
ReadConsoleW
ReadFile
GetFullPathNameW
QueryDosDeviceW
FindFirstFileNameW
FindNextFileNameW
FindClose
GetLastError
GetFileAttributesW
WaitForSingleObject
GetLocalTime
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
Sleep
WaitForMultipleObjects
CloseHandle
WideCharToMultiByte
CopyFileW
CreateFileW
SetStdHandle
DeleteFileW
GetFileInformationByHandle
MoveFileW
GetVolumeInformationW
RemoveDirectoryW
GetVersionExW
SetLastError
CreateHardLinkW
CreateSymbolicLinkW
SetFileAttributesW
FindFirstFileW
FindNextFileW
CreateDirectoryW
DeviceIoControl
GetCurrentDirectoryW
GetDriveTypeW
GetVolumeNameForVolumeMountPointW
GetSystemInfo
CreateThread
GetFileAttributesExW
SystemTimeToFileTime
FileTimeToSystemTime
GetCurrentProcess
WriteFile
SetEvent
CreateEventW
GetFileSizeEx
SetFilePointerEx
SetEndOfFile
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSize
GetModuleHandleW
LoadLibraryExW
GetModuleFileNameW
FreeLibrary
HeapSize
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
WriteConsoleW
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
SetThreadAffinityMask
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetModuleHandleA
GetEnvironmentStringsW
FindFirstFileExW
WaitForSingleObjectEx
HeapReAlloc
GetOEMCP
IsValidCodePage
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetFileType
GetACP
GetCommandLineA
GetCommandLineW
GetCurrentThread
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
ReadEncryptedFileRaw
OpenProcessToken

wsock32

gethostbyaddr
ioctlsocket
gethostname
WSAStartup
WSACleanup

Sections

.text
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e0b737b9b62b409a5c81a4fde6b262e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crtdll

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 64KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 512B - Virtual size: 322B

4efcbcd0f20b76eb5fe9c83f16c8fef4

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

netapi32

shlwapi

mpr

ntdll

user32

msvcp80

wsock32

advapi32

kernel32

version

psapi

Exports

Exports

Sections

.text Size: 331KB - Virtual size: 330KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 54KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

0e0b737b9b62b409a5c81a4fde6b262e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crtdll

user32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 64KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 512B - Virtual size: 322B

0021664c9a298da4fd505cff6d9605e2

Code Sign

27:2b:d8:f7:7a:18:da:16:94:d4:00:6c:c1:11:74:8dCertificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

38:63:de:f8Certificate

Key Usages

58:da:13:ff:00:00:00:00:51:ce:0d:f7Certificate

Extended Key Usages

Key Usages

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4Certificate

Extended Key Usages

Key Usages

6f:ed:65:57:ef:25:bc:70:f9:51:c5:eb:36:eb:c0:ac:f5:d0:64:b1:61:cb:98:f0:9f:b4:b5:95:e2:8b:78:77Signer

Signature Validations

Verification

09-02-2021 20:26 Valid: true

Chain 1

Headers

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 512B - Virtual size: 322B

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 54KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 512B - Virtual size: 322B

27:2b:d8:f7:7a:18:da:16:94:d4:00:6c:c1:11:74:8d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

6f:ed:65:57:ef:25:bc:70:f9:51:c5:eb:36:eb:c0:ac:f5:d0:64:b1:61:cb:98:f0:9f:b4:b5:95:e2:8b:78:77
Signer

09-02-2021 20:26
Valid: true

.text
Size: 230KB - Virtual size: 230KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 64KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 512B - Virtual size: 322B

27:2b:d8:f7:7a:18:da:16:94:d4:00:6c:c1:11:74:8d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

ba:7e:98:e1:dc:df:de:7d:78:3b:0f:63:33:4d:04:5e:01:66:6e:0c:e0:53:43:14:69:9f:07:38:04:8a:a8:86
Signer

09-02-2021 20:26
Valid: true