General

Malware Config

Signatures

Files

• Redline.Stealer.08.11.2022.zip

  .zip
• Kirame.Builder/Kirame.Builder.exe

  .exe windows x86

  726a22f55cf9e91b15fd25cd9f82556f

  
  

  Code Sign

  01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  19-09-2018 00:00

  Not After

  28-01-2028 12:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  15-06-2016 00:00

  Not After

  15-06-2024 00:00

  Subject

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  3c:6a:86:79:f7:b3:fa:a3:ab:61:e2:13

  Certificate

  Issuer

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  10-07-2019 06:15

  Not After

  10-10-2022 06:15

  Subject

  SERIALNUMBER=1089847274439,CN=Initeks\, OOO,O=Initeks\, OOO,STREET=Prospect Komendantsky\, 51/1\, office 300,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  23-12-2017 00:00

  Not After

  22-03-2029 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:a2:4e:28:3b:2d:e6:7d:5f:21:b2:d5:1f:ce:63:7f:e1:4e:c2:44:87:64:de:d5:db:59:b6:98:eb:d8:fc:90

  Signer

  Actual PE Digest

  04:a2:4e:28:3b:2d:e6:7d:5f:21:b2:d5:1f:ce:63:7f:e1:4e:c2:44:87:64:de:d5:db:59:b6:98:eb:d8:fc:90

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  SERIALNUMBER=1089847274439,CN=Initeks\, OOO,O=Initeks\, OOO,STREET=Prospect Komendantsky\, 51/1\, office 300,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  01-11-2021 19:14

  Valid: true

  Chain 1

  SERIALNUMBER=1089847274439,CN=Initeks\, OOO,O=Initeks\, OOO,STREET=Prospect Komendantsky\, 51/1\, office 300,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Chain 2

  SERIALNUMBER=1089847274439,CN=Initeks\, OOO,O=Initeks\, OOO,STREET=Prospect Komendantsky\, 51/1\, office 300,L=Saint Petersburg,ST=Saint Petersburg,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13105361696e742050657465727362757267,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  CreateSemaphoreW

  CreateThread

  DeleteCriticalSection

  EnterCriticalSection

  FreeLibrary

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetLastError

  GetModuleHandleA

  GetModuleHandleW

  GetProcAddress

  GetStartupInfoA

  GetSystemTimeAsFileTime

  GetTickCount

  InitializeCriticalSection

  IsDBCSLeadByteEx

  LeaveCriticalSection

  LoadLibraryA

  MultiByteToWideChar

  QueryPerformanceCounter

  ReleaseSemaphore

  SetLastError

  SetUnhandledExceptionFilter

  Sleep

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  VirtualProtect

  VirtualQuery

  WaitForSingleObject

  WideCharToMultiByte

  msvcrt

  ___mb_cur_max_func

  __doserrno

  __getmainargs

  __initenv

  __lconv_init

  __p__acmdln

  __p__fmode

  __pioinfo

  __set_app_type

  __setusermatherr

  _amsg_exit

  _cexit

  _errno

  _fdopen

  _filelengthi64

  _fileno

  _fileno

  _fmode

  _fpreset

  _fstat64

  _initterm

  _iob

  _lock

  _lseeki64

  _onexit

  _read

  _strnicmp

  _unlock

  _write

  _write

  abort

  atoi

  calloc

  exit

  fclose

  fflush

  fgetpos

  fopen

  fprintf

  fputc

  fputs

  fread

  free

  fsetpos

  fwrite

  getc

  getwc

  isspace

  iswctype

  localeconv

  malloc

  memchr

  memcmp

  memcpy

  memmove

  memset

  putc

  putwc

  realloc

  setlocale

  setvbuf

  signal

  sprintf

  strchr

  strcmp

  strcoll

  strerror

  strftime

  strlen

  strncmp

  strtoul

  strxfrm

  towlower

  towupper

  ungetc

  ungetwc

  vfprintf

  wcscoll

  wcsftime

  wcslen

  wcsxfrm

  Sections

  .text

  Size: 667KB - Virtual size: 667KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 124KB - Virtual size: 124KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 46KB - Virtual size: 46KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  /4

  Size: 238KB - Virtual size: 237KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .bss

  Size: - Virtual size: 3KB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .CRT

  Size: 512B - Virtual size: 52B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: 512B - Virtual size: 8B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  /14

  Size: 512B - Virtual size: 272B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /29

  Size: 161KB - Virtual size: 160KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /41

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /55

  Size: 26KB - Virtual size: 25KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /67

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /80

  Size: 1024B - Virtual size: 580B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /91

  Size: 45KB - Virtual size: 44KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  /102

  Size: 5KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Kirame.Builder/Kirame.Builder.exe.config
• Kirame.Builder/Kirame.Builder.pdb
• Kirame.Builder/Mono.Cecil.Mdb.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 40KB - Virtual size: 39KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 864B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Kirame.Builder/Mono.Cecil.Mdb.pdb
• Kirame.Builder/Mono.Cecil.Pdb.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 85KB - Virtual size: 85KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 864B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Kirame.Builder/Mono.Cecil.Pdb.pdb
• Kirame.Builder/Mono.Cecil.Rocks.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 25KB - Virtual size: 24KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 876B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Kirame.Builder/Mono.Cecil.Rocks.pdb
• Kirame.Builder/Mono.Cecil.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 348KB - Virtual size: 347KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 840B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Kirame.Builder/Mono.Cecil.pdb
• Kirame.Host/Kirame.Host.config
• Kirame.Host/Kirame.Host.exe

  .exe windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 1.5MB - Virtual size: 1.5MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 85KB - Virtual size: 85KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Kirame.Host/Kirame.WCF.dll.config
• Kirame.Host/Kirame.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 121KB - Virtual size: 120KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 900B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Kirame.Loader/Kirame.Loader.exe

  .exe windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 777KB - Virtual size: 776KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Kirame.Loader/Kirame.Loader.exe.config

  .xml
• Panel/RedLine20_22/Panel/Panel.exe

  .exe windows x64

  ff0093a37f82601d29534d94095923e9

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  SetEnvironmentVariableA

  lstrcmpiW

  SetLastError

  HeapFree

  GetProcessHeap

  HeapReAlloc

  HeapAlloc

  InitializeCriticalSection

  DeleteCriticalSection

  GetUserDefaultUILanguage

  FindResourceExA

  CompareStringW

  GetCurrentProcessId

  CloseHandle

  SetEvent

  GetLastError

  WaitForSingleObject

  CompareStringA

  lstrcpyW

  GetSystemTimeAsFileTime

  FindFirstFileW

  FindClose

  lstrcatW

  FormatMessageA

  WriteFile

  SetFileTime

  GetModuleFileNameW

  ReadFile

  CreateFileA

  IsBadReadPtr

  CreateEventA

  GetModuleFileNameA

  SetFilePointer

  GetCurrentProcess

  GetWindowsDirectoryA

  GetVolumeInformationA

  FlushInstructionCache

  WriteConsoleW

  GetConsoleOutputCP

  WriteConsoleA

  FlushFileBuffers

  SetStdHandle

  IsBadWritePtr

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  LCMapStringA

  QueryPerformanceCounter

  GetCommandLineW

  GetCommandLineA

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  GetEnvironmentStrings

  FreeEnvironmentStringsA

  GetConsoleMode

  GetConsoleCP

  GetStartupInfoA

  GetFileType

  SetHandleCount

  GetTimeZoneInformation

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  RtlVirtualUnwind

  HeapCreate

  HeapSetInformation

  GetStdHandle

  FlsAlloc

  TlsSetValue

  GetCurrentThreadId

  FlsFree

  TlsFree

  FlsSetValue

  FlsGetValue

  RtlUnwindEx

  RtlLookupFunctionEntry

  RtlPcToFileHeader

  GetStartupInfoW

  RtlCaptureContext

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TerminateProcess

  GetSystemInfo

  VirtualAlloc

  CreateThread

  ResumeThread

  ExitThread

  GetThreadLocale

  GetLocaleInfoA

  GetACP

  HeapSize

  HeapDestroy

  GetVersionExA

  RaiseException

  VirtualProtect

  VirtualQuery

  lstrcmpiA

  Sleep

  FreeLibrary

  GetTickCount

  SetEnvironmentVariableW

  WideCharToMultiByte

  GetModuleHandleA

  lstrlenW

  lstrcmpA

  MultiByteToWideChar

  ExitProcess

  LoadLibraryA

  GetProcAddress

  LeaveCriticalSection

  EnterCriticalSection

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  LockResource

  LoadResource

  SizeofResource

  FindResourceA

  lstrcpyA

  lstrlenA

  user32

  UnregisterClassA

  TranslateMessage

  DrawIcon

  DispatchMessageA

  LoadIconA

  CreateDialogIndirectParamA

  SetTimer

  EndPaint

  KillTimer

  DestroyWindow

  EndDialog

  GetDC

  FillRect

  GetClientRect

  ReleaseDC

  SetClassLongA

  PtInRect

  GetWindowRect

  SetCursor

  GetWindowLongA

  LoadCursorA

  GetSystemMetrics

  SetWindowLongA

  GetParent

  GetCursorPos

  GetDesktopWindow

  LoadStringA

  GetMessageA

  MapWindowPoints

  SetWindowPos

  SendMessageA

  SetForegroundWindow

  ReleaseCapture

  PostMessageA

  EnableWindow

  GetActiveWindow

  UpdateWindow

  AdjustWindowRectEx

  SetWindowLongPtrA

  CreateWindowExA

  RegisterClassExA

  OffsetRect

  DefWindowProcA

  LoadImageA

  ShowWindow

  ScreenToClient

  TranslateAcceleratorA

  SetFocus

  GetWindowTextLengthA

  DrawFocusRect

  SetWindowTextA

  DrawTextA

  GetWindowTextA

  SetCapture

  DrawEdge

  InvalidateRect

  GetClassNameA

  GetWindowLongPtrA

  CallWindowProcA

  PostQuitMessage

  TrackMouseEvent

  SetActiveWindow

  IsDialogMessageA

  MessageBoxA

  wsprintfA

  BeginPaint

  gdi32

  GetObjectA

  SelectObject

  GetDIBColorTable

  StretchBlt

  DeleteObject

  CreateDIBSection

  TextOutA

  CreateCompatibleBitmap

  SetBkMode

  GetStockObject

  SetTextColor

  SetDIBColorTable

  CreateFontIndirectA

  CreateSolidBrush

  CreateCompatibleDC

  LineTo

  DeleteDC

  MoveToEx

  CreatePen

  GetTextExtentPointA

  BitBlt

  advapi32

  RegDeleteValueA

  RegCreateKeyExA

  RegCloseKey

  RegSetValueExA

  RegQueryValueExA

  ole32

  CoCreateInstance

  CoInitializeEx

  CreateStreamOnHGlobal

  CoSetProxyBlanket

  oleaut32

  GetErrorInfo

  VariantTimeToSystemTime

  SystemTimeToVariantTime

  SysStringLen

  SafeArrayDestroy

  SysAllocString

  SysFreeString

  SafeArrayCreateVector

  SafeArrayAccessData

  SafeArrayUnaccessData

  SysAllocStringLen

  VariantInit

  VariantClear

  SafeArrayGetUBound

  SafeArrayGetLBound

  SafeArrayGetElement

  shlwapi

  StrRChrW

  gdiplus

  GdiplusStartup

  GdipFree

  GdipCreateBitmapFromScan0

  GdipCreateBitmapFromStream

  GdipGetImagePalette

  GdipDeleteGraphics

  GdipAlloc

  GdipDisposeImage

  GdipGetImagePixelFormat

  GdipGetImageHeight

  GdipGetImageGraphicsContext

  GdipCloneImage

  GdipBitmapUnlockBits

  GdipBitmapLockBits

  GdiplusShutdown

  GdipDrawImageI

  GdipGetImagePaletteSize

  GdipGetImageWidth

  msimg32

  TransparentBlt

  AlphaBlend

  iphlpapi

  GetAdaptersInfo

  version

  VerQueryValueA

  GetFileVersionInfoA

  GetFileVersionInfoSizeA

  Sections

  .text

  Size: 423KB - Virtual size: 422KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 168KB - Virtual size: 168KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1.7MB - Virtual size: 1.7MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 24KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .vmp0

  Size: 3.2MB - Virtual size: 3.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 3.8MB - Virtual size: 3.8MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Panel/RedLine20_22/Panel/Panel.exe.config
• Panel/RedLine20_22/Panel/chromeBrowsers.txt
• Panel/RedLine20_22/Panel/geckoBrowsers.txt
• Panel/RedLine20_22/Tools/Chrome.exe

  .exe windows x86

  0ffb0c1b03081ee555711ca0c1201c9d

  
  

  Code Sign

  47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e

  Certificate

  Issuer

  CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  14:f8:fd:d1:67:f9:24:02:b1:57:0b:5d:c4:95:c8:15

  Certificate

  Issuer

  CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

  Not Before

  29-11-2016 00:00

  Not After

  21-11-2019 23:59

  Subject

  CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66

  Certificate

  Issuer

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2014 00:00

  Not After

  22-10-2024 00:00

  Subject

  CN=DigiCert Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  10-11-2006 00:00

  Not After

  10-11-2021 00:00

  Subject

  CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageEmailProtection

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  01

  Certificate

  Issuer

  CN=Unknown issuer

  Not Before

  01-01-2013 10:00

  Not After

  01-04-2013 10:00

  Subject

  CN=Dummy certificate

  Extended Key Usages

  Key Usages

  KeyUsageCertSign

  0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2f

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-11-2018 00:00

  Not After

  17-11-2021 12:00

  Subject

  CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  22-10-2013 12:00

  Not After

  22-10-2028 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41

  Certificate

  Issuer

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  04-01-2017 00:00

  Not After

  18-01-2028 00:00

  Subject

  CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  07-01-2016 12:00

  Not After

  07-01-2031 12:00

  Subject

  CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  a1:22:2a:27:33:34:02:ba:14:55:24:64:ab:8b:8c:4c:a6:63:00:97:b7:c7:12:a3:e6:9f:ff:78:0a:6b:54:bd

  Signer

  Actual PE Digest

  a1:22:2a:27:33:34:02:ba:14:55:24:64:ab:8b:8c:4c:a6:63:00:97:b7:c7:12:a3:e6:9f:ff:78:0a:6b:54:bd

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

  06-05-2019 23:34

  Valid: true

  Chain 1

  CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

  CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  de:c9:1f:ac:a1:0c:4b:be:20:88:a0:3e:0e:d2:66:30:72:52:13:16

  Signer

  Actual PE Digest

  de:c9:1f:ac:a1:0c:4b:be:20:88:a0:3e:0e:d2:66:30:72:52:13:16

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Google Inc,O=Google Inc,L=Mountain View,ST=California,C=US

  06-05-2019 23:34

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  QueryPerformanceCounter

  GetCurrentProcessId

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  GetModuleHandleW

  GetCurrentProcess

  TerminateProcess

  RtlUnwind

  GetLastError

  SetLastError

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  RaiseException

  GetStdHandle

  WriteFile

  GetModuleFileNameW

  GetModuleFileNameA

  MultiByteToWideChar

  WideCharToMultiByte

  ExitProcess

  GetModuleHandleExW

  GetACP

  OutputDebugStringW

  CloseHandle

  HeapAlloc

  HeapFree

  FindClose

  FindFirstFileExA

  FindNextFileA

  IsValidCodePage

  GetOEMCP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  LCMapStringW

  SetStdHandle

  GetFileType

  GetStringTypeW

  GetProcessHeap

  HeapSize

  HeapReAlloc

  FlushFileBuffers

  GetConsoleCP

  GetConsoleMode

  SetFilePointerEx

  WriteConsoleW

  DecodePointer

  CreateFileW

  GetExitCodeProcess

  CreateProcessW

  WaitForSingleObject

  SetFilePointer

  CreateDirectoryW

  SizeofResource

  RemoveDirectoryW

  GetTempPathW

  FormatMessageW

  LockResource

  DeleteFileW

  FindResourceExW

  LoadResource

  FindResourceW

  HeapDestroy

  LocalFree

  VerSetConditionMask

  CopyFileW

  VerifyVersionInfoW

  GetTempFileNameW

  lstrcmpiW

  UnmapViewOfFile

  CreateFileMappingW

  MapViewOfFile

  VirtualQuery

  ReadFile

  shlwapi

  PathQuoteSpacesW

  PathAppendW

  ole32

  CoUninitialize

  CoInitializeEx

  shell32

  SHGetFolderPathW

  ord680

  user32

  MessageBoxW

  CharLowerBuffW

  Sections

  .text

  Size: 81KB - Virtual size: 80KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 27KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 985KB - Virtual size: 985KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Panel/RedLine20_22/Tools/NetFramework48.exe

  .exe windows x86

  9b2f6a441f9ff8df98ae6e9e6b5d4271

  
  

  Code Sign

  33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12-07-2018 20:11

  Not After

  26-07-2019 20:11

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  33:00:00:00:f8:97:e7:60:fb:03:a3:90:c1:00:00:00:00:00:f8

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  23-08-2018 20:20

  Not After

  23-11-2019 20:20

  Subject

  CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12-07-2018 20:08

  Not After

  26-07-2019 20:08

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  d0:c4:14:71:51:60:46:e6:05:3a:14:69:74:84:56:eb:85:52:ba:7d:9a:70:b1:7c:1c:b8:b6:77:ee:73:0a:4d

  Signer

  Actual PE Digest

  d0:c4:14:71:51:60:46:e6:05:3a:14:69:74:84:56:eb:85:52:ba:7d:9a:70:b1:7c:1c:b8:b6:77:ee:73:0a:4d

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  01-12-2022 14:35

  Valid: false

  f0:3e:80:e5:63:5b:c3:18:22:45:35:62:7c:4b:b2:90:ef:bb:7a:ba

  Signer

  Actual PE Digest

  f0:3e:80:e5:63:5b:c3:18:22:45:35:62:7c:4b:b2:90:ef:bb:7a:ba

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  28-03-2019 13:45

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  CreateWellKnownSid

  InitializeSecurityDescriptor

  SetEntriesInAclW

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  CryptAcquireContextW

  CryptGenRandom

  CryptReleaseContext

  DecryptFileW

  kernel32

  GetTickCount

  SetEnvironmentVariableW

  GetLastError

  ExpandEnvironmentStringsW

  CreateProcessW

  Sleep

  WaitForSingleObject

  GetExitCodeProcess

  CloseHandle

  SetFileAttributesW

  InitializeCriticalSection

  CreateEventW

  GetEnvironmentVariableW

  DeleteCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  SetEvent

  GetCommandLineW

  lstrlenW

  CompareStringW

  LocalFree

  CreateDirectoryW

  QueryDosDeviceW

  GetLogicalDriveStringsW

  GetDiskFreeSpaceExW

  GetDriveTypeW

  CreateFileW

  DeviceIoControl

  SetErrorMode

  RemoveDirectoryW

  MoveFileExW

  GetProcAddress

  GetSystemDirectoryW

  LoadLibraryW

  GetModuleHandleW

  CreateThread

  LocalAlloc

  RaiseException

  ExitThread

  WaitForMultipleObjects

  ResetEvent

  CreateEventA

  GetSystemInfo

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  FileTimeToDosDateTime

  GetModuleHandleA

  GetVersionExA

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  SetEndOfFile

  DuplicateHandle

  ReadFile

  SetFilePointerEx

  GlobalFree

  GetCommandLineA

  HeapSetInformation

  GetStartupInfoW

  SetUnhandledExceptionFilter

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameW

  GetModuleFileNameA

  FreeEnvironmentStringsW

  WideCharToMultiByte

  GetEnvironmentStringsW

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetFileType

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  HeapCreate

  QueryPerformanceCounter

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  HeapFree

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapAlloc

  LCMapStringW

  FreeLibrary

  InterlockedExchange

  RtlUnwind

  SetFilePointer

  GetConsoleCP

  GetConsoleMode

  MultiByteToWideChar

  GetStringTypeW

  HeapSize

  HeapReAlloc

  IsProcessorFeaturePresent

  SetStdHandle

  WriteConsoleW

  FlushFileBuffers

  CreateFileA

  GetLocalTime

  GetComputerNameW

  lstrlenA

  FormatMessageW

  GetSystemTime

  GetTimeZoneInformation

  SystemTimeToTzSpecificLocalTime

  DeleteFileW

  GetFileAttributesW

  FindFirstFileW

  FindNextFileW

  FindClose

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetProcessHeap

  GlobalAlloc

  LoadLibraryA

  comctl32

  ord17

  rpcrt4

  UuidToStringW

  UuidCreate

  RpcStringFreeW

  shell32

  CommandLineToArgvW

  SHBrowseForFolderW

  SHGetPathFromIDListW

  shlwapi

  PathRemoveExtensionW

  user32

  MessageBoxW

  GetTopWindow

  GetWindowThreadProcessId

  GetWindow

  SendMessageW

  PostMessageW

  DialogBoxParamW

  GetDlgItem

  SetWindowTextW

  EndDialog

  PostQuitMessage

  LoadStringW

  SetWindowLongW

  GetWindowLongW

  CharUpperW

  oleaut32

  SysAllocString

  VariantClear

  Exports

  Exports

  ?dwPlaceholder@@3PAEA

  _DecodePointerInternal@4

  _EncodePointerInternal@4

  Sections

  .text

  Size: 156KB - Virtual size: 156KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 5KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .boxld01

  Size: 512B - Virtual size: 182B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 8KB - Virtual size: 7KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Panel/RedLine20_22/Tools/WinRar.exe

  .exe windows x64

  629fae0a56e3262e208711dda6ae6b1d

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-06-2017 00:00

  Not After

  01-06-2020 23:59

  Subject

  CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09-05-2013 00:00

  Not After

  08-05-2028 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  52:9e:3f:9f:cf:7d:58:d5:20:d6:07:ab:74:39:50:02

  Certificate

  Issuer

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  02-06-2017 00:00

  Not After

  01-06-2020 23:59

  Subject

  CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  27:66:ee:56:eb:49:f3:8e:ab:d7:70:a2:fc:84:de:22

  Certificate

  Issuer

  CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

  Not Before

  30-05-2000 10:48

  Not After

  30-05-2020 10:48

  Subject

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af

  Certificate

  Issuer

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  09-05-2013 00:00

  Not After

  08-05-2028 23:59

  Subject

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12

  Certificate

  Issuer

  CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  12-01-2016 00:00

  Not After

  11-01-2031 23:59

  Subject

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12

  Certificate

  Issuer

  CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  23-12-2017 00:00

  Not After

  22-03-2029 23:59

  Subject

  CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  ca:05:77:9a:83:94:f1:c2:84:3b:d1:35:92:02:9e:08:73:69:34:94:e8:62:49:32:6d:ca:10:c8:55:9e:d9:9b

  Signer

  Actual PE Digest

  ca:05:77:9a:83:94:f1:c2:84:3b:d1:35:92:02:9e:08:73:69:34:94:e8:62:49:32:6d:ca:10:c8:55:9e:d9:9b

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

  01-03-2019 08:23

  Valid: true

  Chain 1

  CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  ed:14:78:6d:47:d9:55:27:5a:d1:dd:f1:22:3e:ed:fc:47:98:f7:f9

  Signer

  Actual PE Digest

  ed:14:78:6d:47:d9:55:27:5a:d1:dd:f1:22:3e:ed:fc:47:98:f7:f9

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

  01-03-2019 08:23

  Valid: true

  Chain 1

  CN=win.rar GmbH,O=win.rar GmbH,POSTALCODE=10117,STREET=Marienstrasse 12,L=Berlin,ST=Berlin,C=DE

  CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  kernel32

  GetLastError

  SetLastError

  GetCurrentProcess

  DeviceIoControl

  SetFileTime

  CloseHandle

  CreateDirectoryW

  RemoveDirectoryW

  CreateFileW

  DeleteFileW

  CreateHardLinkW

  GetShortPathNameW

  GetLongPathNameW

  MoveFileW

  GetFileType

  GetStdHandle

  WriteFile

  ReadFile

  FlushFileBuffers

  SetEndOfFile

  SetFilePointer

  SetFileAttributesW

  GetFileAttributesW

  FindClose

  FindFirstFileW

  FindNextFileW

  GetVersionExW

  GetCurrentDirectoryW

  GetFullPathNameW

  FoldStringW

  GetModuleFileNameW

  GetModuleHandleW

  FindResourceW

  FreeLibrary

  GetProcAddress

  GetCurrentProcessId

  ExitProcess

  SetThreadExecutionState

  Sleep

  LoadLibraryW

  GetSystemDirectoryW

  CompareStringW

  AllocConsole

  FreeConsole

  AttachConsole

  WriteConsoleW

  GetProcessAffinityMask

  CreateThread

  SetThreadPriority

  InitializeCriticalSection

  EnterCriticalSection

  LeaveCriticalSection

  DeleteCriticalSection

  SetEvent

  ResetEvent

  ReleaseSemaphore

  WaitForSingleObject

  CreateEventW

  CreateSemaphoreW

  GetSystemTime

  SystemTimeToTzSpecificLocalTime

  TzSpecificLocalTimeToSystemTime

  SystemTimeToFileTime

  FileTimeToLocalFileTime

  LocalFileTimeToFileTime

  FileTimeToSystemTime

  GetCPInfo

  IsDBCSLeadByte

  MultiByteToWideChar

  WideCharToMultiByte

  GlobalAlloc

  GetTickCount

  LockResource

  GlobalLock

  GlobalUnlock

  GlobalFree

  LoadResource

  SizeofResource

  SetCurrentDirectoryW

  GetExitCodeProcess

  GetLocalTime

  MapViewOfFile

  UnmapViewOfFile

  CreateFileMappingW

  OpenFileMappingW

  GetCommandLineW

  SetEnvironmentVariableW

  ExpandEnvironmentStringsW

  GetTempPathW

  MoveFileExW

  GetLocaleInfoW

  GetTimeFormatW

  GetDateFormatW

  GetNumberFormatW

  SetFilePointerEx

  GetConsoleMode

  GetConsoleCP

  HeapSize

  SetStdHandle

  GetProcessHeap

  FreeEnvironmentStringsW

  RaiseException

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  LoadLibraryExA

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  RtlPcToFileHeader

  EncodePointer

  RtlUnwindEx

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  LoadLibraryExW

  QueryPerformanceFrequency

  TerminateProcess

  GetModuleHandleExW

  GetModuleFileNameA

  GetACP

  HeapFree

  HeapAlloc

  HeapReAlloc

  GetStringTypeW

  LCMapStringW

  FindFirstFileExA

  FindNextFileA

  IsValidCodePage

  GetOEMCP

  GetCommandLineA

  GetEnvironmentStringsW

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipCreateHBITMAPFromBitmap

  GdipCreateBitmapFromStream

  GdipDisposeImage

  GdipCloneImage

  GdipFree

  GdipAlloc

  Sections

  .text

  Size: 203KB - Virtual size: 203KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 61KB - Virtual size: 60KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 136KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 10KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .gfids

  Size: 512B - Virtual size: 208B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 152KB - Virtual size: 156KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ