Extracted

• b95a764820e918f42b664f3c9a96141e2d7d7d228da0edf151617fabdd9166cf

  .dll windows x86

  b480b043ac6fe5c669471e52198584ea

  
  

  Code Sign

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01/01/2004, 00:00

  Not After

  31/12/2028, 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25/05/2021, 00:00

  Not After

  31/12/2028, 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01/08/2022, 00:00

  Not After

  09/11/2031, 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22/03/2021, 00:00

  Not After

  21/03/2036, 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  82:d2:24:32:3e:fa:65:06:0b:64:1f:51:fa:df:ef:02

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  07/10/2022, 00:00

  Not After

  07/10/2023, 23:59

  Subject

  CN=SAVAS INVESTMENTS PTY LTD,O=SAVAS INVESTMENTS PTY LTD,ST=Victoria,C=AU

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23/03/2022, 00:00

  Not After

  22/03/2037, 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21/09/2022, 00:00

  Not After

  21/11/2033, 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  06:b2:a3:32:04:a5:d0:c0:21:83:4f:d1:29:47:fd:4c:0c:4d:52:c7

  Signer

  Actual PE Digest

  06:b2:a3:32:04:a5:d0:c0:21:83:4f:d1:29:47:fd:4c:0c:4d:52:c7

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=SAVAS INVESTMENTS PTY LTD,O=SAVAS INVESTMENTS PTY LTD,ST=Victoria,C=AU

  03/11/2022, 14:40

  Valid: true

  Chain 1

  CN=SAVAS INVESTMENTS PTY LTD,O=SAVAS INVESTMENTS PTY LTD,ST=Victoria,C=AU

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CreateFileA

  DeleteFileA

  FindClose

  FindFirstChangeNotificationW

  FindFirstFileW

  GetFileSize

  GetShortPathNameW

  GetTempFileNameW

  ReadFile

  ReadFileEx

  FindFirstStreamW

  GetTempFileNameA

  OutputDebugStringW

  EncodeSystemPointer

  DecodeSystemPointer

  GetLastError

  FatalAppExitW

  HeapLock

  InitializeCriticalSectionEx

  InitOnceExecuteOnce

  InitOnceComplete

  WakeConditionVariable

  WaitForSingleObject

  CreateMutexA

  OpenEventW

  GetCurrentProcess

  GetCurrentProcessId

  CreateThread

  CreateProcessA

  GetProcessIdOfThread

  GetThreadContext

  OpenProcess

  GetThreadIOPendingFlag

  GetProcessShutdownParameters

  GetComputerNameExA

  VirtualAlloc

  VirtualFree

  AllocateUserPhysicalPagesNuma

  IsWow64Process

  DisableThreadLibraryCalls

  GetModuleHandleExW

  GetProcAddress

  LoadLibraryExA

  LocalFree

  ConvertThreadToFiberEx

  CreateFiber

  GlobalDeleteAtom

  RequestDeviceWakeup

  EraseTape

  WriteTapemark

  MulDiv

  lstrcpynA

  lstrcatA

  OpenFile

  OpenWaitableTimerA

  CreateWaitableTimerExA

  EnumResourceTypesA

  EnumResourceLanguagesA

  EndUpdateResourceW

  GetAtomNameW

  GetPrivateProfileSectionA

  WritePrivateProfileStructW

  DefineDosDeviceA

  GetEnvironmentVariableW

  CopyFileW

  GetNamedPipeServerSessionId

  UnregisterWait

  CreateBoundaryDescriptorA

  FindFirstVolumeMountPointA

  CreateSymbolicLinkTransactedA

  GetTimeFormatEx

  MultiByteToWideChar

  GetACP

  GetCalendarInfoW

  IsDBCSLeadByteEx

  IsNLSDefinedString

  GetSystemDefaultLangID

  EnumSystemLocalesW

  EnumSystemLanguageGroupsW

  GetCalendarInfoEx

  WriteConsoleOutputW

  GetCurrentConsoleFontEx

  FreeConsole

  ReadConsoleInputW

  GetConsoleAliasesLengthW

  WriteFile

  OutputDebugStringA

  VerSetConditionMask

  FindFirstFileA

  GetSystemInfo

  GetVersionExA

  GetModuleHandleA

  GetModuleHandleW

  VerifyVersionInfoW

  GlobalFree

  Process32First

  Process32Next

  CreateProcessW

  Wow64DisableWow64FsRedirection

  Wow64RevertWow64FsRedirection

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  DecodePointer

  CreateFileW

  WriteConsoleW

  SetFilePointerEx

  HeapReAlloc

  HeapSize

  SetStdHandle

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  GetStringTypeW

  GetProcessHeap

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetCommandLineW

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  GetEnvironmentStrings

  lstrlenA

  lstrcpyA

  GlobalAlloc

  Process32NextW

  Process32FirstW

  CreateToolhelp32Snapshot

  lstrlenW

  lstrcatW

  lstrcpyW

  lstrcmpW

  LoadLibraryA

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  ExitProcess

  Sleep

  DeleteFileTransactedA

  CloseHandle

  FindNextFileA

  FindFirstFileExA

  DeleteFileW

  GetFileType

  GetStdHandle

  LCMapStringW

  GetStartupInfoW

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  IsDebuggerPresent

  IsProcessorFeaturePresent

  HeapAlloc

  HeapFree

  WideCharToMultiByte

  GetModuleFileNameA

  LoadLibraryExW

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  EncodePointer

  SetLastError

  InterlockedFlushSList

  RtlUnwind

  RaiseException

  TerminateProcess

  user32

  PostMessageA

  IsWindowVisible

  GetClipboardData

  GetFocus

  MapVirtualKeyA

  KillTimer

  SendMessageA

  RemoveMenu

  GetUpdateRect

  wsprintfA

  FindWindowA

  GetTopWindow

  GetWindow

  GetMessageTime

  TranslateAcceleratorA

  DispatchMessageA

  CharUpperA

  GetSystemMetrics

  GetDC

  ReleaseDC

  FindWindowW

  CharUpperBuffW

  UnhookWindowsHook

  wsprintfW

  WindowFromPoint

  gdi32

  SetStretchBltMode

  StretchBlt

  SelectObject

  GetDIBits

  DeleteObject

  DeleteDC

  CreateCompatibleDC

  CreateCompatibleBitmap

  PolyPolygon

  GetCharWidthA

  CreateBitmapIndirect

  CopyMetaFileA

  GetObjectA

  advapi32

  RegCreateKeyExW

  GetUserNameW

  RegUnLoadKeyW

  shell32

  SHGetSpecialFolderPathW

  ShellExecuteW

  ShellExecuteA

  SHGetSpecialFolderPathA

  ole32

  CoCreateGuid

  CoInitialize

  CoCreateInstance

  CoInitializeSecurity

  CoInitializeEx

  CoUninitialize

  oleaut32

  VariantClear

  VariantInit

  SysAllocString

  SysFreeString

  shlwapi

  StrChrA

  StrStrA

  ws2_32

  WSAStartup

  WSACleanup

  gethostbyname

  socket

  send

  recv

  htons

  closesocket

  connect

  gdiplus

  GdipDisposeImage

  GdipSaveImageToFile

  GdipGetImageEncodersSize

  GdipGetImageEncoders

  GdipCloneImage

  GdipAlloc

  GdipFree

  GdiplusStartup

  GdipLoadImageFromFile

  netapi32

  NetApiBufferFree

  NetWkstaGetInfo

  Exports

  Exports

  ChkdskExs

  Sections

  .text

  Size: 299KB - Virtual size: 299KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 36KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 288B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 31KB - Virtual size: 31KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 24KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ