Extracted

• 7c79ec3f5c1a280ffdf19d0000b4bfe458a3b9380c152c1e130a89de3fe04b63

  .dll windows x86

  6892462e4be60a2c233d035994f83a1f

  
  

  Code Sign

  01

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  01/01/2004, 00:00

  Not After

  31/12/2028, 23:59

  Subject

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16

  Certificate

  Issuer

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Not Before

  25/05/2021, 00:00

  Not After

  31/12/2028, 23:59

  Subject

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01/08/2022, 00:00

  Not After

  09/11/2031, 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a

  Certificate

  Issuer

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  Not Before

  22/03/2021, 00:00

  Not After

  21/03/2036, 23:59

  Subject

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  7d:27:33:2c:3c:b3:a3:82:a4:fd:23:2c:5c:66:a2

  Certificate

  Issuer

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  Not Before

  17/06/2022, 00:00

  Not After

  17/06/2023, 23:59

  Subject

  CN=MALVINA RECRUITMENT LIMITED,O=MALVINA RECRUITMENT LIMITED,ST=London,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23/03/2022, 00:00

  Not After

  22/03/2037, 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  29/03/2022, 00:00

  Not After

  14/03/2033, 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  af:66:08:4f:b8:f2:84:aa:74:4b:03:68:2d:22:ae:cd:63:60:1e:62

  Signer

  Actual PE Digest

  af:66:08:4f:b8:f2:84:aa:74:4b:03:68:2d:22:ae:cd:63:60:1e:62

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=MALVINA RECRUITMENT LIMITED,O=MALVINA RECRUITMENT LIMITED,ST=London,C=GB

  12/09/2022, 15:17

  Valid: true

  Chain 1

  CN=MALVINA RECRUITMENT LIMITED,O=MALVINA RECRUITMENT LIMITED,ST=London,C=GB

  CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

  CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

  CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  lstrcpyA

  GetNumaHighestNodeNumber

  ReadFile

  CreateTimerQueueTimer

  EraseTape

  IsDBCSLeadByteEx

  GetCurrentProcess

  WriteConsoleA

  RegisterWaitForSingleObject

  GetModuleHandleExW

  GetShortPathNameW

  OutputDebugStringA

  VirtualAlloc

  GetFinalPathNameByHandleW

  GetDriveTypeA

  CreateJobObjectW

  CompareStringOrdinal

  LockFile

  GetThreadPreferredUILanguages

  DeleteAtom

  AllocateUserPhysicalPages

  EnumLanguageGroupLocalesA

  GetEnvironmentVariableW

  GetTempPathW

  IsBadHugeReadPtr

  CreateMutexA

  WaitForSingleObject

  CreateFileW

  GetUserPreferredUILanguages

  DuplicateHandle

  lstrcatA

  GetACP

  OpenProcess

  ReadConsoleOutputCharacterA

  MultiByteToWideChar

  CancelSynchronousIo

  GetNumberFormatA

  CompareStringA

  CopyFileA

  GetLastError

  UpdateProcThreadAttribute

  GetConsoleProcessList

  OutputDebugStringW

  CreateFileA

  GetSystemFileCacheSize

  DisableThreadLibraryCalls

  GetMailslotInfo

  GetCommState

  GlobalFlags

  DeleteFileA

  DeleteFileW

  EnumSystemCodePagesA

  CreateThread

  GlobalAlloc

  LoadResource

  DeleteFileTransactedW

  FlushConsoleInputBuffer

  WriteFileGather

  FindAtomA

  GetProcAddress

  HeapQueryInformation

  _lread

  GetFileSize

  FindAtomW

  VerSetConditionMask

  GetComputerNameW

  EnumTimeFormatsA

  VerifyVersionInfoW

  CreateProcessA

  GetComputerNameExA

  CreateMailslotA

  GetProcessPriorityBoost

  QueryPerformanceCounter

  IsWow64Process

  WriteFile

  GetModuleHandleA

  GetVersionExA

  GetSystemInfo

  GetModuleHandleW

  VirtualFree

  Process32First

  Process32Next

  GlobalFree

  LocalFree

  Wow64DisableWow64FsRedirection

  Wow64RevertWow64FsRedirection

  CreateProcessW

  DecodePointer

  EncodePointer

  WriteConsoleW

  SetFilePointerEx

  HeapReAlloc

  HeapSize

  SetStdHandle

  GetConsoleMode

  GetConsoleCP

  FlushFileBuffers

  GetStringTypeW

  GetProcessHeap

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  lstrlenA

  lstrcmpW

  lstrcpyW

  ExitProcess

  lstrlenW

  CloseHandle

  Process32FirstW

  lstrcatW

  LoadLibraryA

  Process32NextW

  Sleep

  GetSystemWow64DirectoryW

  CreateToolhelp32Snapshot

  GetSystemDirectoryW

  GetModuleFileNameW

  IsDBCSLeadByte

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  IsValidCodePage

  FindNextFileA

  FindFirstFileExA

  FindClose

  GetFileType

  GetStdHandle

  LCMapStringW

  HeapAlloc

  HeapFree

  WideCharToMultiByte

  GetModuleFileNameA

  LoadLibraryExW

  FreeLibrary

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  SetLastError

  RtlUnwind

  InterlockedFlushSList

  RaiseException

  TerminateProcess

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetCurrentProcessId

  IsProcessorFeaturePresent

  IsDebuggerPresent

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetStartupInfoW

  user32

  ScrollDC

  GetDoubleClickTime

  EnumClipboardFormats

  MessageBoxA

  CreateIcon

  ReleaseDC

  wsprintfA

  GetSystemMetrics

  GetDC

  EnumWindows

  SendMessageA

  FindWindowA

  CharUpperA

  GetNextDlgTabItem

  CharUpperBuffW

  wsprintfW

  gdi32

  CreateCompatibleBitmap

  SelectObject

  CreateCompatibleDC

  StretchBlt

  DeleteDC

  SetStretchBltMode

  DeleteObject

  GetClipBox

  CreateRectRgnIndirect

  GetDIBits

  GetTextAlign

  GetObjectA

  advapi32

  RegCreateKeyExW

  GetUserNameW

  shell32

  ShellExecuteA

  SHGetSpecialFolderPathA

  ShellExecuteW

  SHGetSpecialFolderPathW

  ole32

  CoUninitialize

  CoCreateInstance

  CoInitializeSecurity

  CoInitializeEx

  CoCreateGuid

  CoInitialize

  oleaut32

  VariantClear

  SysAllocString

  SysFreeString

  VariantInit

  shlwapi

  StrStrA

  StrChrA

  ws2_32

  recv

  WSACleanup

  closesocket

  gethostbyname

  WSAStartup

  send

  socket

  connect

  htons

  gdiplus

  GdipGetImageEncoders

  GdipAlloc

  GdipCloneImage

  GdipLoadImageFromFile

  GdiplusStartup

  GdipFree

  GdipDisposeImage

  GdipSaveImageToFile

  GdipGetImageEncodersSize

  netapi32

  NetApiBufferFree

  NetWkstaGetInfo

  Exports

  Exports

  fff

  Sections

  .text

  Size: 227KB - Virtual size: 227KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 34KB - Virtual size: 34KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 3KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 288B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 25KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ