File[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

File.zip
Size

6.2MB
MD5

8b5849685685a8e23b6b4bc6a2c66539
SHA1

c25becc2ee6e56687050ca937a223b46dcb9d017
SHA256

48fd696c3cdb17f595ce09e31aa04e1ebb55572df931c1e51e70e1f954b8bf41
SHA512

c568b91704471e9b89af9639c029b6c2cc2e1b5d2a1c30fd12f5774ddd0894635af5e6579fc71304f69f1d29a79f8df119d145f4c27a1114bf8a3248a474db49
SSDEEP

98304:CxNcuhRf3JQZNGskk3Ae60H9xtZvrUzuJUU5pNqNHB9y8smj/Q/uv2e9:C3LmukBddzxt5pNCB9s+Q/uvz

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/Install.exe	vmprotect

Files

File.zip
.zip

Password: 1234
Install.exe
.exe windows x86

Password: 1234

f540b6d6dcfc33b21d0deb0ccba24751

Code Sign

40:cc:6e:99:dd:66:44:9f:46:64:c8:69:92:61:a9:19
Certificate

Issuer

CN=Verbatim Digital EVOX-II 5Tb HDWG460EZSTA N300 (4096rpm) 4036Mb 0.5 Rtl

Not Before

25/01/2023, 17:10

Not After

26/01/2033, 17:10

Subject

CN=Verbatim Digital EVOX-II 5Tb HDWG460EZSTA N300 (4096rpm) 4036Mb 0.5 Rtl

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:71:a7:27:09:47:0d:b7:ee:3a:b5:17:79:b1:73:03:25:fd:e9:5f:09:de:16:cb:2e:ec:4c:fa:fd:45:57:2f
Signer

Actual PE Digest

f9:71:a7:27:09:47:0d:b7:ee:3a:b5:17:79:b1:73:03:25:fd:e9:5f:09:de:16:cb:2e:ec:4c:fa:fd:45:57:2f

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Verbatim Digital EVOX-II 5Tb HDWG460EZSTA N300 (4096rpm) 4036Mb 0.5 Rtl

20/01/2023, 16:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
lstrlenA
lstrcatA
GetModuleHandleA
SetCurrentDirectoryA
Sleep
GetModuleHandleExA
GetFileAttributesA
GetBinaryTypeA
QueryFullProcessImageNameA
GetSystemDirectoryA
GlobalAlloc
lstrcpyA
SetFileAttributesA
VerSetConditionMask
WideCharToMultiByte
VerifyVersionInfoW
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetProcAddress
lstrcpynA
GetProcessHeap
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
FindClose
GetTempPathW
CreateMutexW
WaitForSingleObject
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
WriteConsoleW
CloseHandle
CreateFileA
GetLastError
CreateFileW
SetFilePointer
WriteFile
UnlockFileEx
ReadFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
CreateDirectoryW
FindFirstFileExW
FindNextFileW
SetFilePointerEx
GetFileInformationByHandleEx
QueryPerformanceFrequency
LCMapStringEx
EncodePointer
DecodePointer
GetCPInfo
GetStringTypeW
SetLastError
GetThreadTimes
GetCurrentThread
InterlockedPushEntrySList
RaiseException
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetFileType
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
GetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
SetStdHandle
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetTimeZoneInformation
IsValidCodePage
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
GetTokenInformation
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 551KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
advapi32.dll
.dll windows x64

Password: 1234

4413d04a36ee067d7ec8c1eb660aa1c9

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:d5:0c:c3:73:6b:86:de:80:56:bf:43:7c:83:63:e9:7d:e0:4a:f2:71:26:0f:1c:56:78:1a:f6:83:1c:c6:d1
Signer

Actual PE Digest

36:d5:0c:c3:73:6b:86:de:80:56:bf:43:7c:83:63:e9:7d:e0:4a:f2:71:26:0f:1c:56:78:1a:f6:83:1c:c6:d1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20/01/2023, 16:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcscpy_s
wcscat_s
swprintf_s
_wcsicmp
_wcsnicmp
tolower
strstr
strchr
_ultow_s
iswctype
wcstoul
_wcstoui64
wcsstr
_ultow
wcstok_s
_errno
_ui64tow_s
_i64tow_s
_stricmp
wcsnlen
_resetstkoflw
iswalpha
wcsncmp
_vsnprintf
__CxxFrameHandler3
_wcstoi64
memcmp
memcpy
memmove
memset
_vsnwprintf
wcsrchr
wcschr
swscanf_s
__C_specific_handler
wcsncpy_s
wcscmp

ntdll

RtlFreeHandle
NtOpenKey
NtQueryValueKey
NtClose
NtOpenThreadToken
NtOpenProcessToken
RtlEqualSid
RtlLengthSid
RtlAddAccessAllowedAceEx
NtSetInformationToken
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
NtDuplicateToken
NtCompareTokens
RtlAllocateAndInitializeSid
RtlFreeSid
RtlIsGenericTableEmpty
RtlEnumerateGenericTableWithoutSplaying
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlExpandEnvironmentStrings_U
NtOpenFile
RtlCreateUnicodeString
NtQueryInformationProcess
RtlGetLastNtStatus
NtQueryKey
RtlValidSid
LdrLoadDll
RtlImageNtHeader
LdrUnloadDll
NtDeviceIoControlFile
NtQuerySystemInformation
EtwEventRegister
EtwEventWrite
NtCreateKey
NtSetValueKey
RtlDeleteElementGenericTable
RtlAppendUnicodeToString
NtDeleteKey
RtlInsertElementGenericTable
RtlCopySid
RtlInitializeHandleTable
RtlDestroyHandleTable
EtwEventUnregister
NtEnumerateKey
RtlIntegerToUnicodeString
RtlStringFromGUID
RtlAppendUnicodeStringToString
RtlFormatCurrentUserKeyPath
RtlInitializeGenericTable
RtlQueryRegistryValuesEx
RtlLookupElementGenericTable
RtlNumberGenericTableElements
RtlGUIDFromString
RtlUpcaseUnicodeChar
NtQueryVolumeInformationFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlPrefixUnicodeString
RtlDetermineDosPathNameType_U
NtQueryInformationFile
RtlGetFullPathName_U
RtlUnicodeToMultiByteN
RtlNtStatusToDosErrorNoTeb
RtlUnicodeToMultiByteSize
RtlAnsiCharToUnicodeChar
RtlMultiByteToUnicodeN
NtTraceControl
RtlSetLastWin32Error
RtlInitAnsiStringEx
RtlInitUnicodeStringEx
RtlCreateUnicodeStringFromAsciiz
NtRenameKey
RtlQueryPackageIdentity
RtlOemStringToUnicodeString
RtlIsTextUnicode
NtSetInformationThread
RtlAddAce
RtlValidAcl
RtlSetSaclSecurityDescriptor
RtlInitializeSid
RtlGetControlSecurityDescriptor
RtlAddAuditAccessObjectAce
RtlSetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetAce
RtlAddAuditAccessAceEx
RtlxAnsiStringToUnicodeSize
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlAddAccessDeniedAceEx
RtlAddAccessAllowedObjectAce
RtlAddAccessDeniedObjectAce
RtlIsValidIndexHandle
RtlSetGroupSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlDosPathNameToNtPathName_U
EtwEventWriteTransfer
EtwEventSetInformation
RtlImpersonateSelf
RtlAdjustPrivilege
RtlCopyString
NtQuerySystemTime
RtlTimeToSecondsSince1970
EtwTraceMessage
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
NtWaitForSingleObject
RtlGetVersion
NtQueryInformationThread
NtQuerySecurityObject
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
RtlDllShutdownInProgress
RtlRunOnceInitialize
NtQueryPerformanceCounter
RtlDeleteBoundaryDescriptor
NtCreateMutant
NtOpenPrivateNamespace
NtCreatePrivateNamespace
RtlAddSIDToBoundaryDescriptor
RtlCreateBoundaryDescriptor
NtWaitForMultipleObjects
RtlCreateAcl
RtlValidRelativeSecurityDescriptor
NtCreateFile
NtWriteFile
NtReadFile
RtlWaitOnAddress
RtlWakeAddressAll
RtlQueryPerformanceCounter
RtlAcquireSRWLockExclusive
RtlInsertElementGenericTableAvl
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockShared
RtlLookupElementGenericTableAvl
RtlReleaseSRWLockShared
RtlEnumerateGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlWakeAddressSingle
RtlDosPathNameToRelativeNtPathName_U
RtlReleaseRelativeName
RtlInitializeSRWLock
RtlEqualUnicodeString
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
NtAlpcQueryInformation
RtlCreateQueryDebugBuffer
NtQueryObject
NtQueryMutant
RtlInitString
RtlAddAccessAllowedAce
RtlOpenCurrentUser
NtReplaceKey
NtSaveKey
NtSaveMergedKeys
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlGetNtProductType
RtlUnicodeStringToInteger
RtlConvertSidToUnicodeString
RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlGetThreadPreferredUILanguages
RtlMakeSelfRelativeSD
RtlFreeHeap
RtlxUnicodeStringToAnsiSize
NtQueryInformationToken
RtlFreeUnicodeString
RtlAllocateHeap
RtlFirstFreeAce
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitializeCriticalSection
RtlDeleteCriticalSection
NtSetSystemInformation
RtlLeaveCriticalSection
RtlEnterCriticalSection
DbgPrint
RtlNtStatusToDosError
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlGetCurrentTransaction
NtOpenKeyEx
NtSetInformationKey
LdrGetProcedureAddress
LdrGetDllHandle
RtlInitUnicodeString
RtlAnsiStringToUnicodeString
RtlFreeAnsiString
RtlAllocateHandle

api-ms-win-eventing-controller-l1-1-0

EventAccessQuery
EventAccessRemove
StopTraceW
QueryAllTracesW
EventAccessControl
TraceSetInformation
EnableTraceEx2
EnumerateTraceGuidsEx
StartTraceW
ControlTraceW

api-ms-win-eventing-consumer-l1-1-0

CloseTrace
OpenTraceW
ProcessTrace

api-ms-win-eventing-consumer-l1-1-1

QueryTraceProcessingHandle

kernelbase

lstrcmpiW
RegKrnGetHKEY_ClassesRootAddress
RegKrnGetClassesEnumTableAddressInternal
RegKrnGetTermsrvRegistryExtensionFlags
lstrlenW
LocalAlloc
LocalReAlloc
CreateProcessAsUserW
CreateProcessAsUserA
RegDeleteKeyExInternalW
RegCreateKeyExInternalW
RegOpenKeyExInternalW
CLOSE_LOCAL_HANDLE_INTERNAL
MapPredefinedHandleInternal
RegDeleteKeyExInternalA
RemapPredefinedHandleInternal
RegCreateKeyExInternalA
DisablePredefinedHandleTableInternal
RegOpenKeyExInternalA
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
lstrcmpW
Sleep
PackageIdFromFullName
GetStagedPackagePathByFullName

sechost

QueryAllTracesA
ControlTraceA
StartTraceA

api-ms-win-service-core-l1-1-0

StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-service-core-l1-1-1

QueryServiceDynamicInformation
EnumServicesStatusExW
EnumDependentServicesW

api-ms-win-service-core-l1-1-2

GetServiceKeyNameW
GetServiceDisplayNameW

api-ms-win-service-management-l1-1-0

CreateServiceW
OpenServiceW
StartServiceW
ControlServiceExW
DeleteService
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceConfigW
SetServiceObjectSecurity
ChangeServiceConfig2W
NotifyServiceStatusChangeW
QueryServiceObjectSecurity
QueryServiceConfig2W
ChangeServiceConfigW
QueryServiceStatusEx

api-ms-win-service-private-l1-1-4

CreateServiceEx

api-ms-win-service-private-l1-1-2

QueryLocalUserServiceName
QueryUserServiceName
I_ScReparseServiceDatabase

api-ms-win-service-private-l1-1-3

QueryUserServiceNameForContext

api-ms-win-service-private-l1-1-0

I_ScSetServiceBitsW
I_ScSetServiceBitsA
WaitServiceState
I_ScRpcBindA
I_ScRpcBindW

api-ms-win-service-winsvc-l1-1-0

ControlServiceExA
RegisterServiceCtrlHandlerW
ChangeServiceConfigA
StartServiceA
OpenServiceA
QueryServiceConfigA
NotifyServiceStatusChangeA
QueryServiceStatus
OpenSCManagerA
StartServiceCtrlDispatcherA
CreateServiceA
QueryServiceConfig2A
ChangeServiceConfig2A
RegisterServiceCtrlHandlerA
ControlService
RegisterServiceCtrlHandlerExA

api-ms-win-core-namedpipe-l1-1-0

ImpersonateNamedPipeClient

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
OpenThread
SetThreadToken
GetProcessId
CreateThread
GetPriorityClass
GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
OpenProcessToken
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

ObjectDeleteAuditAlarmW
GetSidSubAuthorityCount
SetTokenInformation
AreAnyAccessesGranted
SetSecurityDescriptorRMControl
EqualSid
GetAce
GetSecurityDescriptorRMControl
SetSecurityDescriptorOwner
IsTokenRestricted
IsWellKnownSid
DeleteAce
PrivilegedServiceAuditAlarmW
InitializeSid
GetSecurityDescriptorOwner
ImpersonateAnonymousToken
ImpersonateSelf
EqualDomainSid
SetSecurityDescriptorSacl
IsValidSid
AddAce
AddAuditAccessAce
AccessCheckByTypeResultListAndAuditAlarmW
SetAclInformation
IsValidSecurityDescriptor
AddAccessDeniedAce
CreateRestrictedToken
FreeSid
EqualPrefixSid
GetFileSecurityW
AllocateAndInitializeSid
CheckTokenMembership
InitializeSecurityDescriptor
InitializeAcl
DuplicateToken
SetPrivateObjectSecurityEx
AddAccessAllowedObjectAce
GetKernelObjectSecurity
MapGenericMask
SetKernelObjectSecurity
AddAccessAllowedAceEx
GetLengthSid
SetSecurityDescriptorControl
DuplicateTokenEx
IsValidAcl
GetSecurityDescriptorLength
AddAccessAllowedAce
AddAccessDeniedObjectAce
MakeSelfRelativeSD
AccessCheckByType
AddAuditAccessAceEx
MakeAbsoluteSD
SetSecurityDescriptorGroup
GetSidIdentifierAuthority
GetTokenInformation
AccessCheckByTypeResultList
PrivilegeCheck
ObjectCloseAuditAlarmW
AccessCheck
GetSecurityDescriptorGroup
AccessCheckByTypeResultListAndAuditAlarmByHandleW
GetSidSubAuthority
ObjectPrivilegeAuditAlarmW
CopySid
GetSecurityDescriptorControl
DestroyPrivateObjectSecurity
SetSecurityDescriptorDacl
SetSecurityAccessMask
AddAccessDeniedAceEx
CreatePrivateObjectSecurity
CreateWellKnownSid
GetPrivateObjectSecurity
AreAllAccessesGranted
CreatePrivateObjectSecurityWithMultipleInheritance
GetSidLengthRequired
GetWindowsAccountDomainSid
AccessCheckAndAuditAlarmW
AdjustTokenGroups
CreatePrivateObjectSecurityEx
GetAclInformation
SetFileSecurityW
AddAuditAccessObjectAce
AllocateLocallyUniqueId
GetSecurityDescriptorDacl
RevertToSelf
QuerySecurityAccessMask
SetPrivateObjectSecurity
AdjustTokenPrivileges
ConvertToAutoInheritPrivateObjectSecurity
ObjectOpenAuditAlarmW
GetSecurityDescriptorSacl
FindFirstFreeAce
AccessCheckByTypeAndAuditAlarmW
ImpersonateLoggedOnUser

api-ms-win-security-base-private-l1-1-0

MakeAbsoluteSD2

api-ms-win-core-registry-l1-1-0

RegDeleteTreeA
RegDisablePredefinedCacheEx
RegNotifyChangeKeyValue
RegGetKeySecurity
RegLoadAppKeyW
RegDeleteKeyExW
RegOpenCurrentUser
RegQueryInfoKeyW
RegGetValueA
RegSaveKeyExA
RegLoadMUIStringA
RegQueryValueExA
RegCreateKeyExA
RegFlushKey
RegCreateKeyExW
RegUnLoadKeyA
RegOpenUserClassesRoot
RegDeleteKeyExA
RegEnumKeyExW
RegSetKeySecurity
RegSaveKeyExW
RegDeleteTreeW
RegLoadMUIStringW
RegSetValueExW
RegLoadAppKeyA
RegSetValueExA
RegCopyTreeW
RegLoadKeyA
RegUnLoadKeyW
RegQueryInfoKeyA
RegLoadKeyW
RegOpenKeyExA
RegGetValueW
RegRestoreKeyW
RegEnumValueA
RegDeleteValueW
RegRestoreKeyA
RegDeleteValueA
RegEnumValueW
RegEnumKeyExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueA
RegSetKeyValueA
RegDeleteKeyValueW

api-ms-win-core-registry-l1-1-2

RegQueryMultipleValuesW
RegQueryMultipleValuesA

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GetSystemDirectoryW
GetComputerNameExW
GetComputerNameExA
GetTickCount
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW

kernel32

SearchPathW
MultiByteToWideChar
LocalFree
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetProcAddress
FreeLibrary
DelayLoadFailureHook
ResolveDelayLoadedAPI
LoadLibraryExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
CreateEventW
CloseHandle
GetThreadUILanguage
GetCommandLineW
GetModuleHandleExW
WriteFile
ExpandEnvironmentStringsW
SetFilePointer
CreateFileW
FormatMessageW
GetFileAttributesExW
OutputDebugStringW
DeleteFileW
MoveFileW
GetModuleHandleW
GetFileSizeEx
CreateFileMappingW
HeapAlloc
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
HeapFree
GetLongPathNameW
CompareFileTime
FindResourceExW
LoadResource
GetVolumePathNameW
DeleteCriticalSection
WaitForSingleObject
InitOnceBeginInitialize
CompareStringOrdinal
ReleaseMutex
InitOnceComplete
GetComputerNameW
ExpandEnvironmentStringsA
GetModuleFileNameW
AreFileApisANSI
GetFullPathNameW
GetFileAttributesW
SleepEx
LoadLibraryExA
LoadLibraryA
CreateMutexW
InitializeCriticalSection
SizeofResource
LockResource
SetEvent
ResetEvent
GetFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetFileSize
FindFirstFileExW
FindNextFileW
FindClose
CopyFileExW
TermsrvDeleteKey
TermsrvOpenUserClasses
ReadProcessMemory
DecodePointer
LoadLibraryW
DuplicateHandle
FreeLibraryAndExitThread
EncodePointer
FreeLibraryWhenCallbackReturns
CloseThreadpoolIo
CancelIoEx
CancelThreadpoolIo
CreateThreadpoolIo
DeviceIoControl
StartThreadpoolIo
GetFileMUIPath
EnumUILanguagesW
SetErrorMode
RaiseException
SetFileInformationByHandle
SetLastError

rpcrt4

RpcBindingBind
RpcBindingCreateW
RpcSsDestroyClientContext
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
NdrClientCall3
RpcExceptionFilter
UuidToStringW
UuidFromStringW
RpcBindingFromStringBindingW
NdrClientCall2
RpcStringBindingComposeW
RpcBindingSetAuthInfoA
I_RpcSNCHOption
RpcEpResolveBinding
RpcBindingSetAuthInfoW
I_RpcMapWin32Status
I_RpcExceptionFilter

api-ms-win-core-timezone-l1-1-0

EnumDynamicTimeZoneInformation
GetDynamicTimeZoneInformationEffectiveYears

api-ms-win-security-audit-l1-1-1

AuditLookupSubCategoryNameW
AuditQuerySecurity
AuditEnumeratePerUserPolicy
AuditSetPerUserPolicy
AuditEnumerateSubCategories
AuditQueryGlobalSaclW
AuditEnumerateCategories
AuditQueryPerUserPolicy
AuditLookupCategoryNameW
AuditSetGlobalSaclW
AuditSetSecurity

api-ms-win-security-audit-l1-1-0

AuditComputeEffectivePolicyBySid
AuditFree
AuditQuerySystemPolicy
AuditSetSystemPolicy

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventUnregister
EventRegister
EventSetInformation

api-ms-win-core-pcw-l1-1-0

PcwEnumerateInstances
PcwCollectData
PcwSetQueryItemUserData
PcwRemoveQueryItem
PcwSendNotification
PcwSendStatelessNotification
PcwCreateNotifier
PcwCreateQuery
PcwAddQueryItem

Exports

Exports

A_SHAFinal
A_SHAInit
A_SHAUpdate
AbortSystemShutdownA
AbortSystemShutdownW
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckAndAuditAlarmW
AccessCheckByType
AccessCheckByTypeAndAuditAlarmA
AccessCheckByTypeAndAuditAlarmW
AccessCheckByTypeResultList
AccessCheckByTypeResultListAndAuditAlarmA
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AccessCheckByTypeResultListAndAuditAlarmW
AddAccessAllowedAce
AddAccessAllowedAceEx
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessDeniedAceEx
AddAccessDeniedObjectAce
AddAce
AddAuditAccessAce
AddAuditAccessAceEx
AddAuditAccessObjectAce
AddConditionalAce
AddMandatoryAce
AddUsersToEncryptedFile
AddUsersToEncryptedFileEx
AdjustTokenGroups
AdjustTokenPrivileges
AllocateAndInitializeSid
AllocateLocallyUniqueId
AreAllAccessesGranted
AreAnyAccessesGranted
AuditComputeEffectivePolicyBySid
AuditComputeEffectivePolicyByToken
AuditEnumerateCategories
AuditEnumeratePerUserPolicy
AuditEnumerateSubCategories
AuditFree
AuditLookupCategoryGuidFromCategoryId
AuditLookupCategoryIdFromCategoryGuid
AuditLookupCategoryNameA
AuditLookupCategoryNameW
AuditLookupSubCategoryNameA
AuditLookupSubCategoryNameW
AuditQueryGlobalSaclA
AuditQueryGlobalSaclW
AuditQueryPerUserPolicy
AuditQuerySecurity
AuditQuerySystemPolicy
AuditSetGlobalSaclA
AuditSetGlobalSaclW
AuditSetPerUserPolicy
AuditSetSecurity
AuditSetSystemPolicy
BackupEventLogA
BackupEventLogW
BaseRegCloseKey
BaseRegCreateKey
BaseRegDeleteKeyEx
BaseRegDeleteValue
BaseRegFlushKey
BaseRegGetVersion
BaseRegLoadKey
BaseRegOpenKey
BaseRegRestoreKey
BaseRegSaveKeyEx
BaseRegSetKeySecurity
BaseRegSetValue
BaseRegUnLoadKey
BuildExplicitAccessWithNameA
BuildExplicitAccessWithNameW
BuildImpersonateExplicitAccessWithNameA
BuildImpersonateExplicitAccessWithNameW
BuildImpersonateTrusteeA
BuildImpersonateTrusteeW
BuildSecurityDescriptorA
BuildSecurityDescriptorW
BuildTrusteeWithNameA
BuildTrusteeWithNameW
BuildTrusteeWithObjectsAndNameA
BuildTrusteeWithObjectsAndNameW
BuildTrusteeWithObjectsAndSidA
BuildTrusteeWithObjectsAndSidW
BuildTrusteeWithSidA
BuildTrusteeWithSidW
CancelOverlappedAccess
ChangeServiceConfig2A
ChangeServiceConfig2W
ChangeServiceConfigA
ChangeServiceConfigW
CheckForHiberboot
CheckTokenMembership
ClearEventLogA
ClearEventLogW
CloseCodeAuthzLevel
CloseEncryptedFileRaw
CloseEventLog
CloseServiceHandle
CloseThreadWaitChainSession
CloseTrace
CommandLineFromMsiDescriptor
ComputeAccessTokenFromCodeAuthzLevel
ControlService
ControlServiceExA
ControlServiceExW
ControlTraceA
ControlTraceW
ConvertAccessToSecurityDescriptorA
ConvertAccessToSecurityDescriptorW
ConvertSDToStringSDDomainW
ConvertSDToStringSDRootDomainA
ConvertSDToStringSDRootDomainW
ConvertSecurityDescriptorToAccessA
ConvertSecurityDescriptorToAccessNamedA
ConvertSecurityDescriptorToAccessNamedW
ConvertSecurityDescriptorToAccessW
ConvertSecurityDescriptorToStringSecurityDescriptorA
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
ConvertStringSDToSDDomainA
ConvertStringSDToSDDomainW
ConvertStringSDToSDRootDomainA
ConvertStringSDToSDRootDomainW
ConvertStringSecurityDescriptorToSecurityDescriptorA
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidA
ConvertStringSidToSidW
ConvertToAutoInheritPrivateObjectSecurity
CopySid
CreateCodeAuthzLevel
CreatePrivateObjectSecurity
CreatePrivateObjectSecurityEx
CreatePrivateObjectSecurityWithMultipleInheritance
CreateProcessAsUserA
CreateProcessAsUserW
CreateProcessWithLogonW
CreateProcessWithTokenW
CreateRestrictedToken
CreateServiceA
CreateServiceEx
CreateServiceW
CreateTraceInstanceId
CreateWellKnownSid
CredBackupCredentials
CredDeleteA
CredDeleteW
CredEncryptAndMarshalBinaryBlob
CredEnumerateA
CredEnumerateW
CredFindBestCredentialA
CredFindBestCredentialW
CredFree
CredGetSessionTypes
CredGetTargetInfoA
CredGetTargetInfoW
CredIsMarshaledCredentialA
CredIsMarshaledCredentialW
CredIsProtectedA
CredIsProtectedW
CredMarshalCredentialA
CredMarshalCredentialW
CredProfileLoaded
CredProfileLoadedEx
CredProfileUnloaded
CredProtectA
CredProtectW
CredReadA
CredReadByTokenHandle
CredReadDomainCredentialsA
CredReadDomainCredentialsW
CredReadW
CredRenameA
CredRenameW
CredRestoreCredentials
CredUnmarshalCredentialA
CredUnmarshalCredentialW
CredUnprotectA
CredUnprotectW
CredWriteA
CredWriteDomainCredentialsA
CredWriteDomainCredentialsW
CredWriteW
CredpConvertCredential
CredpConvertOneCredentialSize
CredpConvertTargetInfo
CredpDecodeCredential
CredpEncodeCredential
CredpEncodeSecret
CryptAcquireContextA
CryptAcquireContextW
CryptContextAddRef
CryptCreateHash
CryptDecrypt
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptDuplicateHash
CryptDuplicateKey
CryptEncrypt
CryptEnumProviderTypesA
CryptEnumProviderTypesW
CryptEnumProvidersA
CryptEnumProvidersW
CryptExportKey
CryptGenKey
CryptGenRandom
CryptGetDefaultProviderA
CryptGetDefaultProviderW
CryptGetHashParam
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptHashSessionKey
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSetKeyParam
CryptSetProvParam
CryptSetProviderA
CryptSetProviderExA
CryptSetProviderExW
CryptSetProviderW
CryptSignHashA
CryptSignHashW
CryptVerifySignatureA
CryptVerifySignatureW
CveEventWrite
DecryptFileA
DecryptFileW
DeleteAce
DeleteService
DeregisterEventSource
DestroyPrivateObjectSecurity
DuplicateEncryptionInfoFile
DuplicateToken
DuplicateTokenEx
ElfBackupEventLogFileA
ElfBackupEventLogFileW
ElfChangeNotify
ElfClearEventLogFileA
ElfClearEventLogFileW
ElfCloseEventLog
ElfDeregisterEventSource
ElfFlushEventLog
ElfNumberOfRecords
ElfOldestRecord
ElfOpenBackupEventLogA
ElfOpenBackupEventLogW
ElfOpenEventLogA
ElfOpenEventLogW
ElfReadEventLogA
ElfReadEventLogW
ElfRegisterEventSourceA
ElfRegisterEventSourceW
ElfReportEventA
ElfReportEventAndSourceW
ElfReportEventW
EnableTrace
EnableTraceEx
EnableTraceEx2
EncryptFileA
EncryptFileW
EncryptedFileKeyInfo
EncryptionDisable
EnumDependentServicesA
EnumDependentServicesW
EnumDynamicTimeZoneInformation
EnumServiceGroupW
EnumServicesStatusA
EnumServicesStatusExA
EnumServicesStatusExW
EnumServicesStatusW
EnumerateTraceGuids
EnumerateTraceGuidsEx
EqualDomainSid
EqualPrefixSid
EqualSid
EventAccessControl
EventAccessQuery
EventAccessRemove
EventActivityIdControl
EventEnabled
EventProviderEnabled
EventRegister
EventSetInformation
EventUnregister
EventWrite
EventWriteEndScenario
EventWriteEx
EventWriteStartScenario
EventWriteString
EventWriteTransfer
FileEncryptionStatusA
FileEncryptionStatusW
FindFirstFreeAce
FlushEfsCache
FlushTraceA
FlushTraceW
FreeEncryptedFileKeyInfo
FreeEncryptedFileMetadata
FreeEncryptionCertificateHashList
FreeInheritedFromArray
FreeSid
GetAccessPermissionsForObjectA
GetAccessPermissionsForObjectW
GetAce
GetAclInformation
GetAuditedPermissionsFromAclA
GetAuditedPermissionsFromAclW
GetCurrentHwProfileA
GetCurrentHwProfileW
GetDynamicTimeZoneInformationEffectiveYears
GetEffectiveRightsFromAclA
GetEffectiveRightsFromAclW
GetEncryptedFileMetadata
GetEventLogInformation
GetExplicitEntriesFromAclA
GetExplicitEntriesFromAclW
GetFileSecurityA
GetFileSecurityW
GetInformationCodeAuthzLevelW
GetInformationCodeAuthzPolicyW
GetInheritanceSourceA
GetInheritanceSourceW
GetKernelObjectSecurity
GetLengthSid
GetLocalManagedApplicationData
GetLocalManagedApplications
GetManagedApplicationCategories
GetManagedApplications
GetMultipleTrusteeA
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetMultipleTrusteeW
GetNamedSecurityInfoA
GetNamedSecurityInfoExA
GetNamedSecurityInfoExW
GetNamedSecurityInfoW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetOverlappedAccessResults
GetPrivateObjectSecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorOwner
GetSecurityDescriptorRMControl
GetSecurityDescriptorSacl
GetSecurityInfo
GetSecurityInfoExA
GetSecurityInfoExW
GetServiceDisplayNameA
GetServiceDisplayNameW
GetServiceKeyNameA
GetServiceKeyNameW
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetStringConditionFromBinary
GetThreadWaitChain
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
GetTrusteeFormA
GetTrusteeFormW
GetTrusteeNameA
GetTrusteeNameW
GetTrusteeTypeA
GetTrusteeTypeW
GetUserNameA
GetUserNameW
GetWindowsAccountDomainSid
I_QueryTagInformation
I_ScGetCurrentGroupStateW
I_ScIsSecurityProcess
I_ScPnPGetServiceName
I_ScQueryServiceConfig
I_ScRegisterPreshutdownRestart
I_ScReparseServiceDatabase
I_ScSendPnPMessage
I_ScSendTSMessage
I_ScSetServiceBitsA
I_ScSetServiceBitsW
I_ScValidatePnPService
IdentifyCodeAuthzLevelW
ImpersonateAnonymousToken
ImpersonateLoggedOnUser
ImpersonateNamedPipeClient
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
InitializeSid
InitiateShutdownA
InitiateShutdownW
InitiateSystemShutdownA
InitiateSystemShutdownExA
InitiateSystemShutdownExW
InitiateSystemShutdownW
InstallApplication
IsTextUnicode
IsTokenRestricted
IsTokenUntrusted
IsValidAcl
IsValidRelativeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
IsWellKnownSid
LockServiceDatabase
LogonUserA
LogonUserExA
LogonUserExExW
LogonUserExW
LogonUserW
LookupAccountNameA
LookupAccountNameW
LookupAccountSidA
LookupAccountSidW
LookupPrivilegeDisplayNameA
LookupPrivilegeDisplayNameW
LookupPrivilegeNameA
LookupPrivilegeNameW
LookupPrivilegeValueA
LookupPrivilegeValueW
LookupSecurityDescriptorPartsA
LookupSecurityDescriptorPartsW
LsaAddAccountRights
LsaAddPrivilegesToAccount
LsaClearAuditLog
LsaClose
LsaCreateAccount
LsaCreateSecret
LsaCreateTrustedDomain
LsaCreateTrustedDomainEx
LsaDelete
LsaDeleteTrustedDomain
LsaEnumerateAccountRights
LsaEnumerateAccounts
LsaEnumerateAccountsWithUserRight
LsaEnumeratePrivileges
LsaEnumeratePrivilegesOfAccount
LsaEnumerateTrustedDomains
LsaEnumerateTrustedDomainsEx
LsaFreeMemory
LsaGetAppliedCAPIDs
LsaGetQuotasForAccount
LsaGetRemoteUserName
LsaGetSystemAccessAccount
LsaGetUserName
LsaICLookupNames
LsaICLookupNamesWithCreds
LsaICLookupSids
LsaICLookupSidsWithCreds
LsaInvokeTrustScanner
LsaLookupNames
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeName
LsaLookupPrivilegeValue
LsaLookupSids
LsaLookupSids2
LsaManageSidNameMapping
LsaNtStatusToWinError
LsaOpenAccount
LsaOpenPolicy
LsaOpenPolicySce
LsaOpenSecret
LsaOpenTrustedDomain
LsaOpenTrustedDomainByName
LsaQueryCAPs
LsaQueryDomainInformationPolicy
LsaQueryForestTrustInformation
LsaQueryForestTrustInformation2
LsaQueryInfoTrustedDomain
LsaQueryInformationPolicy
LsaQuerySecret
LsaQuerySecurityObject
LsaQueryTrustedDomainInfo
LsaQueryTrustedDomainInfoByName
LsaRemoveAccountRights
LsaRemovePrivilegesFromAccount
LsaRetrievePrivateData
LsaSetCAPs
LsaSetDomainInformationPolicy
LsaSetForestTrustInformation
LsaSetForestTrustInformation2
LsaSetInformationPolicy
LsaSetInformationTrustedDomain
LsaSetQuotasForAccount
LsaSetSecret
LsaSetSecurityObject
LsaSetSystemAccessAccount

Sections

.text
Size: 413KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
advapi32res.dll
.dll windows x64

Password: 1234

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fonts/Alakob.ttf
fonts/AlaskanNights.ttf
fonts/Arggotsc.ttf
fonts/Army Condensed.ttf
fonts/Army Thin.ttf
fonts/BELL.TTF
fonts/BELLB.TTF
fonts/BELLI.TTF
fonts/BOD_BI.TTF
fonts/BOD_BLAI.TTF
fonts/BOD_I.TTF
fonts/CALISTB.TTF
fonts/CALISTBI.TTF
fonts/CENTAUR.TTF
fonts/Cabana-Regular.ttf
fonts/baby_csp.ttf
fonts/black.ttf
fonts/bold_0.ttf
fonts/browa.ttf
fonts/browau.ttf
fonts/browauz.ttf
fonts/browaz.ttf
fonts/deathrattlebb_reg.ttf
langs/Arabic.ini
langs/Belarusian.ini
langs/Bulgarian.ini
langs/Croatian.ini
langs/Czech.ini
langs/Danish.ini
langs/English.ini
langs/Farsi.ini
langs/Finnish.ini
langs/Hebrew.ini
langs/Hindi.ini
langs/Hungarian.ini
.ps1
langs/Indonesian.ini
langs/Japanese.ini
langs/Kazakh.ini
langs/Korean.ini
.ps1
langs/Kurdish.ini
langs/Lithuanian.ini
langs/Norwegian.ini
langs/Russian.ini
langs/SimpChinese.ini
langs/Sinhala.ini
langs/Slovak.ini
langs/Swedish.ini
langs/Thai.ini
langs/TradChinese.ini
langs/Ukrainian.ini
langs/Uyghur.ini
langs/UyghurLatin.ini
langs/Uzbek.ini
langs/Vietnamese.ini

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

f540b6d6dcfc33b21d0deb0ccba24751

Code Sign

40:cc:6e:99:dd:66:44:9f:46:64:c8:69:92:61:a9:19Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

f9:71:a7:27:09:47:0d:b7:ee:3a:b5:17:79:b1:73:03:25:fd:e9:5f:09:de:16:cb:2e:ec:4c:fa:fd:45:57:2fSigner

Signature Validations

Verification

20/01/2023, 16:03 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: - Virtual size: 2.0MB

.rdata Size: - Virtual size: 168KB

.data Size: - Virtual size: 34KB

.vmp0 Size: - Virtual size: 1.5MB

.vmp1 Size: 4.3MB - Virtual size: 4.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 551KB - Virtual size: 1.3MB

Password: 1234

4413d04a36ee067d7ec8c1eb660aa1c9

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

36:d5:0c:c3:73:6b:86:de:80:56:bf:43:7c:83:63:e9:7d:e0:4a:f2:71:26:0f:1c:56:78:1a:f6:83:1c:c6:d1Signer

Signature Validations

Verification

20/01/2023, 16:03 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-eventing-controller-l1-1-0

api-ms-win-eventing-consumer-l1-1-0

api-ms-win-eventing-consumer-l1-1-1

kernelbase

sechost

api-ms-win-service-core-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-service-core-l1-1-2

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-service-private-l1-1-4

api-ms-win-service-private-l1-1-2

api-ms-win-service-private-l1-1-3

api-ms-win-service-private-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-security-base-private-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-registry-l1-1-2

api-ms-win-core-sysinfo-l1-1-0

kernel32

rpcrt4

40:cc:6e:99:dd:66:44:9f:46:64:c8:69:92:61:a9:19
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

f9:71:a7:27:09:47:0d:b7:ee:3a:b5:17:79:b1:73:03:25:fd:e9:5f:09:de:16:cb:2e:ec:4c:fa:fd:45:57:2f
Signer

20/01/2023, 16:03
Valid: false

.text
Size: - Virtual size: 2.0MB

.rdata
Size: - Virtual size: 168KB

.data
Size: - Virtual size: 34KB

.vmp0
Size: - Virtual size: 1.5MB

.vmp1
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 551KB - Virtual size: 1.3MB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

36:d5:0c:c3:73:6b:86:de:80:56:bf:43:7c:83:63:e9:7d:e0:4a:f2:71:26:0f:1c:56:78:1a:f6:83:1c:c6:d1
Signer

20/01/2023, 16:03
Valid: false

.text
Size: 413KB - Virtual size: 413KB

.rdata
Size: 217KB - Virtual size: 216KB

.data
Size: 10KB - Virtual size: 17KB

.pdata
Size: 17KB - Virtual size: 16KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 6KB

.rdata
Size: 512B - Virtual size: 176B

.rsrc
Size: 1KB - Virtual size: 1KB