f0R4G3R[.]v4[.]1[.]8[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

f0R4G3R.v4.1.8.rar
Size

167.0MB
MD5

bd3944704df3426fa6ac3f3884cbfaec
SHA1

129be2a6c0a7a3b6864f1d7a25546fee82d8b50f
SHA256

a79b2f9c181baa68b26bcb7a463d7f86fe4eb327faba21356c9bbb6ffb3fa6d8
SHA512

b119f604e7fd3db5f8e62931506ce1c86ec59a22fc7d46f6a4064abb7df16a366fe687d95f5b59b23f1cdc7e4748d88b25f1bc62fb1c49326115e11b59819ba8
SSDEEP

3145728:OslFQIr7n/mHbbWCB/r2MkKwDBh4eovD1xRXGOnJDxvsnIbOtGZHtUTfrtaK3T6A:OslF1mHbnBkhFh4fvD1xRXTJ90nmoTgw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Forager v4.1.8-PiviGames.blog/steam_api.dll	upx

Files

f0R4G3R.v4.1.8.rar
.rar
Forager v4.1.8-PiviGames.blog/Descarga JUEGOS GRATIS - PiviGames.blog.url
.url
Forager v4.1.8-PiviGames.blog/Forager.exe
.exe windows x86

a09e55fae14ffb3312dad92236f1edaa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetConnectA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA
HttpOpenRequestA
InternetGetConnectedState
InternetCrackUrlA

d3d11

D3D11CreateDevice

winmm

mciSendStringA
mciGetErrorStringA
joyGetPos
joyGetPosEx
joyGetDevCapsA

ws2_32

WSAStartup
socket
shutdown
setsockopt
sendto
send
select
recvfrom
ntohs
getaddrinfo
inet_ntoa
inet_addr
getsockopt
ioctlsocket
connect
closesocket
bind
listen
htons
htonl
WSAGetLastError
freeaddrinfo
getpeername
__WSAFDIsSet
recv
accept

gdiplus

GdiplusStartup
GdiplusShutdown

comctl32

InitCommonControlsEx

kernel32

DecodePointer
GetProcessHeap
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
IsValidLocale
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapAlloc
HeapFree
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
ReadFile
SetFileAttributesW
GetFileAttributesExW
HeapWalk
HeapValidate
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
GetModuleHandleExW
WriteFile
GetStdHandle
RaiseException
LoadLibraryExW
EncodePointer
RtlUnwind
GetConsoleMode
ReadConsoleW
GetConsoleCP
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
GetFileSizeEx
ExpandEnvironmentStringsW
CreateFileW
GetFullPathNameW
CloseHandle
GetLastError
SetErrorMode
Sleep
GetModuleFileNameW
MoveFileA
MultiByteToWideChar
WideCharToMultiByte
SetCurrentDirectoryA
GetCurrentDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryW
QueryPerformanceFrequency
WaitForSingleObject
SetWaitableTimer
GetTickCount
CreateWaitableTimerW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateThread
SetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
OutputDebugStringA
GetConsoleWindow
GetEnvironmentVariableW
GetCurrentDirectoryW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetExitCodeProcess
CreateProcessW
SetLastError
GetExitCodeThread
LocalFree
FormatMessageW
GetVersionExW
GetLocaleInfoW
GetUserDefaultLCID
GetCurrentThread
SetPriorityClass
GlobalAlloc
GlobalLock
GlobalUnlock
ExitProcess
lstrlenA
WaitForSingleObjectEx
CreateEventExW
SetFilePointerEx
MoveFileExW
HeapReAlloc
FlushFileBuffers
HeapSize
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
GetCommandLineW

user32

ShowWindow
SetWindowPos
BringWindowToTop
GetKeyState
SetCapture
ReleaseCapture
GetSystemMetrics
SetForegroundWindow
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
LoadCursorW
LoadImageW
MessageBoxW
wsprintfW
UpdateWindow
SetCursorPos
GetCursorPos
SetWindowLongW
ChangeDisplaySettingsW
EnumDisplaySettingsW
MonitorFromWindow
GetMonitorInfoW
GetDC
ReleaseDC
MoveWindow
SetWindowTextW
ClientToScreen
DestroyWindow
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetFocus
SetWindowTextA
CreateDialogParamW
DialogBoxParamW
EndDialog
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
DrawTextW
ScreenToClient
GetAsyncKeyState
keybd_event
SetDlgItemTextA
GetRawInputDeviceInfoA
GetRawInputDeviceList
CreateWindowExW
SendMessageW
GetActiveWindow
SetProcessDPIAware
IsDialogMessageW
SetFocus
PostMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
MessageBoxA
RegisterClassExW
MapWindowPoints
DefWindowProcW

gdi32

SelectObject
GetDeviceCaps

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitialize

dxgi

CreateDXGIFactory1

dwmapi

DwmGetCompositionTimingInfo

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 21.2MB - Virtual size: 21.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 975KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mydata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 534KB - Virtual size: 534KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Imguigml.dll
.dll windows x86

4c12699f30c6f71416015ece6a27ad97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
GlobalUnlock
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
GlobalLock
GlobalAlloc
SetUnhandledExceptionFilter

user32

CloseClipboard
OpenClipboard
GetClipboardData
SetClipboardData
EmptyClipboard

msvcp140

_Mtx_init_in_situ
_Cnd_destroy_in_situ
_Strxfrm
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Mtx_destroy_in_situ
?_Xbad_function_call@std@@YAXXZ
_Cnd_init_in_situ
_Mtx_lock
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Mtx_destroy
_Cnd_init
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_yield
_Cnd_signal
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

imm32

ImmGetContext
ImmSetCompositionWindow

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
memcpy
__RTDynamicCast
__vcrt_InitializeCriticalSectionEx
strstr
strchr
__std_exception_destroy
__std_terminate
_purecall
memmove
__CxxFrameHandler3
__std_exception_copy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_errno
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate

api-ms-win-crt-string-l1-1-0

strncpy
isspace
strncpy_s
toupper
isprint
strncmp

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
free

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsscanf
fread
_wfopen
fwrite
ftell
__acrt_iob_func
__stdio_common_vfprintf
fseek
fclose
fflush

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

_libm_sse2_acos_precise
_libm_sse2_cos_precise
_CIfmod
_CIatan2
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
floor
_except1
_libm_sse2_pow_precise

Exports

Exports

AcceptDragDropPayload
AddBezierCurve
AddCircle
AddCircleFilled
AddConvexPolyFilled
AddImage
AddImageQuad
AddLine
AddPolyline
AddQuad
AddQuadFilled
AddRect
AddRectFilled
AddRectFilledMultiColor
AddText
AddTriangle
AddTriangleFilled
AlignTextToFramePadding
Begin
BeginChild
BeginChildFrame
BeginCombo
BeginDragDropSource
BeginDragDropTarget
BeginGroup
BeginMainMenuBar
BeginMenuBar
BeginPopup
BeginPopupContextItem
BeginPopupContextVoid
BeginPopupContextWindow
BeginPopupModal
BeginStep
BeginTabBar
BeginTooltip
Button
CalcItemRectClosestPoint
CalcItemWidth
CalcListClipping
CalcTextSize
ChannelsMerge
ChannelsSetCurrent
ChannelsSplit
Checkbox
CheckboxFlags
ClearCharacterInput
CloseCurrentPopup
CollapsingHeader
ColorButton
ColorConvertFloat4ToU32
ColorConvertHSVtoRGB
ColorConvertRGBtoHSV
ColorConvertU32ToFloat4
ColorEdit3
ColorEdit4
ColorPicker3
ColorPicker4
Columns
Combo
CreateFontTexture
DragFloat
DragFloat2
DragFloat3
DragFloat4
DragFloatRange2
DragInt
DragInt2
DragInt3
DragInt4
DragIntRange2
DrawPopClipRect
DrawPushClipRect
Dummy
End
EndChild
EndChildFrame
EndCombo
EndDragDropSource
EndDragDropTarget
EndGroup
EndMainMenuBar
EndMenuBar
EndPopup
EndStep
EndTabBar
EndTooltip
FlushDebugBuffer
GetClipRectMax
GetClipRectMin
GetColorU32
GetColumnIndex
GetColumnOffset
GetColumnWidth
GetColumnsCount
GetContentRegionAvail
GetContentRegionAvailWidth
GetContentRegionMax
GetCursorPosX
GetCursorPosY
GetCursorScreenPos
GetCursorStartPos
GetDisplaySize
GetDrawListFlags
GetFont
GetFontSize
GetFontTexUvWhitePixel
GetFontTexture
GetFrameCount
GetFrameHeight
GetFrameHeightWithSpacing
GetID
GetIOOut
GetItemRectMax
GetItemRectMin
GetItemRectSize
GetScrollMaxX
GetScrollMaxY
GetScrollX
GetScrollY
GetStateStorage
GetStyle
GetStyleColorName
GetStyleColorVec4
GetTextLineHeight
GetTextLineHeightWithSpacing
GetTime
GetTreeNodeToLabelSpacing
GetWindowContentRegionMax
GetWindowContentRegionMin
GetWindowContentRegionWidth
GetWindowDrawList
GetWindowHeight
GetWindowPos
GetWindowSize
GetWindowWidth
IOGetDisplayFramebufferScale
IOGetDisplayVisibleMax
IOGetDisplayVisibleMin
IOGetFontAllowUserScaling
IOGetFontGlobalScale
IOGetIniFilename
IOGetIniSavingRate
IOGetKeyRepeatDelay
IOGetKeyRepeatRate
IOGetLogFilename
IOGetMouseDoubleClickMaxDist
IOGetMouseDoubleClickTime
IOGetMouseDragThreshold
IOGetOptCursorBlink
IOGetOptMacOSXBehaviors
IOSetDisplayFramebufferScale
IOSetDisplayVisibleMax
IOSetDisplayVisibleMin
IOSetFontAllowUserScaling
IOSetFontGlobalScale
IOSetIniFilename
IOSetIniSavingRate
IOSetKeyRepeatDelay
IOSetKeyRepeatRate
IOSetLogFilename
IOSetMouseDoubleClickMaxDist
IOSetMouseDoubleClickTime
IOSetMouseDragThreshold
IOSetOptCursorBlink
IOSetOptMacOSXBehaviors
ImBeginMenu
ImBullet
ImBulletText
ImCaptureKeyboardFromApp
ImCaptureMouseFromApp
ImCreateContext
ImDestroyContext
ImEndMenu
ImGetClipboardText
ImGetCurrentContext
ImGetCursorPos
ImGetKeyIndex
ImGetKeyPressedAmount
ImGetMouseCursor
ImGetMouseDragDelta
ImGetMousePos
ImGetMousePosOnOpeningCurrentPopup
ImGetVersion
ImGuiSetWindowPos
ImIsKeyDown
ImIsKeyPressed
ImIsKeyReleased
ImIsMouseClicked
ImIsMouseDoubleClicked
ImIsMouseDown
ImIsMouseDragging
ImIsMouseHoveringRect
ImIsMousePosValid
ImIsMouseReleased
ImLabelText
ImMemAlloc
ImMemFree
ImResetMouseDragDelta
ImSelectable
ImSetClipboardText
ImSetCurrentContext
ImSetCursorPos
ImSetMouseCursor
ImText
ImTextColored
ImTextDisabled
ImTextWrapped
Image
ImageButton
Indent
Init
InitSharedCallstack
InputFloat
InputFloat2
InputFloat3
InputFloat4
InputInt
InputInt2
InputInt3
InputInt4
InputText
InputTextMultiline
InvisibleButton
IsAnyItemActive
IsAnyItemHovered
IsAnyWindowHovered
IsItemActive
IsItemClicked
IsItemHovered
IsItemVisible
IsPopupOpen
IsRectVisible
IsWindowAppearing
IsWindowCollapsed
IsWindowFocused
IsWindowHovered
ListBox
ListBoxFooter
ListBoxHeader
LogButtons
LogFinish
LogText
LogToClipboard
LogToFile
LogToTTY
MenuItem
NewLine
NextColumn
OpenPopup
OpenPopupOnItemClick
PathArcTo
PathArcToFast
PathBezierCurveTo
PathClear
PathFillConvex
PathLineTo
PathLineToMergeDuplicate
PathRect
PathStroke
PlotHistogram
PlotLines
PopAllowKeyboardFocus
PopButtonRepeat
PopClipRect
PopFont
PopID
PopItemWidth
PopStyleColor
PopStyleVar
PopTextWrapPos
PopTextureID
ProgressBar
PushAllowKeyboardFocus
PushButtonRepeat
PushClipRect
PushClipRectFullScreen
PushFont
PushID
PushItemWidth
PushStyleColor
PushStyleVar
PushTextWrapPos
PushTextureID
RadioButton
RegisterCallbacks
SameLine
Separator
SetColorEditOptions
SetColumnOffset
SetColumnWidth
SetCursorPosX
SetCursorPosY
SetCursorScreenPos
SetDebugBuffer
SetDisplaySize
SetDragDropPayload
SetDrawlistFlags
SetItemAllowOverlap
SetKeyboardFocusHere
SetNextTreeNodeOpen
SetNextWindowCollapsed
SetNextWindowContentSize
SetNextWindowFocus
SetNextWindowPos
SetNextWindowSize
SetNextWindowSizeConstraints
SetRenderBuffer
SetScrollFromPosY
SetScrollHere
SetScrollX
SetScrollY
SetStateStorage
SetTabItemClosed
SetTabItemSelected
SetTooltip
SetWindowCollapsed
SetWindowFocus
SetWindowFontScale
SetWindowSize
SetWrapperBuffer
ShowDemoWindow
ShowFontSelector
ShowMetricsWindow
ShowStyleEditor
ShowStyleSelector
ShowTabsDebug
ShowTabsDemo
ShowUserGuide
Shutdown
ShutdownSharedCallstack
SliderAngle
SliderFloat
SliderFloat2
SliderFloat3
SliderFloat4
SliderInt
SliderInt2
SliderInt3
SliderInt4
SmallButton
Spacing
StyleColorsClassic
StyleColorsDark
StyleColorsLight
TabItem
TextEditorCanRedo
TextEditorCanUndo
TextEditorClose
TextEditorCopy
TextEditorCreate
TextEditorCut
TextEditorDelete
TextEditorGetCursorPosition
TextEditorGetDarkPalette
TextEditorGetLanguageDefinition
TextEditorGetLightPalette
TextEditorGetPalette
TextEditorGetSelectedText
TextEditorGetText
TextEditorGetTotalLines
TextEditorHasSelection
TextEditorInsertText
TextEditorIsOverwrite
TextEditorIsReadOnly
TextEditorMoveBottom
TextEditorMoveDown
TextEditorMoveEnd
TextEditorMoveHome
TextEditorMoveLeft
TextEditorMoveRight
TextEditorMoveTop
TextEditorMoveUp
TextEditorPaste
TextEditorRedo
TextEditorRender
TextEditorSelectWordUnderCursor
TextEditorSetCursorPosition
TextEditorSetLanguageDefinition
TextEditorSetPalette
TextEditorSetReadOnly
TextEditorSetSelection
TextEditorSetSelectionEnd
TextEditorSetSelectionStart
TextEditorSetText
TextEditorUndo
TextEditorsCleanUp
TreeAdvanceToLabelPos
TreeNode
TreeNodeEx
TreePop
TreePush
Unindent
UpdateCharacterInput
UpdateInput
UseOverlayDrawlist
UseWindowDrawList
VSliderFloat
VSliderInt
Value
WaitForDLL
WaitForRender

Sections

.text
Size: 578KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Redist/vc_redist.x644.exe
.exe windows x86

8e2588a9cf43886de3449dfff03137b6

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-10-2014 18:11

Not After

01-01-2016 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:c4:15:a1:23:fa:49:fb:dc:05:86:1f:21:48:b0:49:3b:d5:1d:dc:c6:72:35:17:aa:75:ea:bc:63:fa:76:f8
Signer

Actual PE Digest

6b:c4:15:a1:23:fa:49:fb:dc:05:86:1f:21:48:b0:49:3b:d5:1d:dc:c6:72:35:17:aa:75:ea:bc:63:fa:76:f8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07-02-2023 20:44
Valid: false

57:19:7f:e6:ec:8b:ea:59:58:33:9f:f6:88:06:04:41:78:e0:04:94
Signer

Actual PE Digest

57:19:7f:e6:ec:8b:ea:59:58:33:9f:f6:88:06:04:41:78:e0:04:94

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

26-06-2015 07:02
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromResource
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

advapi32

QueryServiceConfigW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

user32

GetMessageW
PeekMessageW
PostMessageW
IsWindow
PostQuitMessage
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
BeginPaint
EndPaint
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
ReleaseDC
MessageBoxW
PostThreadMessageW
RegisterClassW
CreateWindowExW

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

gdi32

GetDeviceCaps
CreateDCW

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
StringFromGUID2
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCurrentProcess
InitializeCriticalSection
TlsFree
DeleteCriticalSection
CloseHandle
TlsGetValue
Sleep
GetLastError
ReleaseMutex
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
HeapAlloc
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
HeapSetInformation
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GlobalFree
MoveFileExW
CopyFileW
GetFileSizeEx
GetModuleHandleA
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
UnmapViewOfFile
IsDebuggerPresent
DuplicateHandle
HeapFree
FormatMessageW
GetTempFileNameW
GetWindowsDirectoryW
CompareStringA
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
ExitProcess
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap

cabinet

ord22
ord20
ord23

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

msi

ord88
ord17
ord125
ord116
ord115
ord118
ord8
ord171
ord205
ord45
ord137
ord141
ord238
ord190
ord169
ord90
ord173
ord111
ord70

rpcrt4

UuidCreate

wininet

InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
InternetConnectW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Redist/vc_redist.x864.exe
.exe windows x86

8e2588a9cf43886de3449dfff03137b6

Code Sign

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-10-2014 18:11

Not After

01-01-2016 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:06:cb:ec:52:d7:a1:69:63:80:49:01:2e:f8:86:a1:5e:87:65:11:a6:e9:90:cd:1f:7b:f7:ad:25:14:e8:b4
Signer

Actual PE Digest

ab:06:cb:ec:52:d7:a1:69:63:80:49:01:2e:f8:86:a1:5e:87:65:11:a6:e9:90:cd:1f:7b:f7:ad:25:14:e8:b4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07-02-2023 20:44
Valid: false

df:f2:e7:17:7c:35:2e:2a:10:e7:c1:35:9e:a2:41:d0:98:70:74:d6
Signer

Actual PE Digest

df:f2:e7:17:7c:35:2e:2a:10:e7:c1:35:9e:a2:41:d0:98:70:74:d6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

26-06-2015 07:02
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromResource
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

advapi32

QueryServiceConfigW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

user32

GetMessageW
PeekMessageW
PostMessageW
IsWindow
PostQuitMessage
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
BeginPaint
EndPaint
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
ReleaseDC
MessageBoxW
PostThreadMessageW
RegisterClassW
CreateWindowExW

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

gdi32

GetDeviceCaps
CreateDCW

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
StringFromGUID2
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCurrentProcess
InitializeCriticalSection
TlsFree
DeleteCriticalSection
CloseHandle
TlsGetValue
Sleep
GetLastError
ReleaseMutex
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
HeapAlloc
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
HeapSetInformation
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GlobalFree
MoveFileExW
CopyFileW
GetFileSizeEx
GetModuleHandleA
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
UnmapViewOfFile
IsDebuggerPresent
DuplicateHandle
HeapFree
FormatMessageW
GetTempFileNameW
GetWindowsDirectoryW
CompareStringA
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
ExitProcess
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap

cabinet

ord22
ord20
ord23

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

msi

ord88
ord17
ord125
ord116
ord115
ord118
ord8
ord171
ord205
ord45
ord137
ord141
ord238
ord190
ord169
ord90
ord173
ord111
ord70

rpcrt4

UuidCreate

wininet

InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
InternetConnectW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Redist/vcredist_x64.exe
.exe windows x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7e:e6:b3:26:a0:5b:83:d2:4a:74:47:94:80:1b:e6:8c:ef:59:05:96
Signer

Actual PE Digest

7e:e6:b3:26:a0:5b:83:d2:4a:74:47:94:80:1b:e6:8c:ef:59:05:96

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20-02-2011 21:09
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Redist/vcredist_x642.exe
.exe windows x86

dcbe94b8cc54b8e53867c61cc96811d6

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2013 20:08

Not After

27-06-2014 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-04-2014 17:39

Not After

22-07-2015 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-09-2013 17:41

Not After

24-12-2014 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:03:69:a4:40:7e:43:e2:00:c5:92:64:aa:e6:bc:8b:76:88:df:44:40:89:f4:ae:09:76:6c:f7:df:da:11:e1
Signer

Actual PE Digest

7c:03:69:a4:40:7e:43:e2:00:c5:92:64:aa:e6:bc:8b:76:88:df:44:40:89:f4:ae:09:76:6c:f7:df:da:11:e1

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07-02-2023 20:44
Valid: false

30:b3:61:3b:16:4e:9c:aa:e6:a5:4f:3b:72:a7:34:da:1d:ed:70:f9
Signer

Actual PE Digest

30:b3:61:3b:16:4e:9c:aa:e6:a5:4f:3b:72:a7:34:da:1d:ed:70:f9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01-05-2014 17:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
QueryServiceConfigW

user32

GetMessageW
PeekMessageW
PostMessageW
PostThreadMessageW
PostQuitMessage
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMonitorInfoW
IsDialogMessageW
MessageBoxW
GetWindowLongW
RegisterClassW
IsWindow
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
LoadBitmapW
GetCursorPos
MonitorFromPoint
CreateWindowExW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
DeleteDC
StretchBlt

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID
CoCreateInstance
CoInitialize
StringFromGUID2
CoInitializeEx
CoUninitialize

kernel32

ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
RtlUnwind
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
DuplicateHandle
SetThreadExecutionState
CopyFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CompareStringA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetVersionExW
GetCurrentThreadId
TlsAlloc
TlsSetValue
ReleaseMutex
GetLastError
Sleep
TlsGetValue
CloseHandle
DeleteCriticalSection
GetTimeZoneInformation
GetACP
GetCPInfo
RaiseException
HeapAlloc
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
GlobalFree
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TlsFree
InitializeCriticalSection
GetCurrentProcess
HeapSetInformation
GetOEMCP
SetFileAttributesW
IsValidCodePage
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
FormatMessageW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap
GetModuleHandleA
GetFileSizeEx
GetUserDefaultLangID
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
MoveFileExW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
GetCommandLineW
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
CopyFileW

cabinet

ord23
ord22
ord20

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

msi

ord116
ord17
ord125
ord171
ord8
ord115
ord118
ord205
ord45
ord137
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169

rpcrt4

UuidCreate

wininet

InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetConnectW
InternetOpenW

wintrust

CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Redist/vcredist_x643.exe
.exe windows x86

33c6db41ca15b47cfcec52de6c2ab2b7

Code Sign

33:00:00:00:34:24:31:40:c9:a0:c1:79:8d:00:00:00:00:00:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2013 20:08

Not After

27-06-2014 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-09-2013 17:41

Not After

24-12-2014 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:c5:3f:c6:cf:61:80:fa:ca:50:0d:be:3d:8c:71:96:9a:5f:de:3a:97:a3:72:8e:48:0f:76:c1:95:c7:4a:17
Signer

Actual PE Digest

07:c5:3f:c6:cf:61:80:fa:ca:50:0d:be:3d:8c:71:96:9a:5f:de:3a:97:a3:72:8e:48:0f:76:c1:95:c7:4a:17

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07-02-2023 20:44
Valid: false

6c:6c:5f:05:6b:fb:f9:61:c3:3a:07:4c:73:49:9c:53:7b:5f:c2:59
Signer

Actual PE Digest

6c:6c:5f:05:6b:fb:f9:61:c3:3a:07:4c:73:49:9c:53:7b:5f:c2:59

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

30-10-2013 12:49
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

CopyFileExW
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
ResetEvent
SetEndOfFile
DeleteFileW
GetThreadLocale
UnmapViewOfFile
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetLocalTime
SetFilePointer
GetComputerNameW
CreateFileA
GetProcessHeap
GetModuleHandleA
CopyFileW
MoveFileExW
GlobalFree
GlobalAlloc
GetFileSizeEx
GetCurrentDirectoryW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
RaiseException
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FormatMessageW
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringW
InitializeCriticalSection
CloseHandle
LocalFree
ReleaseMutex
GetVersionExW
GetProcessId
ReadFile
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
WaitForSingleObject
OpenProcess
CreateFileW
SetFilePointerEx
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
VerifyVersionInfoW
VerSetConditionMask
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
GetExitCodeProcess
SetThreadExecutionState
FlushFileBuffers

msi

ord171
ord45
ord137
ord125
ord17
ord8
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169
ord118
ord115
ord116
ord205

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

rpcrt4

UuidCreate

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

gdi32

DeleteDC
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt

cabinet

ord23
ord22
ord20

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
SetNamedSecurityInfoW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigW
DecryptFileW
SetEntriesInAclW
InitializeAcl
CreateWellKnownSid
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfigW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ole32

CLSIDFromProgID
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
StringFromGUID2

user32

LoadBitmapW
IsWindow
PostMessageW
PeekMessageW
GetMessageW
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
CreateWindowExW
RegisterClassW
MsgWaitForMultipleObjects
LoadCursorW
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MessageBoxW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Redist/vcredist_x86.exe
.exe windows x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5f:c8:53:53:4b:f3:8d:17:29:22:b7:77:39:d5:7a:e2:70:d6:a5:b8
Signer

Actual PE Digest

5f:c8:53:53:4b:f3:8d:17:29:22:b7:77:39:d5:7a:e2:70:d6:a5:b8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

20-02-2011 21:12
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.7MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Redist/vcredist_x862.exe
.exe windows x86

dcbe94b8cc54b8e53867c61cc96811d6

Code Sign

33:00:00:00:4c:a1:e8:4d:cc:b4:74:7b:3b:00:00:00:00:00:4c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-11-2013 22:11

Not After

11-02-2015 22:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-04-2014 17:39

Not After

22-07-2015 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-09-2013 17:41

Not After

24-12-2014 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:74:c3:79:56:e7:2b:5d:3a:c2:b9:84:ce:5e:5a:6e:87:d4:41:57:40:ea:74:ae:2c:8b:db:54:2a:69:14:3c
Signer

Actual PE Digest

af:74:c3:79:56:e7:2b:5d:3a:c2:b9:84:ce:5e:5a:6e:87:d4:41:57:40:ea:74:ae:2c:8b:db:54:2a:69:14:3c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07-02-2023 20:44
Valid: false

c6:e9:00:f0:64:0e:2a:52:a2:da:4c:db:2e:25:f4:6b:1c:8c:4b:6b
Signer

Actual PE Digest

c6:e9:00:f0:64:0e:2a:52:a2:da:4c:db:2e:25:f4:6b:1c:8c:4b:6b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

01-05-2014 17:02
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
QueryServiceConfigW

user32

GetMessageW
PeekMessageW
PostMessageW
PostThreadMessageW
PostQuitMessage
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
GetMonitorInfoW
IsDialogMessageW
MessageBoxW
GetWindowLongW
RegisterClassW
IsWindow
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
LoadBitmapW
GetCursorPos
MonitorFromPoint
CreateWindowExW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
DeleteDC
StretchBlt

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID
CoCreateInstance
CoInitialize
StringFromGUID2
CoInitializeEx
CoUninitialize

kernel32

ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
RtlUnwind
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetModuleHandleW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
DuplicateHandle
SetThreadExecutionState
CopyFileExW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
CompareStringA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetVersionExW
GetCurrentThreadId
TlsAlloc
TlsSetValue
ReleaseMutex
GetLastError
Sleep
TlsGetValue
CloseHandle
DeleteCriticalSection
GetTimeZoneInformation
GetACP
GetCPInfo
RaiseException
HeapAlloc
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
GlobalFree
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
TlsFree
InitializeCriticalSection
GetCurrentProcess
HeapSetInformation
GetOEMCP
SetFileAttributesW
IsValidCodePage
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
FormatMessageW
GetTempFileNameW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap
GetModuleHandleA
GetFileSizeEx
GetUserDefaultLangID
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
MoveFileExW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
GetCommandLineW
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
CopyFileW

cabinet

ord23
ord22
ord20

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

msi

ord116
ord17
ord125
ord171
ord8
ord115
ord118
ord205
ord45
ord137
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169

rpcrt4

UuidCreate

wininet

InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetConnectW
InternetOpenW

wintrust

CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/Redist/vcredist_x863.exe
.exe windows x86

33c6db41ca15b47cfcec52de6c2ab2b7

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-09-2012 21:12

Not After

04-12-2013 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-09-2013 17:41

Not After

24-12-2014 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:e7:0c:89:55:fe:17:47:bf:fc:11:1e:47:bb:a8:d9:82:a5:1f:58:f1:9c:0e:1f:00:6a:71:79:e7:ff:75:22
Signer

Actual PE Digest

d4:e7:0c:89:55:fe:17:47:bf:fc:11:1e:47:bb:a8:d9:82:a5:1f:58:f1:9c:0e:1f:00:6a:71:79:e7:ff:75:22

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

07-02-2023 20:44
Valid: false

36:8d:a7:ef:b6:4b:ef:51:51:7c:7b:1c:58:f3:56:1f:6d:97:57:92
Signer

Actual PE Digest

36:8d:a7:ef:b6:4b:ef:51:51:7c:7b:1c:58:f3:56:1f:6d:97:57:92

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

30-10-2013 12:43
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

kernel32

CopyFileExW
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
ResetEvent
SetEndOfFile
DeleteFileW
GetThreadLocale
UnmapViewOfFile
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetLocalTime
SetFilePointer
GetComputerNameW
CreateFileA
GetProcessHeap
GetModuleHandleA
CopyFileW
MoveFileExW
GlobalFree
GlobalAlloc
GetFileSizeEx
GetCurrentDirectoryW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
RaiseException
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FormatMessageW
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringW
InitializeCriticalSection
CloseHandle
LocalFree
ReleaseMutex
GetVersionExW
GetProcessId
ReadFile
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
WaitForSingleObject
OpenProcess
CreateFileW
SetFilePointerEx
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
VerifyVersionInfoW
VerSetConditionMask
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
GetExitCodeProcess
SetThreadExecutionState
FlushFileBuffers

msi

ord171
ord45
ord137
ord125
ord17
ord8
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169
ord118
ord115
ord116
ord205

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

rpcrt4

UuidCreate

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

gdi32

DeleteDC
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt

cabinet

ord23
ord22
ord20

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
SetNamedSecurityInfoW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigW
DecryptFileW
SetEntriesInAclW
InitializeAcl
CreateWellKnownSid
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfigW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ole32

CLSIDFromProgID
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
StringFromGUID2

user32

LoadBitmapW
IsWindow
PostMessageW
PeekMessageW
GetMessageW
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
CreateWindowExW
RegisterClassW
MsgWaitForMultipleObjects
LoadCursorW
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MessageBoxW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/audiogroup1.dat
Forager v4.1.8-PiviGames.blog/catch_error.dll
.dll windows x86

d3ca9bad7a6599769ac5641562f24344

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

ImageDirectoryEntryToData

kernel32

WriteProcessMemory
VirtualProtect
GetCurrentProcess
WriteFile
SetEndOfFile
CreateFileW
GetModuleHandleA
Sleep
GetLastError
CloseHandle
GetProcAddress
ReadProcessMemory
GetModuleHandleW
lstrcmpW
VirtualQuery
HeapSize
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetTimeZoneInformation
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RaiseException
InterlockedFlushSList
RtlUnwind
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapAlloc
HeapReAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetACP
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

user32

MessageBoxW
CreateWindowExW
DispatchMessageW
PeekMessageW
TranslateMessage

shell32

ShellExecuteW

Exports

Exports

catch_error_clear
catch_error_dequeue
catch_error_fatal_force_raw
catch_error_get_dump_path
catch_error_get_exec_params
catch_error_get_exec_path
catch_error_get_fatal
catch_error_get_newer
catch_error_get_normal
catch_error_get_prompt_flags
catch_error_get_prompt_kind
catch_error_get_prompt_text
catch_error_get_prompt_title
catch_error_init_raw
catch_error_is_loaded
catch_error_is_ready
catch_error_set_dump_path_raw
catch_error_set_exec_raw
catch_error_set_fatal
catch_error_set_newer_raw
catch_error_set_normal
catch_error_set_prompt_raw
catch_error_size

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/data.txt
Forager v4.1.8-PiviGames.blog/data.win
Forager v4.1.8-PiviGames.blog/local/chinese.json
Forager v4.1.8-PiviGames.blog/local/chinese_traditional.json
Forager v4.1.8-PiviGames.blog/local/english.json
Forager v4.1.8-PiviGames.blog/local/french.json
Forager v4.1.8-PiviGames.blog/local/german.json
Forager v4.1.8-PiviGames.blog/local/japanese.json
Forager v4.1.8-PiviGames.blog/local/korean.json
Forager v4.1.8-PiviGames.blog/local/portuguese.json
Forager v4.1.8-PiviGames.blog/local/russian.json
Forager v4.1.8-PiviGames.blog/local/spanish.json
Forager v4.1.8-PiviGames.blog/local/thai.json
Forager v4.1.8-PiviGames.blog/local/turkish.json
Forager v4.1.8-PiviGames.blog/options.ini
Forager v4.1.8-PiviGames.blog/rousrDissonance.dll
.dll windows x86

91242d088868530dc10e23073a6f6b18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
WaitNamedPipeW
PeekNamedPipe
GetLastError
CloseHandle
WriteFile
ReadFile
CreateFileW
MultiByteToWideChar
lstrlenW

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_signal
_Cnd_broadcast
_Cnd_timedwait
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Cnd_destroy
_Cnd_init
_Mtx_unlock
?_Xlength_error@std@@YAXPBD@Z
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_destroy
_Mtx_init
_Thrd_id
_Thrd_join
_Xtime_get_ticks
_Thrd_start
_Mtx_lock

vcruntime140

__std_exception_destroy
__CxxFrameHandler3
__std_terminate
_purecall
memcpy
__std_type_info_destroy_list
_except_handler4_common
_CxxThrowException
__RTDynamicCast
__std_exception_copy
memmove
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
_initterm
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initterm_e

api-ms-win-crt-string-l1-1-0

strncpy_s

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-math-l1-1-0

log2
_except1
ceil

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf
__stdio_common_vfprintf
__acrt_iob_func

advapi32

RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

Init
RegisterCallbacks
ResetPresence
Respond
RunCallbacks
SetDetails
SetJoinSecret
SetLargeImage
SetMatchSecret
SetPartyData
SetSmallImage
SetSpectateSecret
SetState
SetTimeStamps
Shutdown
UpdatePresence

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/steam_api.dll
.dll windows x86

500be07b4f376f32db1fc9d51ae75366

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

ShowWindow

advapi32

RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

ws2_32

WSASetLastError

winhttp

WinHttpOpenRequest

psapi

GetModuleBaseNameW

Exports

Exports

Breakpad_SteamMiniDumpInit
Breakpad_SteamSetAppID
Breakpad_SteamSetSteamID
Breakpad_SteamWriteMiniDumpSetComment
Breakpad_SteamWriteMiniDumpUsingExceptionInfoWithBuildId
CAddAppDependencyResult_t_RemoveCallResult
CAddAppDependencyResult_t_SetCallResult
CAddUGCDependencyResult_t_RemoveCallResult
CAddUGCDependencyResult_t_SetCallResult
CAssociateWithClanResult_t_RemoveCallResult
CAssociateWithClanResult_t_SetCallResult
CCheckFileSignature_t_RemoveCallResult
CCheckFileSignature_t_SetCallResult
CClanOfficerListResponse_t_RemoveCallResult
CClanOfficerListResponse_t_SetCallResult
CComputeNewPlayerCompatibilityResult_t_RemoveCallResult
CComputeNewPlayerCompatibilityResult_t_SetCallResult
CCreateItemResult_t_RemoveCallResult
CCreateItemResult_t_SetCallResult
CDeleteItemResult_t_RemoveCallResult
CDeleteItemResult_t_SetCallResult
CEncryptedAppTicketResponse_t_RemoveCallResult
CEncryptedAppTicketResponse_t_SetCallResult
CFileDetailsResult_t_RemoveCallResult
CFileDetailsResult_t_SetCallResult
CFriendsEnumerateFollowingList_t_RemoveCallResult
CFriendsEnumerateFollowingList_t_SetCallResult
CFriendsGetFollowerCount_t_RemoveCallResult
CFriendsGetFollowerCount_t_SetCallResult
CFriendsIsFollowing_t_RemoveCallResult
CFriendsIsFollowing_t_SetCallResult
CGSReputation_t_RemoveCallResult
CGSReputation_t_SetCallResult
CGSStatsReceived_t_RemoveCallResult
CGSStatsReceived_t_SetCallResult
CGSStatsStored_t_RemoveCallResult
CGSStatsStored_t_SetCallResult
CGetAppDependenciesResult_t_RemoveCallResult
CGetAppDependenciesResult_t_SetCallResult
CGetOPFSettingsResult_t_RemoveCallback
CGetOPFSettingsResult_t_SetCallback
CGetUserItemVoteResult_t_RemoveCallResult
CGetUserItemVoteResult_t_SetCallResult
CGlobalAchievementPercentagesReady_t_RemoveCallResult
CGlobalAchievementPercentagesReady_t_SetCallResult
CGlobalStatsReceived_t_RemoveCallResult
CGlobalStatsReceived_t_SetCallResult
CHTML_BrowserReady_t_RemoveCallResult
CHTML_BrowserReady_t_SetCallResult
CJoinClanChatRoomCompletionResult_t_RemoveCallResult
CJoinClanChatRoomCompletionResult_t_SetCallResult
CLeaderboardFindResult_t_RemoveCallResult
CLeaderboardFindResult_t_SetCallResult
CLeaderboardScoreUploaded_t_RemoveCallResult
CLeaderboardScoreUploaded_t_SetCallResult
CLeaderboardScoresDownloaded_t_RemoveCallResult
CLeaderboardScoresDownloaded_t_SetCallResult
CLeaderboardUGCSet_t_RemoveCallResult
CLeaderboardUGCSet_t_SetCallResult
CLobbyCreated_t_RemoveCallResult
CLobbyCreated_t_SetCallResult
CLobbyEnter_t_RemoveCallResult
CLobbyEnter_t_SetCallResult
CLobbyMatchList_t_RemoveCallResult
CLobbyMatchList_t_SetCallResult
CNumberOfCurrentPlayers_t_RemoveCallResult
CNumberOfCurrentPlayers_t_SetCallResult
CRemoteStorageDeletePublishedFileResult_t_RemoveCallResult
CRemoteStorageDeletePublishedFileResult_t_SetCallResult
CRemoteStorageDownloadUGCResult_t_RemoveCallResult
CRemoteStorageDownloadUGCResult_t_SetCallResult
CRemoteStorageEnumeratePublishedFilesByUserActionResult_t_RemoveCallResult
CRemoteStorageEnumeratePublishedFilesByUserActionResult_t_SetCallResult
CRemoteStorageEnumerateUserPublishedFilesResult_t_RemoveCallResult
CRemoteStorageEnumerateUserPublishedFilesResult_t_SetCallResult
CRemoteStorageEnumerateUserSubscribedFilesResult_t_RemoveCallResult
CRemoteStorageEnumerateUserSubscribedFilesResult_t_SetCallResult
CRemoteStorageEnumerateWorkshopFilesResult_t_RemoveCallResult
CRemoteStorageEnumerateWorkshopFilesResult_t_SetCallResult
CRemoteStorageFileReadAsyncComplete_t_RemoveCallResult
CRemoteStorageFileReadAsyncComplete_t_SetCallResult
CRemoteStorageFileShareResult_t_RemoveCallResult
CRemoteStorageFileShareResult_t_SetCallResult
CRemoteStorageFileWriteAsyncComplete_t_RemoveCallResult
CRemoteStorageFileWriteAsyncComplete_t_SetCallResult
CRemoteStorageGetPublishedFileDetailsResult_t_RemoveCallResult
CRemoteStorageGetPublishedFileDetailsResult_t_SetCallResult
CRemoteStorageGetPublishedItemVoteDetailsResult_t_RemoveCallResult
CRemoteStorageGetPublishedItemVoteDetailsResult_t_SetCallResult
CRemoteStoragePublishFileProgress_t_RemoveCallResult
CRemoteStoragePublishFileProgress_t_SetCallResult
CRemoteStorageSetUserPublishedFileActionResult_t_RemoveCallResult
CRemoteStorageSetUserPublishedFileActionResult_t_SetCallResult
CRemoteStorageSubscribePublishedFileResult_t_RemoveCallResult
CRemoteStorageSubscribePublishedFileResult_t_SetCallResult
CRemoteStorageUnsubscribePublishedFileResult_t_RemoveCallResult
CRemoteStorageUnsubscribePublishedFileResult_t_SetCallResult
CRemoteStorageUpdatePublishedFileResult_t_RemoveCallResult
CRemoteStorageUpdatePublishedFileResult_t_SetCallResult
CRemoteStorageUpdateUserPublishedItemVoteResult_t_RemoveCallResult
CRemoteStorageUpdateUserPublishedItemVoteResult_t_SetCallResult
CRemoveAppDependencyResult_t_RemoveCallResult
CRemoveAppDependencyResult_t_SetCallResult
CRemoveUGCDependencyResult_t_RemoveCallResult
CRemoveUGCDependencyResult_t_SetCallResult
CSetPersonaNameResponse_t_RemoveCallResult
CSetPersonaNameResponse_t_SetCallResult
CSetUserItemVoteResult_t_RemoveCallResult
CSetUserItemVoteResult_t_SetCallResult
CStartPlaytimeTrackingResult_t_RemoveCallResult
CStartPlaytimeTrackingResult_t_SetCallResult
CSteamInventoryEligiblePromoItemDefIDs_t_RemoveCallResult
CSteamInventoryEligiblePromoItemDefIDs_t_SetCallResult
CSteamUGCQueryCompleted_t_RemoveCallResult
CSteamUGCQueryCompleted_t_SetCallResult
CStopPlaytimeTrackingResult_t_RemoveCallResult
CStopPlaytimeTrackingResult_t_SetCallResult
CStoreAuthURLResponse_t_RemoveCallResult
CStoreAuthURLResponse_t_SetCallResult
CSubmitItemUpdateResult_t_RemoveCallResult
CSubmitItemUpdateResult_t_SetCallResult
CUserFavoriteItemsListChanged_t_RemoveCallResult
CUserFavoriteItemsListChanged_t_SetCallResult
CUserStatsReceived_t_RemoveCallResult
CUserStatsReceived_t_RemoveCallback
CUserStatsReceived_t_SetCallResult
CUserStatsReceived_t_SetCallback
CreateInterface
GetHSteamPipe
GetHSteamUser
SteamAPI
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_ISteamAppList_GetAppBuildId
SteamAPI_ISteamAppList_GetAppInstallDir
SteamAPI_ISteamAppList_GetAppName
SteamAPI_ISteamAppList_GetInstalledApps
SteamAPI_ISteamAppList_GetNumInstalledApps
SteamAPI_ISteamApps_BGetDLCDataByIndex
SteamAPI_ISteamApps_BIsAppInstalled
SteamAPI_ISteamApps_BIsCybercafe
SteamAPI_ISteamApps_BIsDlcInstalled
SteamAPI_ISteamApps_BIsLowViolence
SteamAPI_ISteamApps_BIsSubscribed
SteamAPI_ISteamApps_BIsSubscribedApp
SteamAPI_ISteamApps_BIsSubscribedFromFreeWeekend
SteamAPI_ISteamApps_BIsVACBanned
SteamAPI_ISteamApps_GetAppBuildId
SteamAPI_ISteamApps_GetAppInstallDir
SteamAPI_ISteamApps_GetAppOwner
SteamAPI_ISteamApps_GetAvailableGameLanguages
SteamAPI_ISteamApps_GetCurrentBetaName
SteamAPI_ISteamApps_GetCurrentGameLanguage
SteamAPI_ISteamApps_GetDLCCount
SteamAPI_ISteamApps_GetDlcDownloadProgress
SteamAPI_ISteamApps_GetEarliestPurchaseUnixTime
SteamAPI_ISteamApps_GetFileDetails
SteamAPI_ISteamApps_GetInstalledDepots
SteamAPI_ISteamApps_GetLaunchQueryParam
SteamAPI_ISteamApps_GetPublisherOwnedAppData
SteamAPI_ISteamApps_InstallDLC
SteamAPI_ISteamApps_MarkContentCorrupt
SteamAPI_ISteamApps_RequestAllProofOfPurchaseKeys
SteamAPI_ISteamApps_RequestAppProofOfPurchaseKey
SteamAPI_ISteamApps_RequestPublisherOwnedAppData
SteamAPI_ISteamApps_UninstallDLC
SteamAPI_ISteamClient_BReleaseSteamPipe
SteamAPI_ISteamClient_BShutdownIfAllPipesClosed
SteamAPI_ISteamClient_ConnectToGlobalUser
SteamAPI_ISteamClient_CreateLocalUser
SteamAPI_ISteamClient_CreateSteamPipe
SteamAPI_ISteamClient_GetIPCCallCount
SteamAPI_ISteamClient_GetISteamAppList
SteamAPI_ISteamClient_GetISteamApps
SteamAPI_ISteamClient_GetISteamController
SteamAPI_ISteamClient_GetISteamFriends
SteamAPI_ISteamClient_GetISteamGameServer
SteamAPI_ISteamClient_GetISteamGameServerStats
SteamAPI_ISteamClient_GetISteamGenericInterface
SteamAPI_ISteamClient_GetISteamHTMLSurface
SteamAPI_ISteamClient_GetISteamHTTP
SteamAPI_ISteamClient_GetISteamInventory
SteamAPI_ISteamClient_GetISteamMatchmaking
SteamAPI_ISteamClient_GetISteamMatchmakingServers
SteamAPI_ISteamClient_GetISteamMusic
SteamAPI_ISteamClient_GetISteamMusicRemote
SteamAPI_ISteamClient_GetISteamNetworking
SteamAPI_ISteamClient_GetISteamParentalSettings
SteamAPI_ISteamClient_GetISteamRemoteStorage
SteamAPI_ISteamClient_GetISteamScreenshots
SteamAPI_ISteamClient_GetISteamUGC
SteamAPI_ISteamClient_GetISteamUnifiedMessages
SteamAPI_ISteamClient_GetISteamUser
SteamAPI_ISteamClient_GetISteamUserStats
SteamAPI_ISteamClient_GetISteamUtils
SteamAPI_ISteamClient_GetISteamVideo
SteamAPI_ISteamClient_ReleaseUser
SteamAPI_ISteamClient_Remove_SteamAPI_CPostAPIResultInProcess
SteamAPI_ISteamClient_RunFrame
SteamAPI_ISteamClient_SetLocalIPBinding
SteamAPI_ISteamClient_SetWarningMessageHook
SteamAPI_ISteamClient_Set_SteamAPI_CCheckCallbackRegisteredInProcess
SteamAPI_ISteamClient_Set_SteamAPI_CPostAPIResultInProcess
SteamAPI_ISteamController_ActivateActionSet
SteamAPI_ISteamController_ActivateActionSetLayer
SteamAPI_ISteamController_DeactivateActionSetLayer
SteamAPI_ISteamController_DeactivateAllActionSetLayers
SteamAPI_ISteamController_GetActionSetHandle
SteamAPI_ISteamController_GetActiveActionSetLayers
SteamAPI_ISteamController_GetAnalogActionData
SteamAPI_ISteamController_GetAnalogActionHandle
SteamAPI_ISteamController_GetAnalogActionOrigins
SteamAPI_ISteamController_GetConnectedControllers
SteamAPI_ISteamController_GetControllerForGamepadIndex
SteamAPI_ISteamController_GetControllerState
SteamAPI_ISteamController_GetCurrentActionSet
SteamAPI_ISteamController_GetDigitalActionData
SteamAPI_ISteamController_GetDigitalActionHandle
SteamAPI_ISteamController_GetDigitalActionOrigins
SteamAPI_ISteamController_GetGamepadIndexForController
SteamAPI_ISteamController_GetGlyphForActionOrigin
SteamAPI_ISteamController_GetInputTypeForHandle
SteamAPI_ISteamController_GetMotionData
SteamAPI_ISteamController_GetStringForActionOrigin
SteamAPI_ISteamController_Init
SteamAPI_ISteamController_RunFrame
SteamAPI_ISteamController_SetLEDColor
SteamAPI_ISteamController_SetOverrideMode
SteamAPI_ISteamController_ShowAnalogActionOrigins
SteamAPI_ISteamController_ShowBindingPanel
SteamAPI_ISteamController_ShowDigitalActionOrigins
SteamAPI_ISteamController_Shutdown
SteamAPI_ISteamController_StopAnalogActionMomentum
SteamAPI_ISteamController_TriggerHapticPulse
SteamAPI_ISteamController_TriggerRepeatedHapticPulse
SteamAPI_ISteamController_TriggerVibration
SteamAPI_ISteamFriends_ActivateGameOverlay
SteamAPI_ISteamFriends_ActivateGameOverlayInviteDialog
SteamAPI_ISteamFriends_ActivateGameOverlayToStore
SteamAPI_ISteamFriends_ActivateGameOverlayToUser
SteamAPI_ISteamFriends_ActivateGameOverlayToWebPage
SteamAPI_ISteamFriends_ClearRichPresence
SteamAPI_ISteamFriends_CloseClanChatWindowInSteam
SteamAPI_ISteamFriends_DownloadClanActivityCounts
SteamAPI_ISteamFriends_EnumerateFollowingList
SteamAPI_ISteamFriends_GetChatMemberByIndex
SteamAPI_ISteamFriends_GetClanActivityCounts
SteamAPI_ISteamFriends_GetClanByIndex
SteamAPI_ISteamFriends_GetClanChatMemberCount
SteamAPI_ISteamFriends_GetClanChatMessage
SteamAPI_ISteamFriends_GetClanCount
SteamAPI_ISteamFriends_GetClanName
SteamAPI_ISteamFriends_GetClanOfficerByIndex
SteamAPI_ISteamFriends_GetClanOfficerCount
SteamAPI_ISteamFriends_GetClanOwner
SteamAPI_ISteamFriends_GetClanTag
SteamAPI_ISteamFriends_GetCoplayFriend
SteamAPI_ISteamFriends_GetCoplayFriendCount
SteamAPI_ISteamFriends_GetFollowerCount
SteamAPI_ISteamFriends_GetFriendByIndex
SteamAPI_ISteamFriends_GetFriendCoplayGame
SteamAPI_ISteamFriends_GetFriendCoplayTime
SteamAPI_ISteamFriends_GetFriendCount
SteamAPI_ISteamFriends_GetFriendCountFromSource
SteamAPI_ISteamFriends_GetFriendFromSourceByIndex
SteamAPI_ISteamFriends_GetFriendGamePlayed
SteamAPI_ISteamFriends_GetFriendMessage
SteamAPI_ISteamFriends_GetFriendPersonaName
SteamAPI_ISteamFriends_GetFriendPersonaNameHistory
SteamAPI_ISteamFriends_GetFriendPersonaState
SteamAPI_ISteamFriends_GetFriendRelationship
SteamAPI_ISteamFriends_GetFriendRichPresence
SteamAPI_ISteamFriends_GetFriendRichPresenceKeyByIndex
SteamAPI_ISteamFriends_GetFriendRichPresenceKeyCount
SteamAPI_ISteamFriends_GetFriendSteamLevel
SteamAPI_ISteamFriends_GetFriendsGroupCount
SteamAPI_ISteamFriends_GetFriendsGroupIDByIndex
SteamAPI_ISteamFriends_GetFriendsGroupMembersCount
SteamAPI_ISteamFriends_GetFriendsGroupMembersList
SteamAPI_ISteamFriends_GetFriendsGroupName
SteamAPI_ISteamFriends_GetLargeFriendAvatar
SteamAPI_ISteamFriends_GetMediumFriendAvatar
SteamAPI_ISteamFriends_GetPersonaName
SteamAPI_ISteamFriends_GetPersonaState
SteamAPI_ISteamFriends_GetPlayerNickname
SteamAPI_ISteamFriends_GetSmallFriendAvatar
SteamAPI_ISteamFriends_GetUserRestrictions
SteamAPI_ISteamFriends_HasFriend
SteamAPI_ISteamFriends_InviteUserToGame
SteamAPI_ISteamFriends_IsClanChatAdmin
SteamAPI_ISteamFriends_IsClanChatWindowOpenInSteam
SteamAPI_ISteamFriends_IsClanOfficialGameGroup
SteamAPI_ISteamFriends_IsClanPublic
SteamAPI_ISteamFriends_IsFollowing
SteamAPI_ISteamFriends_IsUserInSource
SteamAPI_ISteamFriends_JoinClanChatRoom
SteamAPI_ISteamFriends_LeaveClanChatRoom
SteamAPI_ISteamFriends_OpenClanChatWindowInSteam
SteamAPI_ISteamFriends_ReplyToFriendMessage
SteamAPI_ISteamFriends_RequestClanOfficerList
SteamAPI_ISteamFriends_RequestFriendRichPresence
SteamAPI_ISteamFriends_RequestUserInformation
SteamAPI_ISteamFriends_SendClanChatMessage
SteamAPI_ISteamFriends_SetInGameVoiceSpeaking
SteamAPI_ISteamFriends_SetListenForFriendsMessages
SteamAPI_ISteamFriends_SetPersonaName
SteamAPI_ISteamFriends_SetPlayedWith
SteamAPI_ISteamFriends_SetRichPresence
SteamAPI_ISteamGameServerStats_ClearUserAchievement
SteamAPI_ISteamGameServerStats_GetUserAchievement
SteamAPI_ISteamGameServerStats_GetUserStat
SteamAPI_ISteamGameServerStats_GetUserStat0
SteamAPI_ISteamGameServerStats_RequestUserStats
SteamAPI_ISteamGameServerStats_SetUserAchievement
SteamAPI_ISteamGameServerStats_SetUserStat
SteamAPI_ISteamGameServerStats_SetUserStat0
SteamAPI_ISteamGameServerStats_StoreUserStats
SteamAPI_ISteamGameServerStats_UpdateUserAvgRateStat
SteamAPI_ISteamGameServer_AssociateWithClan
SteamAPI_ISteamGameServer_BLoggedOn
SteamAPI_ISteamGameServer_BSecure
SteamAPI_ISteamGameServer_BUpdateUserData
SteamAPI_ISteamGameServer_BeginAuthSession
SteamAPI_ISteamGameServer_CancelAuthTicket
SteamAPI_ISteamGameServer_ClearAllKeyValues
SteamAPI_ISteamGameServer_ComputeNewPlayerCompatibility
SteamAPI_ISteamGameServer_CreateUnauthenticatedUserConnection
SteamAPI_ISteamGameServer_EnableHeartbeats
SteamAPI_ISteamGameServer_EndAuthSession
SteamAPI_ISteamGameServer_ForceHeartbeat
SteamAPI_ISteamGameServer_GetAuthSessionTicket
SteamAPI_ISteamGameServer_GetGameplayStats
SteamAPI_ISteamGameServer_GetNextOutgoingPacket
SteamAPI_ISteamGameServer_GetPublicIP
SteamAPI_ISteamGameServer_GetServerReputation
SteamAPI_ISteamGameServer_GetSteamID
SteamAPI_ISteamGameServer_HandleIncomingPacket
SteamAPI_ISteamGameServer_InitGameServer
SteamAPI_ISteamGameServer_LogOff
SteamAPI_ISteamGameServer_LogOn
SteamAPI_ISteamGameServer_LogOnAnonymous
SteamAPI_ISteamGameServer_RequestUserGroupStatus
SteamAPI_ISteamGameServer_SendUserConnectAndAuthenticate
SteamAPI_ISteamGameServer_SendUserDisconnect
SteamAPI_ISteamGameServer_SetBotPlayerCount
SteamAPI_ISteamGameServer_SetDedicatedServer
SteamAPI_ISteamGameServer_SetGameData
SteamAPI_ISteamGameServer_SetGameDescription
SteamAPI_ISteamGameServer_SetGameTags
SteamAPI_ISteamGameServer_SetHeartbeatInterval
SteamAPI_ISteamGameServer_SetKeyValue
SteamAPI_ISteamGameServer_SetMapName
SteamAPI_ISteamGameServer_SetMaxPlayerCount
SteamAPI_ISteamGameServer_SetModDir
SteamAPI_ISteamGameServer_SetPasswordProtected
SteamAPI_ISteamGameServer_SetProduct
SteamAPI_ISteamGameServer_SetRegion
SteamAPI_ISteamGameServer_SetServerName
SteamAPI_ISteamGameServer_SetSpectatorPort
SteamAPI_ISteamGameServer_SetSpectatorServerName
SteamAPI_ISteamGameServer_UserHasLicenseForApp
SteamAPI_ISteamGameServer_WasRestartRequested
SteamAPI_ISteamHTMLSurface_AddHeader
SteamAPI_ISteamHTMLSurface_AllowStartRequest
SteamAPI_ISteamHTMLSurface_CopyToClipboard
SteamAPI_ISteamHTMLSurface_CreateBrowser
SteamAPI_ISteamHTMLSurface_DestructISteamHTMLSurface
SteamAPI_ISteamHTMLSurface_ExecuteJavascript
SteamAPI_ISteamHTMLSurface_FileLoadDialogResponse
SteamAPI_ISteamHTMLSurface_Find
SteamAPI_ISteamHTMLSurface_GetLinkAtPosition
SteamAPI_ISteamHTMLSurface_GoBack
SteamAPI_ISteamHTMLSurface_GoForward
SteamAPI_ISteamHTMLSurface_Init
SteamAPI_ISteamHTMLSurface_JSDialogResponse
SteamAPI_ISteamHTMLSurface_KeyChar
SteamAPI_ISteamHTMLSurface_KeyDown
SteamAPI_ISteamHTMLSurface_KeyUp
SteamAPI_ISteamHTMLSurface_LoadURL
SteamAPI_ISteamHTMLSurface_MouseDoubleClick
SteamAPI_ISteamHTMLSurface_MouseDown
SteamAPI_ISteamHTMLSurface_MouseMove
SteamAPI_ISteamHTMLSurface_MouseUp
SteamAPI_ISteamHTMLSurface_MouseWheel
SteamAPI_ISteamHTMLSurface_PasteFromClipboard
SteamAPI_ISteamHTMLSurface_Reload
SteamAPI_ISteamHTMLSurface_RemoveBrowser
SteamAPI_ISteamHTMLSurface_SetBackgroundMode
SteamAPI_ISteamHTMLSurface_SetCookie
SteamAPI_ISteamHTMLSurface_SetDPIScalingFactor
SteamAPI_ISteamHTMLSurface_SetHorizontalScroll
SteamAPI_ISteamHTMLSurface_SetKeyFocus
SteamAPI_ISteamHTMLSurface_SetPageScaleFactor
SteamAPI_ISteamHTMLSurface_SetSize
SteamAPI_ISteamHTMLSurface_SetVerticalScroll
SteamAPI_ISteamHTMLSurface_Shutdown
SteamAPI_ISteamHTMLSurface_StopFind
SteamAPI_ISteamHTMLSurface_StopLoad
SteamAPI_ISteamHTMLSurface_ViewSource
SteamAPI_ISteamHTTP_CreateCookieContainer
SteamAPI_ISteamHTTP_CreateHTTPRequest
SteamAPI_ISteamHTTP_DeferHTTPRequest
SteamAPI_ISteamHTTP_GetHTTPDownloadProgressPct
SteamAPI_ISteamHTTP_GetHTTPRequestWasTimedOut
SteamAPI_ISteamHTTP_GetHTTPResponseBodyData
SteamAPI_ISteamHTTP_GetHTTPResponseBodySize
SteamAPI_ISteamHTTP_GetHTTPResponseHeaderSize
SteamAPI_ISteamHTTP_GetHTTPResponseHeaderValue
SteamAPI_ISteamHTTP_GetHTTPStreamingResponseBodyData
SteamAPI_ISteamHTTP_PrioritizeHTTPRequest
SteamAPI_ISteamHTTP_ReleaseCookieContainer
SteamAPI_ISteamHTTP_ReleaseHTTPRequest
SteamAPI_ISteamHTTP_SendHTTPRequest
SteamAPI_ISteamHTTP_SendHTTPRequestAndStreamResponse
SteamAPI_ISteamHTTP_SetCookie
SteamAPI_ISteamHTTP_SetHTTPRequestAbsoluteTimeoutMS
SteamAPI_ISteamHTTP_SetHTTPRequestContextValue
SteamAPI_ISteamHTTP_SetHTTPRequestCookieContainer
SteamAPI_ISteamHTTP_SetHTTPRequestGetOrPostParameter
SteamAPI_ISteamHTTP_SetHTTPRequestHeaderValue
SteamAPI_ISteamHTTP_SetHTTPRequestNetworkActivityTimeout
SteamAPI_ISteamHTTP_SetHTTPRequestRawPostBody
SteamAPI_ISteamHTTP_SetHTTPRequestRequiresVerifiedCertificate
SteamAPI_ISteamHTTP_SetHTTPRequestUserAgentInfo
SteamAPI_ISteamInventory_AddPromoItem
SteamAPI_ISteamInventory_AddPromoItems
SteamAPI_ISteamInventory_CheckResultSteamID
SteamAPI_ISteamInventory_ConsumeItem
SteamAPI_ISteamInventory_DeserializeResult
SteamAPI_ISteamInventory_DestroyResult
SteamAPI_ISteamInventory_ExchangeItems
SteamAPI_ISteamInventory_GenerateItems
SteamAPI_ISteamInventory_GetAllItems
SteamAPI_ISteamInventory_GetEligiblePromoItemDefinitionIDs
SteamAPI_ISteamInventory_GetItemDefinitionIDs
SteamAPI_ISteamInventory_GetItemDefinitionProperty
SteamAPI_ISteamInventory_GetItemPrice
SteamAPI_ISteamInventory_GetItemsByID
SteamAPI_ISteamInventory_GetItemsWithPrices
SteamAPI_ISteamInventory_GetNumItemsWithPrices
SteamAPI_ISteamInventory_GetResultItemProperty
SteamAPI_ISteamInventory_GetResultItems
SteamAPI_ISteamInventory_GetResultStatus
SteamAPI_ISteamInventory_GetResultTimestamp
SteamAPI_ISteamInventory_GrantPromoItems
SteamAPI_ISteamInventory_LoadItemDefinitions
SteamAPI_ISteamInventory_RemoveProperty
SteamAPI_ISteamInventory_RequestEligiblePromoItemDefinitionsIDs
SteamAPI_ISteamInventory_RequestPrices
SteamAPI_ISteamInventory_SendItemDropHeartbeat
SteamAPI_ISteamInventory_SerializeResult
SteamAPI_ISteamInventory_SetProperty
SteamAPI_ISteamInventory_SetProperty0
SteamAPI_ISteamInventory_SetProperty1
SteamAPI_ISteamInventory_SetProperty2
SteamAPI_ISteamInventory_StartPurchase
SteamAPI_ISteamInventory_StartUpdateProperties
SteamAPI_ISteamInventory_SubmitUpdateProperties
SteamAPI_ISteamInventory_TradeItems
SteamAPI_ISteamInventory_TransferItemQuantity
SteamAPI_ISteamInventory_TriggerItemDrop
SteamAPI_ISteamMatchmakingPingResponse_ServerFailedToRespond
SteamAPI_ISteamMatchmakingPingResponse_ServerResponded
SteamAPI_ISteamMatchmakingPlayersResponse_AddPlayerToList
SteamAPI_ISteamMatchmakingPlayersResponse_PlayersFailedToRespond
SteamAPI_ISteamMatchmakingPlayersResponse_PlayersRefreshComplete
SteamAPI_ISteamMatchmakingRulesResponse_RulesFailedToRespond
SteamAPI_ISteamMatchmakingRulesResponse_RulesRefreshComplete
SteamAPI_ISteamMatchmakingRulesResponse_RulesResponded
SteamAPI_ISteamMatchmakingServerListResponse_RefreshComplete
SteamAPI_ISteamMatchmakingServerListResponse_ServerFailedToRespond
SteamAPI_ISteamMatchmakingServerListResponse_ServerResponded
SteamAPI_ISteamMatchmakingServers_CancelQuery
SteamAPI_ISteamMatchmakingServers_CancelServerQuery
SteamAPI_ISteamMatchmakingServers_GetServerCount
SteamAPI_ISteamMatchmakingServers_GetServerDetails
SteamAPI_ISteamMatchmakingServers_IsRefreshing
SteamAPI_ISteamMatchmakingServers_PingServer
SteamAPI_ISteamMatchmakingServers_PlayerDetails
SteamAPI_ISteamMatchmakingServers_RefreshQuery
SteamAPI_ISteamMatchmakingServers_RefreshServer
SteamAPI_ISteamMatchmakingServers_ReleaseRequest
SteamAPI_ISteamMatchmakingServers_RequestFavoritesServerList
SteamAPI_ISteamMatchmakingServers_RequestFriendsServerList
SteamAPI_ISteamMatchmakingServers_RequestHistoryServerList
SteamAPI_ISteamMatchmakingServers_RequestInternetServerList
SteamAPI_ISteamMatchmakingServers_RequestLANServerList
SteamAPI_ISteamMatchmakingServers_RequestSpectatorServerList
SteamAPI_ISteamMatchmakingServers_ServerRules
SteamAPI_ISteamMatchmaking_AddFavoriteGame
SteamAPI_ISteamMatchmaking_AddRequestLobbyListCompatibleMembersFilter
SteamAPI_ISteamMatchmaking_AddRequestLobbyListDistanceFilter
SteamAPI_ISteamMatchmaking_AddRequestLobbyListFilterSlotsAvailable
SteamAPI_ISteamMatchmaking_AddRequestLobbyListNearValueFilter
SteamAPI_ISteamMatchmaking_AddRequestLobbyListNumericalFilter
SteamAPI_ISteamMatchmaking_AddRequestLobbyListResultCountFilter
SteamAPI_ISteamMatchmaking_AddRequestLobbyListStringFilter
SteamAPI_ISteamMatchmaking_CreateLobby
SteamAPI_ISteamMatchmaking_DeleteLobbyData

Sections

.text
Size: - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 650KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 840KB - Virtual size: 839KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/unins000.dat
Forager v4.1.8-PiviGames.blog/unins000.exe
.exe windows x86

7c77b89cd344508d2ca812dd1c349c70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mpr

WNetEnumResourceW
WNetGetUniversalNameW
WNetGetConnectionW
WNetCloseEnum
WNetOpenEnumW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

comctl32

FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHBrowseForFolderW
ExtractIconW
SHGetMalloc
SHGetFileInfoW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
GetMessageW
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
ScrollWindowEx
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
OffsetRect
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetSystemMenu
WaitForInputIdle
ShowOwnedPopups
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
InflateRect
GetKeyboardLayoutList
OemToCharBuffA
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
SendNotifyMessageW
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ExitWindowsEx
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
CharToOemBuffA
DrawTextW
SetScrollRange
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
SetRectEmpty
UpdateWindow
RemovePropW
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SendMessageTimeoutW
BringWindowToTop
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowPos
SetWindowRgn
GetMenuItemCount
RemoveMenu
AppendMenuW
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
DestroyCursor
ReplyMessage
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
LoadTypeLib
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
RegisterTypeLib
VariantChangeType
VariantCopyInd

advapi32

RegSetValueExW
RegEnumKeyExW
AdjustTokenPrivileges
OpenThreadToken
GetUserNameW
RegDeleteKeyW
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegQueryInfoKeyW
AllocateAndInitializeSid
FreeSid
EqualSid
RegDeleteValueW
RegFlushKey
RegQueryValueExW
RegEnumValueW
GetTokenInformation
InitializeSecurityDescriptor
RegCloseKey
RegCreateKeyExW
SetSecurityDescriptorDacl

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
SetFileTime
GetACP
GetExitCodeProcess
IsBadWritePtr
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
WriteProfileStringW
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
HeapDestroy
CompareFileTime
ReadFile
CreateProcessW
TransactNamedPipe
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
OpenMutexW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
LocalFileTimeToFileTime
SetNamedPipeHandleState
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetShortPathNameW
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateNamedPipeW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetOverlappedResult
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetProfileStringW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
IsDBCSLeadByte
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

StgCreateDocfileOnILockBytes
CoCreateInstance
CLSIDFromString
CoUninitialize
IsEqualGUID
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoDisconnectObject
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
ExcludeClipRect
RectVisible
SetWindowOrgEx
MaskBlt
AngleArc
Chord
SetTextColor
StretchBlt
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
RemoveFontResourceW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
LineDDA
PolyBezierTo
GetStockObject
CreateSolidBrush
Polygon
Rectangle
MoveToEx
DeleteDC
SaveDC
BitBlt
Ellipse
FrameRgn
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
IntersectClipRect
GetSystemPaletteEntries
CreateBitmap
AddFontResourceW
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
SetStretchBltMode
GetDIBits
CreateFontIndirectW
PolyBezier
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
SetROP2
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
ArcTo
GdiFlush
SetPixel
EnumFontFamiliesExW
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Forager v4.1.8-PiviGames.blog/valve.ini

Sharing

General

Malware Config

Signatures

Files

a09e55fae14ffb3312dad92236f1edaa

Headers

DLL Characteristics

File Characteristics

Imports

wininet

d3d11

winmm

ws2_32

gdiplus

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

dxgi

dwmapi

version

Sections

.text Size: 21.2MB - Virtual size: 21.2MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 975KB - Virtual size: 3.3MB

.mydata Size: 512B - Virtual size: 8B

_RDATA Size: 136KB - Virtual size: 136KB

.rsrc Size: 280KB - Virtual size: 280KB

.reloc Size: 534KB - Virtual size: 534KB

4c12699f30c6f71416015ece6a27ad97

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

imm32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 578KB - Virtual size: 577KB

.rdata Size: 97KB - Virtual size: 96KB

.data Size: 21KB - Virtual size: 41KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 28KB - Virtual size: 28KB

8e2588a9cf43886de3449dfff03137b6

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6fCertificate

Extended Key Usages

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

6b:c4:15:a1:23:fa:49:fb:dc:05:86:1f:21:48:b0:49:3b:d5:1d:dc:c6:72:35:17:aa:75:ea:bc:63:fa:76:f8Signer

Signature Validations

Verification

07-02-2023 20:44 Valid: false

57:19:7f:e6:ec:8b:ea:59:58:33:9f:f6:88:06:04:41:78:e0:04:94Signer

Signature Validations

.text
Size: 21.2MB - Virtual size: 21.2MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 975KB - Virtual size: 3.3MB

.mydata
Size: 512B - Virtual size: 8B

_RDATA
Size: 136KB - Virtual size: 136KB

.rsrc
Size: 280KB - Virtual size: 280KB

.reloc
Size: 534KB - Virtual size: 534KB

.text
Size: 578KB - Virtual size: 577KB

.rdata
Size: 97KB - Virtual size: 96KB

.data
Size: 21KB - Virtual size: 41KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 28KB - Virtual size: 28KB

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

6b:c4:15:a1:23:fa:49:fb:dc:05:86:1f:21:48:b0:49:3b:d5:1d:dc:c6:72:35:17:aa:75:ea:bc:63:fa:76:f8
Signer

07-02-2023 20:44
Valid: false

57:19:7f:e6:ec:8b:ea:59:58:33:9f:f6:88:06:04:41:78:e0:04:94
Signer

26-06-2015 07:02
Valid: false

.text
Size: 229KB - Virtual size: 228KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 4KB - Virtual size: 12KB

.wixburn
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 14KB - Virtual size: 14KB

.reloc
Size: 17KB - Virtual size: 17KB

33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71
Certificate

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ab:06:cb:ec:52:d7:a1:69:63:80:49:01:2e:f8:86:a1:5e:87:65:11:a6:e9:90:cd:1f:7b:f7:ad:25:14:e8:b4
Signer

07-02-2023 20:44
Valid: false

df:f2:e7:17:7c:35:2e:2a:10:e7:c1:35:9e:a2:41:d0:98:70:74:d6
Signer

26-06-2015 07:02
Valid: false