file_archive[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

file_archive.zip
Size

7.8MB
MD5

c52737053ddfd35531c622caa4eb9342
SHA1

5164a83c3f0107b3964c1461182444633215cc43
SHA256

279b91df64bf318300d01faa8e7ecd0de5a83e95c1680ccc864bd0344d9f4a1a
SHA512

5b08ee162de7a2178111fb2800d3347a9d2cc53fad52367a5147d0da30f9364beb1a8d071cfb447db129f69099255472c05bcfd59ee507f7c9cfdc63e9c2e026
SSDEEP

196608:Ba/HvZwHjqR3XgNajtPqLEFsC5mKTzkbRudGPZsFLbxOm:B8HvZwH2R3X8LEGKPk/Cvxt

Score

1^/10

Malware Config

Signatures

Files

file_archive.zip
.zip
msi.dll
.dll regsvr32 windows x64

9d22b658f9fde8f8fcc101dbaaa5aeab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

malloc
_initterm
_lock
_unlock
__dllonexit
_onexit
??1type_info@@UEAA@XZ
strcmp
memset
memmove
memcpy
memcmp
_CxxThrowException
_itoa_s
srand
wcsrchr
_wcsnicmp
_wcsicmp
free
_wtoi
isdigit
strtol
_itow_s
wcstoul
iswdigit
towlower
wcschr
_ui64tow
wcsstr
wcstol
_wtoi64
_i64tow_s
_vsnwprintf
memmove_s
memcpy_s
_amsg_exit
_XcptFilter
_itow
rand
time
_purecall
wcsncmp
_vsnprintf
_ui64tow_s
_wcstoui64
qsort
__C_specific_handler
wcscmp

ntdll

RtlRandom
RtlDestroyEnvironment
RtlCreateEnvironment
RtlCreateEnvironmentEx
RtlExpandEnvironmentStrings
RtlQueryEnvironmentVariable
RtlSetEnvironmentVar
EtwTraceMessage
RtlGetFullPathName_U
RtlRandomEx
NtQuerySystemInformation
NtSetSecurityObject
RtlGetCurrentServiceSessionId
NtOpenKey
NtClose
NtQueryValueKey
NtSetInformationFile
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtUnmapViewOfSection
NtMapViewOfSection
RtlNtStatusToDosErrorNoTeb

advapi32

AddAccessAllowedAce
DuplicateToken
SetEntriesInAclW
BuildTrusteeWithSidW
GetSidLengthRequired
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyW
RegEnableReflectionKey
RegDisableReflectionKey
RegSetKeySecurity
RegQueryReflectionKey
SetServiceObjectSecurity
ChangeServiceConfigW
CreateServiceW
EnumDependentServicesW
StartServiceW
DeleteService
QueryServiceConfigW
QueryServiceObjectSecurity
QueryServiceStatus
ControlService
GetServiceDisplayNameW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
GetFileSecurityW
LookupAccountSidW
RegEnumKeyW
RegGetKeySecurity
EqualSid
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
ConvertSidToStringSidW
CopySid
IsValidSecurityDescriptor
PrivilegeCheck
SetFileSecurityW
GetUserNameW
CreateProcessAsUserW
SetTokenInformation
GetTokenInformation
SetThreadToken
DuplicateTokenEx
RegCreateKeyExW
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegQueryValueExA
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegConnectRegistryW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
GetLengthSid
FreeSid
InitializeAcl
RegDeleteValueW
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegQueryValueExW

kernel32

UnmapViewOfFile
EnumResourceLanguagesW
SizeofResource
EnumResourceNamesW
SetFileTime
QueryDosDeviceW
GetFileInformationByHandleEx
GetNumberFormatW
GlobalUnlock
MapViewOfFile
GlobalReAlloc
IsValidCodePage
DosDateTimeToFileTime
ResetEvent
GetSystemTimeAsFileTime
GetFinalPathNameByHandleW
GetLongPathNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateFileMappingW
SetFileInformationByHandle
FileTimeToDosDateTime
SetEndOfFile
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
MoveFileW
HeapReAlloc
GlobalLock
GetShortPathNameW
SearchPathW
GetSystemDefaultUILanguage
GetLocaleInfoEx
GetUserDefaultUILanguage
LCIDToLocaleName
PowerSetRequest
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
LeaveCriticalSection
GetTickCount
DeleteFileW
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetLastError
GetCurrentProcess
Sleep
GetSystemInfo
GetVersionExW
lstrlenW
GetModuleFileNameW
DisableThreadLibraryCalls
GetEnvironmentVariableW
EnterCriticalSection
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GlobalFree
GlobalAlloc
GetSystemDefaultLangID
FormatMessageW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
OutputDebugStringW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
SetLastError
ReleaseSemaphore
ReleaseMutex
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
WaitForSingleObjectEx
InitializeCriticalSectionEx
WaitForSingleObject
OpenSemaphoreW
CreateThreadpoolTimer
DeactivateActCtx
ActivateActCtx
LoadLibraryW
FindActCtxSectionStringW
CreateActCtxW
QueryActCtxW
OutputDebugStringA
QueryPerformanceFrequency
CompareStringW
lstrcmpiW
CreateFileW
LocalFree
CreateDirectoryW
TlsFree
LoadLibraryExW
FreeLibrary
GetCurrentProcessId
CreateMutexExW
CreateSemaphoreExW
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetFileAttributesW
GetFileType
GetFileSize
SetEnvironmentVariableW
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetErrorMode
lstrcmpiA
FindResourceExW
LoadResource
LockResource
GetLocalTime
CompareStringA
SetEvent
OpenEventW
CreateEventW
CreateThread
LocalAlloc
ResumeThread
GetSystemDirectoryW
TlsSetValue
TlsGetValue
TlsAlloc
CompareFileTime
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
TerminateProcess
GetNativeSystemInfo
GetUserDefaultLangID
GetComputerNameW
MulDiv
GetLocaleInfoW
GetProfileStringW
GetPrivateProfileStringW
WriteProfileStringW
WritePrivateProfileStringW
ReadFile
SetFilePointer
PowerCreateRequest
OpenMutexW
PowerClearRequest
ExitThread
GetDateFormatW
GetTimeFormatW
ExitProcess
GetTempFileNameW
OpenProcess
GetACP
lstrcmpW
QueryPerformanceCounter
OpenThread
WaitForMultipleObjects
FreeLibraryAndExitThread
TerminateThread
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
WriteFile
GetOverlappedResult
VirtualFree
VirtualAlloc
FlushFileBuffers
GetTempPath2W
GetExitCodeProcess
MoveFileExW
VirtualQuery
GetCurrentDirectoryW
FindFirstFileW
SetFileAttributesW
FindNextFileW
FindClose
RemoveDirectoryW
GetFileTime
CreateMutexW

user32

IsWindowEnabled
EnableWindow
IsCharLowerW
LoadStringW
CharNextA
CharNextW
CharUpperW
MessageBoxW
GetActiveWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
PostQuitMessage
ExitWindowsEx
ReleaseDC
GetDC
GetSystemMetrics
PostMessageW
CharLowerW
IsDialogMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
UnregisterClassW
GetDlgItem
SetWindowTextW
ShowWindow
SetForegroundWindow
SendMessageW
InvalidateRect
IsWindowVisible
GetUserObjectInformationW
LoadCursorW
GetWindowRect
GetWindowLongW
SetWindowLongW
SendDlgItemMessageW
SetDlgItemTextW
CreateDialogParamW
MoveWindow
SetFocus
LoadIconW
SetWindowPos
GetDlgItemTextW
EndDialog
GetWindowTextLengthW
GetWindowTextW
DialogBoxParamW
GetSystemMenu
RemoveMenu
CopyRect
DrawTextW
MapWindowPoints
GetClientRect
RegisterWindowMessageW
SetWindowLongPtrW
GetWindowLongPtrW
GetFocus
GetSysColor
CharUpperBuffW
SendMessageTimeoutW
CharPrevW
EnableMenuItem
SetUserObjectSecurity
EnumWindows
GetWindow
GetWindowThreadProcessId
GetProcessWindowStation
SetCursor
SystemParametersInfoW

shell32

CommandLineToArgvW

gdi32

CreateSolidBrush
SetBkColor
SetTextColor
EnumFontFamiliesExW
CreateFontW
GetTextExtentPoint32W
RemoveFontResourceW
AddFontResourceW
DeleteObject
GetTextMetricsW
GetTextFaceW
CreateFontIndirectW
GetDeviceCaps
SelectObject

rpcrt4

RpcBindingFromStringBindingW
RpcAsyncInitializeHandle
RpcBindingSetAuthInfoExW
RpcStringFreeW
I_RpcExceptionFilter
RpcBindingFree
IUnknown_AddRef_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Invoke
Ndr64AsyncClientCall
RpcStringBindingComposeW
RpcAsyncCancelCall
RpcAsyncCompleteCall
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrDllRegisterProxy
NdrDllUnregisterProxy
NdrClientCall3
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree

ole32

HWND_UserUnmarshal
HWND_UserFree
HWND_UserFree64
HWND_UserSize64
HWND_UserSize
HWND_UserMarshal
HWND_UserMarshal64
HWND_UserUnmarshal64
IIDFromString
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear
CoCreateGuid

bcrypt

BCryptFinishHash
BCryptGetProperty
BCryptHashData
BCryptCreateHash
BCryptDestroyHash

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
RevertToSelf
CreateWellKnownSid

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetVersion
DllRegisterServer
DllUnregisterServer
Migrate10CachedPackagesA
Migrate10CachedPackagesW
MsiAdvertiseProductA
MsiAdvertiseProductExA
MsiAdvertiseProductExW
MsiAdvertiseProductW
MsiAdvertiseScriptA
MsiAdvertiseScriptW
MsiApplyMultiplePatchesA
MsiApplyMultiplePatchesW
MsiApplyPatchA
MsiApplyPatchW
MsiBeginTransactionA
MsiBeginTransactionW
MsiCloseAllHandles
MsiCloseHandle
MsiCollectUserInfoA
MsiCollectUserInfoW
MsiConfigureFeatureA
MsiConfigureFeatureFromDescriptorA
MsiConfigureFeatureFromDescriptorW
MsiConfigureFeatureW
MsiConfigureProductA
MsiConfigureProductExA
MsiConfigureProductExW
MsiConfigureProductW
MsiCreateAndVerifyInstallerDirectory
MsiCreateRecord
MsiCreateTransformSummaryInfoA
MsiCreateTransformSummaryInfoW
MsiDatabaseApplyTransformA
MsiDatabaseApplyTransformW
MsiDatabaseCommit
MsiDatabaseExportA
MsiDatabaseExportW
MsiDatabaseGenerateTransformA
MsiDatabaseGenerateTransformW
MsiDatabaseGetPrimaryKeysA
MsiDatabaseGetPrimaryKeysW
MsiDatabaseImportA
MsiDatabaseImportW
MsiDatabaseIsTablePersistentA
MsiDatabaseIsTablePersistentW
MsiDatabaseMergeA
MsiDatabaseMergeW
MsiDatabaseOpenViewA
MsiDatabaseOpenViewW
MsiDecomposeDescriptorA
MsiDecomposeDescriptorW
MsiDeleteUserDataA
MsiDeleteUserDataW
MsiDetermineApplicablePatchesA
MsiDetermineApplicablePatchesW
MsiDeterminePatchSequenceA
MsiDeterminePatchSequenceW
MsiDoActionA
MsiDoActionW
MsiEnableLogA
MsiEnableLogW
MsiEnableUIPreview
MsiEndTransaction
MsiEnumClientsA
MsiEnumClientsExA
MsiEnumClientsExW
MsiEnumClientsW
MsiEnumComponentCostsA
MsiEnumComponentCostsW
MsiEnumComponentQualifiersA
MsiEnumComponentQualifiersW
MsiEnumComponentsA
MsiEnumComponentsExA
MsiEnumComponentsExW
MsiEnumComponentsW
MsiEnumFeaturesA
MsiEnumFeaturesW
MsiEnumPatchesA
MsiEnumPatchesExA
MsiEnumPatchesExW
MsiEnumPatchesW
MsiEnumProductsA
MsiEnumProductsExA
MsiEnumProductsExW
MsiEnumProductsW
MsiEnumRelatedProductsA
MsiEnumRelatedProductsW
MsiEvaluateConditionA
MsiEvaluateConditionW
MsiExtractPatchXMLDataA
MsiExtractPatchXMLDataW
MsiFormatRecordA
MsiFormatRecordW
MsiGetActiveDatabase
MsiGetComponentPathA
MsiGetComponentPathExA
MsiGetComponentPathExW
MsiGetComponentPathW
MsiGetComponentStateA
MsiGetComponentStateW
MsiGetDatabaseState
MsiGetFeatureCostA
MsiGetFeatureCostW
MsiGetFeatureInfoA
MsiGetFeatureInfoW
MsiGetFeatureStateA
MsiGetFeatureStateW
MsiGetFeatureUsageA
MsiGetFeatureUsageW
MsiGetFeatureValidStatesA
MsiGetFeatureValidStatesW
MsiGetFileHashA
MsiGetFileHashW
MsiGetFileSignatureInformationA
MsiGetFileSignatureInformationW
MsiGetFileVersionA
MsiGetFileVersionW
MsiGetLanguage
MsiGetLastErrorRecord
MsiGetMode
MsiGetPatchFileListA
MsiGetPatchFileListW
MsiGetPatchInfoA
MsiGetPatchInfoExA
MsiGetPatchInfoExW
MsiGetPatchInfoW
MsiGetProductCodeA
MsiGetProductCodeFromPackageCodeA
MsiGetProductCodeFromPackageCodeW
MsiGetProductCodeW
MsiGetProductInfoA
MsiGetProductInfoExA
MsiGetProductInfoExW
MsiGetProductInfoFromScriptA
MsiGetProductInfoFromScriptW
MsiGetProductInfoW
MsiGetProductPropertyA
MsiGetProductPropertyW
MsiGetPropertyA
MsiGetPropertyW
MsiGetShortcutTargetA
MsiGetShortcutTargetW
MsiGetSourcePathA
MsiGetSourcePathW
MsiGetSummaryInformationA
MsiGetSummaryInformationW
MsiGetTargetPathA
MsiGetTargetPathW
MsiGetUserInfoA
MsiGetUserInfoW
MsiInstallMissingComponentA
MsiInstallMissingComponentW
MsiInstallMissingFileA
MsiInstallMissingFileW
MsiInstallProductA
MsiInstallProductW
MsiInvalidateFeatureCache
MsiIsProductElevatedA
MsiIsProductElevatedW
MsiJoinTransaction
MsiLoadStringA
MsiLoadStringW
MsiLocateComponentA
MsiLocateComponentW
MsiMessageBoxA
MsiMessageBoxExA
MsiMessageBoxExW
MsiMessageBoxW
MsiNotifySidChangeA
MsiNotifySidChangeW
MsiOpenDatabaseA
MsiOpenDatabaseW
MsiOpenPackageA
MsiOpenPackageExA
MsiOpenPackageExW
MsiOpenPackageW
MsiOpenProductA
MsiOpenProductW
MsiPreviewBillboardA
MsiPreviewBillboardW
MsiPreviewDialogA
MsiPreviewDialogW
MsiProcessAdvertiseScriptA
MsiProcessAdvertiseScriptW
MsiProcessMessage
MsiProvideAssemblyA
MsiProvideAssemblyW
MsiProvideComponentA
MsiProvideComponentFromDescriptorA
MsiProvideComponentFromDescriptorW
MsiProvideComponentW
MsiProvideQualifiedComponentA
MsiProvideQualifiedComponentExA
MsiProvideQualifiedComponentExW
MsiProvideQualifiedComponentW
MsiQueryComponentStateA
MsiQueryComponentStateW
MsiQueryFeatureStateA
MsiQueryFeatureStateExA
MsiQueryFeatureStateExW
MsiQueryFeatureStateFromDescriptorA
MsiQueryFeatureStateFromDescriptorW
MsiQueryFeatureStateW
MsiQueryProductStateA
MsiQueryProductStateW
MsiRecordClearData
MsiRecordDataSize
MsiRecordGetFieldCount
MsiRecordGetInteger
MsiRecordGetStringA
MsiRecordGetStringW
MsiRecordIsNull
MsiRecordReadStream
MsiRecordSetInteger
MsiRecordSetStreamA
MsiRecordSetStreamW
MsiRecordSetStringA
MsiRecordSetStringW
MsiReinstallFeatureA
MsiReinstallFeatureFromDescriptorA
MsiReinstallFeatureFromDescriptorW
MsiReinstallFeatureW
MsiReinstallProductA
MsiReinstallProductW
MsiRemovePatchesA
MsiRemovePatchesW
MsiSequenceA
MsiSequenceW
MsiSetComponentStateA
MsiSetComponentStateW
MsiSetExternalUIA
MsiSetExternalUIRecord
MsiSetExternalUIW
MsiSetFeatureAttributesA
MsiSetFeatureAttributesW
MsiSetFeatureStateA
MsiSetFeatureStateW
MsiSetInstallLevel
MsiSetInternalUI
MsiSetMode
MsiSetOfflineContextW
MsiSetPropertyA
MsiSetPropertyW
MsiSetTargetPathA
MsiSetTargetPathW
MsiSourceListAddMediaDiskA
MsiSourceListAddMediaDiskW
MsiSourceListAddSourceA
MsiSourceListAddSourceExA
MsiSourceListAddSourceExW
MsiSourceListAddSourceW
MsiSourceListClearAllA
MsiSourceListClearAllExA
MsiSourceListClearAllExW
MsiSourceListClearAllW
MsiSourceListClearMediaDiskA
MsiSourceListClearMediaDiskW
MsiSourceListClearSourceA
MsiSourceListClearSourceW
MsiSourceListEnumMediaDisksA
MsiSourceListEnumMediaDisksW
MsiSourceListEnumSourcesA
MsiSourceListEnumSourcesW
MsiSourceListForceResolutionA
MsiSourceListForceResolutionExA
MsiSourceListForceResolutionExW
MsiSourceListForceResolutionW
MsiSourceListGetInfoA
MsiSourceListGetInfoW
MsiSourceListSetInfoA
MsiSourceListSetInfoW
MsiSummaryInfoGetPropertyA
MsiSummaryInfoGetPropertyCount
MsiSummaryInfoGetPropertyW
MsiSummaryInfoPersist
MsiSummaryInfoSetPropertyA
MsiSummaryInfoSetPropertyW
MsiUseFeatureA
MsiUseFeatureExA
MsiUseFeatureExW
MsiUseFeatureW
MsiVerifyDiskSpace
MsiVerifyPackageA
MsiVerifyPackageW
MsiViewClose
MsiViewExecute
MsiViewFetch
MsiViewGetColumnInfo
MsiViewGetErrorA
MsiViewGetErrorW
MsiViewModify
QueryInstanceCount

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 660KB - Virtual size: 658KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows x86

e569e6f445d32ba23766ad67d1e3787f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
setupapi.dll
.dll windows x64

03f310fd1bd3afc702f5db7aa523cddf

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:0e:1f:1e:ae:fe:05:e7:31:eb:3c:56:a2:f8:77:ab:c9:ad:98:35:3d:cf:f6:0e:27:f6:76:d4:ff:bb:c9:f9
Signer

Actual PE Digest

eb:0e:1f:1e:ae:fe:05:e7:31:eb:3c:56:a2:f8:77:ab:c9:ad:98:35:3d:cf:f6:0e:27:f6:76:d4:ff:bb:c9:f9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

free
wcsspn
toupper
swscanf
_beginthreadex
_amsg_exit
malloc
_initterm
_wcslwr
_lock
_beginthread
iswctype
_vsnprintf
_resetstkoflw
__CxxFrameHandler4
??3@YAXPEAX@Z
_purecall
_errno
_wcstoui64
??_V@YAXPEAX@Z
_wtoi
_ultow_s
_itow_s
wcscpy_s
_callnewh
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
_CxxThrowException
__CxxFrameHandler3
memcpy
memmove
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
wcstoul
_unlock
wcsncmp
__dllonexit
_onexit
memset
wcsnlen
__C_specific_handler
_endthread
wcstol
towupper
wcsstr
memcmp
_wcsnicmp
wcschr
_wcsicmp
wcsrchr
_vsnwprintf
_XcptFilter
wcscmp

ntdll

RtlGUIDFromString
RtlRandomEx
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtDeleteKey
NtOpenKey
NtCreateKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
NtSetInformationFile
NtQueryInformationFile
NtSetInformationThread
NtQueryInformationThread
NtQuerySystemInformation
RtlInitUnicodeStringEx
RtlUnicodeStringToInteger
RtlUpcaseUnicodeChar
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteN
RtlUnicodeToMultiByteSize
NtCreateTransaction
NtCommitTransaction
RtlImageNtHeader
EtwEventSetInformation
RtlIoEncodeMemIoResource
RtlUnsubscribeWnfStateChangeNotification
RtlNtStatusToDosError
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlPrefixUnicodeString
EtwEventUnregister
EtwEventRegister
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
RtlNtStatusToDosErrorNoTeb
RtlHashUnicodeString
RtlInitUnicodeString
RtlGetVersion
EtwEventWriteTransfer
EtwTraceMessage
NtClose

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
UnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
DosDateTimeToFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
CreateEventW
AcquireSRWLockExclusive
SleepEx
CreateMutexW
ReleaseMutex
ReleaseSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
SetEvent

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
LoadResource
GetModuleFileNameA
FreeLibrary
LoadStringW
FindResourceExW
GetModuleHandleW
GetModuleHandleA
LockResource
FreeResource
SizeofResource
LoadLibraryExA
LoadLibraryExW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-string-l1-1-0

GetStringTypeExW
WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetCommandLineA
GetEnvironmentVariableW
SetCurrentDirectoryW
ExpandEnvironmentStringsW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathParseIconLocationW

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
GetThreadLocale
FormatMessageW
GetThreadUILanguage
LCMapStringW

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-sysinfo-l1-1-0

GetWindowsDirectoryW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount64
GetLocalTime
GetTickCount
GetSystemInfo
GetSystemDirectoryW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsGetValue
GetExitCodeProcess
OpenThreadToken
TlsSetValue
TlsFree
GetExitCodeThread
OpenProcessToken
GetCurrentThread
GetCurrentProcess
TerminateProcess
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
GetCurrentThreadId
SetThreadToken

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
VerSetConditionMask

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l2-1-0

MoveFileExW
CopyFileExW
CreateHardLinkW

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileSectionW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
ActivateActCtx
CreateActCtxW
DeactivateActCtx

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
VirtualProtect
VirtualQuery

api-ms-win-core-privateprofile-l1-1-1

WritePrivateProfileSectionW

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

kernel32

LZCopy
LZClose
LZOpenFileW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

CMP_GetBlockedDriverInfo
CMP_GetServerSideDeviceInstallFlags
CMP_Init_Detection
CMP_Report_LogOn
CMP_WaitNoPendingInstallEvents
CMP_WaitServicesAvailable
CM_Add_Driver_PackageW
CM_Add_Empty_Log_Conf
CM_Add_Empty_Log_Conf_Ex
CM_Add_IDA
CM_Add_IDW
CM_Add_ID_ExA
CM_Add_ID_ExW
CM_Add_Range
CM_Add_Res_Des
CM_Add_Res_Des_Ex
CM_Apply_PowerScheme
CM_Connect_MachineA
CM_Connect_MachineW
CM_Create_DevNodeA
CM_Create_DevNodeW
CM_Create_DevNode_ExA
CM_Create_DevNode_ExW
CM_Create_Range_List
CM_Delete_Class_Key
CM_Delete_Class_Key_Ex
CM_Delete_DevNode_Key
CM_Delete_DevNode_Key_Ex
CM_Delete_Device_Interface_KeyA
CM_Delete_Device_Interface_KeyW
CM_Delete_Device_Interface_Key_ExA
CM_Delete_Device_Interface_Key_ExW
CM_Delete_Driver_PackageW
CM_Delete_PowerScheme
CM_Delete_Range
CM_Detect_Resource_Conflict
CM_Detect_Resource_Conflict_Ex
CM_Disable_DevNode
CM_Disable_DevNode_Ex
CM_Disconnect_Machine
CM_Dup_Range_List
CM_Duplicate_PowerScheme
CM_Enable_DevNode
CM_Enable_DevNode_Ex
CM_Enumerate_Classes
CM_Enumerate_Classes_Ex
CM_Enumerate_EnumeratorsA
CM_Enumerate_EnumeratorsW
CM_Enumerate_Enumerators_ExA
CM_Enumerate_Enumerators_ExW
CM_Find_Range
CM_First_Range
CM_Free_Log_Conf
CM_Free_Log_Conf_Ex
CM_Free_Log_Conf_Handle
CM_Free_Range_List
CM_Free_Res_Des
CM_Free_Res_Des_Ex
CM_Free_Res_Des_Handle
CM_Free_Resource_Conflict_Handle
CM_Get_Child
CM_Get_Child_Ex
CM_Get_Class_Key_NameA
CM_Get_Class_Key_NameW
CM_Get_Class_Key_Name_ExA
CM_Get_Class_Key_Name_ExW
CM_Get_Class_NameA
CM_Get_Class_NameW
CM_Get_Class_Name_ExA
CM_Get_Class_Name_ExW
CM_Get_Class_Registry_PropertyA
CM_Get_Class_Registry_PropertyW
CM_Get_Depth
CM_Get_Depth_Ex
CM_Get_DevNode_Custom_PropertyA
CM_Get_DevNode_Custom_PropertyW
CM_Get_DevNode_Custom_Property_ExA
CM_Get_DevNode_Custom_Property_ExW
CM_Get_DevNode_Registry_PropertyA
CM_Get_DevNode_Registry_PropertyW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_DevNode_Registry_Property_ExW
CM_Get_DevNode_Status
CM_Get_DevNode_Status_Ex
CM_Get_Device_IDA
CM_Get_Device_IDW
CM_Get_Device_ID_ExA
CM_Get_Device_ID_ExW
CM_Get_Device_ID_ListA
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_ExA
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_SizeA
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_List_Size_ExA
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_Size
CM_Get_Device_ID_Size_Ex
CM_Get_Device_Interface_AliasA
CM_Get_Device_Interface_AliasW
CM_Get_Device_Interface_Alias_ExA
CM_Get_Device_Interface_Alias_ExW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_ExA
CM_Get_Device_Interface_List_ExW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_List_Size_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Get_First_Log_Conf
CM_Get_First_Log_Conf_Ex
CM_Get_Global_State
CM_Get_Global_State_Ex
CM_Get_HW_Prof_FlagsA
CM_Get_HW_Prof_FlagsW
CM_Get_HW_Prof_Flags_ExA
CM_Get_HW_Prof_Flags_ExW
CM_Get_Hardware_Profile_InfoA
CM_Get_Hardware_Profile_InfoW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Log_Conf_Priority
CM_Get_Log_Conf_Priority_Ex
CM_Get_Next_Log_Conf
CM_Get_Next_Log_Conf_Ex
CM_Get_Next_Res_Des
CM_Get_Next_Res_Des_Ex
CM_Get_Parent
CM_Get_Parent_Ex
CM_Get_Res_Des_Data
CM_Get_Res_Des_Data_Ex
CM_Get_Res_Des_Data_Size
CM_Get_Res_Des_Data_Size_Ex
CM_Get_Resource_Conflict_Count
CM_Get_Resource_Conflict_DetailsA
CM_Get_Resource_Conflict_DetailsW
CM_Get_Sibling
CM_Get_Sibling_Ex
CM_Get_Version
CM_Get_Version_Ex
CM_Import_PowerScheme
CM_Install_DevNodeW
CM_Install_DevNode_ExW
CM_Intersect_Range_List
CM_Invert_Range_List
CM_Is_Dock_Station_Present
CM_Is_Dock_Station_Present_Ex
CM_Is_Version_Available
CM_Is_Version_Available_Ex
CM_Locate_DevNodeA
CM_Locate_DevNodeW
CM_Locate_DevNode_ExA
CM_Locate_DevNode_ExW
CM_Merge_Range_List
CM_Modify_Res_Des
CM_Modify_Res_Des_Ex
CM_Move_DevNode
CM_Move_DevNode_Ex
CM_Next_Range
CM_Open_Class_KeyA
CM_Open_Class_KeyW
CM_Open_Class_Key_ExA
CM_Open_Class_Key_ExW
CM_Open_DevNode_Key
CM_Open_DevNode_Key_Ex
CM_Open_Device_Interface_KeyA
CM_Open_Device_Interface_KeyW
CM_Open_Device_Interface_Key_ExA
CM_Open_Device_Interface_Key_ExW
CM_Query_And_Remove_SubTreeA
CM_Query_And_Remove_SubTreeW
CM_Query_And_Remove_SubTree_ExA
CM_Query_And_Remove_SubTree_ExW
CM_Query_Arbitrator_Free_Data
CM_Query_Arbitrator_Free_Data_Ex
CM_Query_Arbitrator_Free_Size
CM_Query_Arbitrator_Free_Size_Ex
CM_Query_Remove_SubTree
CM_Query_Remove_SubTree_Ex
CM_Query_Resource_Conflict_List
CM_Reenumerate_DevNode
CM_Reenumerate_DevNode_Ex
CM_Register_Device_Driver
CM_Register_Device_Driver_Ex
CM_Register_Device_InterfaceA
CM_Register_Device_InterfaceW
CM_Register_Device_Interface_ExA
CM_Register_Device_Interface_ExW
CM_Remove_SubTree
CM_Remove_SubTree_Ex
CM_Request_Device_EjectA
CM_Request_Device_EjectW
CM_Request_Device_Eject_ExA
CM_Request_Device_Eject_ExW
CM_Request_Eject_PC
CM_Request_Eject_PC_Ex
CM_RestoreAll_DefaultPowerSchemes
CM_Restore_DefaultPowerScheme
CM_Run_Detection
CM_Run_Detection_Ex
CM_Set_ActiveScheme
CM_Set_Class_Registry_PropertyA
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_Problem
CM_Set_DevNode_Problem_Ex
CM_Set_DevNode_Registry_PropertyA
CM_Set_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_Property_ExA
CM_Set_DevNode_Registry_Property_ExW
CM_Set_HW_Prof
CM_Set_HW_Prof_Ex
CM_Set_HW_Prof_FlagsA
CM_Set_HW_Prof_FlagsW
CM_Set_HW_Prof_Flags_ExA
CM_Set_HW_Prof_Flags_ExW
CM_Setup_DevNode
CM_Setup_DevNode_Ex
CM_Test_Range_Available
CM_Uninstall_DevNode
CM_Uninstall_DevNode_Ex
CM_Unregister_Device_InterfaceA
CM_Unregister_Device_InterfaceW
CM_Unregister_Device_Interface_ExA
CM_Unregister_Device_Interface_ExW
CM_Write_UserPowerKey
DoesUserHavePrivilege
DriverStoreAddDriverPackageA
DriverStoreAddDriverPackageW
DriverStoreDeleteDriverPackageA
DriverStoreDeleteDriverPackageW
DriverStoreEnumDriverPackageA
DriverStoreEnumDriverPackageW
DriverStoreFindDriverPackageA
DriverStoreFindDriverPackageW
ExtensionPropSheetPageProc
InstallCatalog
InstallHinfSection
InstallHinfSectionA
InstallHinfSectionW
IsUserAdmin
MyFree
MyMalloc
MyRealloc
PnpEnumDrpFile
PnpIsFileAclIntact
PnpIsFileContentIntact
PnpIsFilePnpDriver
PnpRepairWindowsProtectedDriver
SetupAddInstallSectionToDiskSpaceListA
SetupAddInstallSectionToDiskSpaceListW
SetupAddSectionToDiskSpaceListA
SetupAddSectionToDiskSpaceListW
SetupAddToDiskSpaceListA
SetupAddToDiskSpaceListW
SetupAddToSourceListA
SetupAddToSourceListW
SetupAdjustDiskSpaceListA
SetupAdjustDiskSpaceListW
SetupBackupErrorA
SetupBackupErrorW
SetupCancelTemporarySourceList
SetupCloseFileQueue
SetupCloseInfFile
SetupCloseLog
SetupCommitFileQueue
SetupCommitFileQueueA
SetupCommitFileQueueW
SetupConfigureWmiFromInfSectionA
SetupConfigureWmiFromInfSectionW
SetupCopyErrorA
SetupCopyErrorW
SetupCopyOEMInfA
SetupCopyOEMInfW
SetupCreateDiskSpaceListA
SetupCreateDiskSpaceListW
SetupDecompressOrCopyFileA
SetupDecompressOrCopyFileW
SetupDefaultQueueCallback
SetupDefaultQueueCallbackA
SetupDefaultQueueCallbackW
SetupDeleteErrorA
SetupDeleteErrorW
SetupDestroyDiskSpaceList
SetupDiApplyPowerScheme
SetupDiAskForOEMDisk
SetupDiBuildClassInfoList
SetupDiBuildClassInfoListExA
SetupDiBuildClassInfoListExW
SetupDiBuildDriverInfoList
SetupDiCallClassInstaller
SetupDiCancelDriverInfoSearch
SetupDiChangeState
SetupDiClassGuidsFromNameA
SetupDiClassGuidsFromNameExA
SetupDiClassGuidsFromNameExW
SetupDiClassGuidsFromNameW
SetupDiClassNameFromGuidA
SetupDiClassNameFromGuidExA
SetupDiClassNameFromGuidExW
SetupDiClassNameFromGuidW
SetupDiCreateDevRegKeyA
SetupDiCreateDevRegKeyW
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoListExA
SetupDiCreateDeviceInfoListExW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInterfaceA
SetupDiCreateDeviceInterfaceRegKeyA
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiCreateDeviceInterfaceW
SetupDiDeleteDevRegKey
SetupDiDeleteDeviceInfo
SetupDiDeleteDeviceInterfaceData
SetupDiDeleteDeviceInterfaceRegKey
SetupDiDestroyClassImageList
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupDiDrawMiniIcon
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiEnumDriverInfoA
SetupDiEnumDriverInfoW
SetupDiGetActualModelsSectionA
SetupDiGetActualModelsSectionW
SetupDiGetActualSectionToInstallA
SetupDiGetActualSectionToInstallExA
SetupDiGetActualSectionToInstallExW
SetupDiGetActualSectionToInstallW
SetupDiGetClassBitmapIndex
SetupDiGetClassDescriptionA
SetupDiGetClassDescriptionExA
SetupDiGetClassDescriptionExW
SetupDiGetClassDescriptionW
SetupDiGetClassDevPropertySheetsA
SetupDiGetClassDevPropertySheetsW
SetupDiGetClassDevsA
SetupDiGetClassDevsExA
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiGetClassImageIndex
SetupDiGetClassImageList
SetupDiGetClassImageListExA
SetupDiGetClassImageListExW
SetupDiGetClassInstallParamsA
SetupDiGetClassInstallParamsW
SetupDiGetClassPropertyExW
SetupDiGetClassPropertyKeys
SetupDiGetClassPropertyKeysExW
SetupDiGetClassPropertyW
SetupDiGetClassRegistryPropertyA
SetupDiGetClassRegistryPropertyW
SetupDiGetCustomDevicePropertyA
SetupDiGetCustomDevicePropertyW
SetupDiGetDeviceInfoListClass
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceInfoListDetailW
SetupDiGetDeviceInstallParamsA
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInstanceIdA
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfacePropertyKeys
SetupDiGetDeviceInterfacePropertyW
SetupDiGetDevicePropertyKeys
SetupDiGetDevicePropertyW
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDriverInfoDetailA
SetupDiGetDriverInfoDetailW
SetupDiGetDriverInstallParamsA
SetupDiGetDriverInstallParamsW
SetupDiGetHwProfileFriendlyNameA
SetupDiGetHwProfileFriendlyNameExA
SetupDiGetHwProfileFriendlyNameExW
SetupDiGetHwProfileFriendlyNameW
SetupDiGetHwProfileList
SetupDiGetHwProfileListExA
SetupDiGetHwProfileListExW
SetupDiGetINFClassA
SetupDiGetINFClassW
SetupDiGetSelectedDevice
SetupDiGetSelectedDriverA
SetupDiGetSelectedDriverW
SetupDiGetWizardPage
SetupDiInstallClassA
SetupDiInstallClassExA
SetupDiInstallClassExW
SetupDiInstallClassW
SetupDiInstallDevice
SetupDiInstallDeviceInterfaces
SetupDiInstallDriverFiles
SetupDiLoadClassIcon
SetupDiLoadDeviceIcon
SetupDiMoveDuplicateDevice
SetupDiOpenClassRegKey
SetupDiOpenClassRegKeyExA
SetupDiOpenClassRegKeyExW
SetupDiOpenDevRegKey
SetupDiOpenDeviceInfoA
SetupDiOpenDeviceInfoW
SetupDiOpenDeviceInterfaceA
SetupDiOpenDeviceInterfaceRegKey
SetupDiOpenDeviceInterfaceW
SetupDiRegisterCoDeviceInstallers
SetupDiRegisterDeviceInfo
SetupDiRemoveDevice
SetupDiRemoveDeviceInterface
SetupDiReportAdditionalSoftwareRequested
SetupDiReportDeviceInstallError
SetupDiReportDriverNotFoundError
SetupDiReportDriverPackageImportationError
SetupDiReportGenericDriverInstalled
SetupDiReportPnPDeviceProblem
SetupDiRestartDevices
SetupDiSelectBestCompatDrv
SetupDiSelectDevice
SetupDiSelectOEMDrv
SetupDiSetClassInstallParamsA
SetupDiSetClassInstallParamsW
SetupDiSetClassPropertyExW
SetupDiSetClassPropertyW
SetupDiSetClassRegistryPropertyA
SetupDiSetClassRegistryPropertyW
SetupDiSetDeviceInstallParamsA
SetupDiSetDeviceInstallParamsW
SetupDiSetDeviceInterfaceDefault
SetupDiSetDeviceInterfacePropertyW
SetupDiSetDevicePropertyW
SetupDiSetDeviceRegistryPropertyA
SetupDiSetDeviceRegistryPropertyW
SetupDiSetDriverInstallParamsA
SetupDiSetDriverInstallParamsW
SetupDiSetSelectedDevice
SetupDiSetSelectedDriverA
SetupDiSetSelectedDriverW
SetupDiUnremoveDevice
SetupDuplicateDiskSpaceListA
SetupDuplicateDiskSpaceListW
SetupEnumInfSectionsA
SetupEnumInfSectionsW
SetupEnumPublishedInfA
SetupEnumPublishedInfW
SetupFindFirstLineA
SetupFindFirstLineW
SetupFindNextLine
SetupFindNextMatchLineA
SetupFindNextMatchLineW
SetupFreeSourceListA
SetupFreeSourceListW
SetupGetBackupInformationA
SetupGetBackupInformationW
SetupGetBinaryField
SetupGetFieldCount
SetupGetFileCompressionInfoA
SetupGetFileCompressionInfoExA
SetupGetFileCompressionInfoExW
SetupGetFileCompressionInfoW
SetupGetFileQueueCount
SetupGetFileQueueFlags
SetupGetInfDriverStoreLocationA
SetupGetInfDriverStoreLocationW
SetupGetInfFileListA
SetupGetInfFileListW
SetupGetInfInformationA
SetupGetInfInformationW
SetupGetInfPublishedNameA
SetupGetInfPublishedNameW
SetupGetInfSections
SetupGetIntField
SetupGetLineByIndexA
SetupGetLineByIndexW
SetupGetLineCountA
SetupGetLineCountW
SetupGetLineTextA
SetupGetLineTextW
SetupGetMultiSzFieldA
SetupGetMultiSzFieldW
SetupGetNonInteractiveMode
SetupGetSourceFileLocationA
SetupGetSourceFileLocationW
SetupGetSourceFileSizeA
SetupGetSourceFileSizeW
SetupGetSourceInfoA
SetupGetSourceInfoW
SetupGetStringFieldA
SetupGetStringFieldW
SetupGetTargetPathA
SetupGetTargetPathW
SetupGetThreadLogToken
SetupInitDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupInitializeFileLogA
SetupInitializeFileLogW
SetupInstallFileA
SetupInstallFileExA
SetupInstallFileExW

Sections

.text
Size: 872KB - Virtual size: 868KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
verifier.dll
.dll windows x64

8bf144f6fdf48da3cc6073dd4bd7b5d4

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28
Signer

Actual PE Digest

d5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlDllShutdownInProgress
RtlCompareUnicodeString
NtQuerySystemTime
RtlAllocateHeap
RtlRandom
NtQueryPerformanceCounter
RtlInitUnicodeString
RtlCaptureStackBackTrace
RtlEnterCriticalSection
RtlInitializeCriticalSection
RtlLeaveCriticalSection
DbgPrint
RtlDeleteCriticalSection
NtFreeVirtualMemory
RtlGetUserInfoHeap
RtlDestroyHeap
RtlValidateHeap
RtlInitializeGenericTableAvl
RtlInitializeSRWLock
DbgPrintEx
NtQueryVirtualMemory
RtlDeleteElementGenericTableAvl
NtQuerySystemInformation
NtOpenEvent
RtlUpcaseUnicodeChar
NtQueryInformationProcess
RtlReleaseSRWLockExclusive
RtlLookupElementGenericTableAvl
RtlAcquireSRWLockExclusive
NtAllocateVirtualMemory
RtlInsertElementGenericTableAvl
RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
NtReadVirtualMemory
RtlEnumerateGenericTableAvl
RtlInitializeCriticalSectionEx
RtlSizeHeap
RtlSetUserFlagsHeap
NtQueryEvent
NtProtectVirtualMemory
RtlSetUserValueHeap
RtlFreeHeap
RtlFlushSecureMemoryCache
RtlSetHeapInformation
RtlCreateHeap
RtlUnlockHeap
RtlLockHeap
RtlRaiseException
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlCaptureContext
RtlReportException
NtTerminateProcess
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
RtlDecodePointer
RtlInitAnsiString
RtlEncodePointer
RtlFreeAnsiString
LdrFindResource_U
RtlUnicodeStringToAnsiString
LdrAccessResource
LdrQueryImageFileKeyOption
LdrQueryImageFileExecutionOptions
RtlImageNtHeader
EtwEventWriteTransfer
RtlSetEnvironmentVariable
EtwEventUnregister
EtwEventRegister
NtWriteVirtualMemory
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnhandledExceptionFilter
memmove
__C_specific_handler
_vsnwprintf
_wcsicmp
_vsnprintf
sscanf_s
wcstoul
RtlVerifyVersionInfo
wcsstr
_stricmp
VerSetConditionMask
RtlQueryHeapInformation
NtOpenThread
NtSuspendThread
NtClose
LdrQueryProcessModuleInformation
RtlNtStatusToDosError
NtResumeThread
RtlAddVectoredExceptionHandler
RtlEqualUnicodeString
LdrGetDllHandle
RtlDeleteResource
RtlAcquireResourceShared
NtDelayExecution
RtlAcquirePebLock
RtlReleaseResource
RtlInitializeResource
RtlAcquireResourceExclusive
RtlRemoveVectoredExceptionHandler
NtQueryInformationThread
RtlFindClearBitsAndSet
NtQueryObject
RtlReleasePebLock
RtlInterlockedPushEntrySList
RtlSplay
RtlDelete
RtlInitializeSListHead
RtlpWaitForCriticalSection
RtlInitializeCriticalSectionAndSpinCount
RtlTryEnterCriticalSection
RtlConvertExclusiveToShared
RtlRaiseStatus
RtlConvertSharedToExclusive
RtlInterlockedPopEntrySList
LdrFindEntryForAddress
iswspace
RtlEnumerateGenericTableWithoutSplayingAvl
_wcsnicmp
RtlQueryDepthSList
NtCreateEvent
RtlDeregisterWait
NtSetEvent
RtlRegisterWait
NtOpenProcessTokenEx
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtOpenKey
RtlConvertSidToUnicodeString
NtQueryInformationToken
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtGetContextThread
RtlDeregisterWaitEx
RtlWalkFrameChain
NtClearEvent
RtlFreeUnicodeString
RtlSetThreadPoolStartFunc
RtlCheckForOrphanedCriticalSections
NtWaitForMultipleObjects
NtCreateKey
NtWaitForSingleObject
NtCreateSection
NtUnmapViewOfSection
NtOpenSection
NtMapViewOfSection
__chkstk
memcpy
memset

Exports

Exports

AVrfAPILookupCallback
VerifierAddFreeMemoryCallback
VerifierCheckPageHeapAllocation
VerifierCreateRpcPageHeap
VerifierDeleteFreeMemoryCallback
VerifierDestroyRpcPageHeap
VerifierDisableFaultInjectionExclusionRange
VerifierDisableFaultInjectionTargetRange
VerifierEnableFaultInjectionExclusionRange
VerifierEnableFaultInjectionTargetRange
VerifierEnumerateResource
VerifierForceNormalHeap
VerifierGetInfoForException
VerifierGetMemoryForDump
VerifierGetPropertyValueByName
VerifierGetProviderHelper
VerifierIsAddressInAnyPageHeap
VerifierIsCurrentThreadHoldingLocks
VerifierIsDllEntryActive
VerifierIsPerUserSettingsEnabled
VerifierQueryRuntimeFlags
VerifierRedirectStopFunctions
VerifierSetFaultInjectionProbability
VerifierSetFlags
VerifierSetRuntimeFlags
VerifierStopMessage

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.dll
.dll windows x64

34340c2c4e9aa6ef6ad12bb695fc695b

Code Sign

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:30

Not After

03/03/2021, 18:30

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17
Signer

Actual PE Digest

99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27/02/2023, 09:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_vsnwprintf
_vsnprintf
memcmp

api-ms-win-core-errorhandling-l1-1-0

SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-version-l1-1-0

VerQueryValueW
VerFindFileW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByte

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-file-l1-1-0

CreateFileW
DeleteFileA
GetFileSize
DeleteFileW
GetFullPathNameA
SetFileTime
GetFileTime
GetFileAttributesW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processthreads-l1-1-0

TlsFree
GetCurrentProcessId
GetCurrentThreadId
TlsSetValue
TerminateProcess
TlsAlloc
TlsGetValue
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-versionansi-l1-1-0

GetFileVersionInfoExA
VerFindFileA
GetFileVersionInfoSizeExA
VerQueryValueA

api-ms-win-core-versionansi-l1-1-1

GetFileVersionInfoSizeA
GetFileVersionInfoA

api-ms-win-core-version-private-l1-1-0

GetFileVersionInfoByHandle

kernelbase

lstrcmpiA
lstrcmpiW
lstrlenW

ntdll

RtlAllocateHeap
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
NlsMbCodePageTag

kernel32

_lwrite
_lread
_lopen
_lclose
_lcreat
_llseek
LZCreateFileW
LZCloseFile
LZInit
LZCopy
LZClose
MoveFileW

Exports

Exports

GetFileVersionInfoA
GetFileVersionInfoByHandle
GetFileVersionInfoExA
GetFileVersionInfoExW
GetFileVersionInfoSizeA
GetFileVersionInfoSizeExA
GetFileVersionInfoSizeExW
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerFindFileA
VerFindFileW
VerInstallFileA
VerInstallFileW
VerLanguageNameA
VerLanguageNameW
VerQueryValueA
VerQueryValueW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vulkan.dll
.dll windows x64

01f8e4c6f5b71d53ba85860813f6d82c

Code Sign

09:26:8f:aa:1a:d6:89:4d:17:9e:5b:87:a2:f0:64:62
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/09/2017, 00:00

Not After

09/08/2020, 12:00

Subject

CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:26:8f:aa:1a:d6:89:4d:17:9e:5b:87:a2:f0:64:62
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/09/2017, 00:00

Not After

09/08/2020, 12:00

Subject

CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d5:57:ba:c0:59:76:66:45:f3:41:99:21:c1:8d:c6:be:dc:de:17:7f:da:14:01:0b:52:32:3f:68:1d:d2:98:84
Signer

Actual PE Digest

d5:57:ba:c0:59:76:66:45:f3:41:99:21:c1:8d:c6:be:dc:de:17:7f:da:14:01:0b:52:32:3f:68:1d:d2:98:84

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US

03/08/2020, 23:01
Valid: true

Chain 1

CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

23:ea:11:96:3b:fe:43:c9:9f:b4:57:b6:c4:8d:1e:67:18:40:28:55
Signer

Actual PE Digest

23:ea:11:96:3b:fe:43:c9:9f:b4:57:b6:c4:8d:1e:67:18:40:28:55

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US

03/08/2020, 23:01
Valid: true

Chain 1

CN=LunarG\, Inc.,O=LunarG\, Inc.,L=Fort Collins,ST=Colorado,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

cfgmgr32

CM_Open_DevNode_Key
CM_Locate_DevNodeW
CM_Get_Sibling
CM_Get_DevNode_Status
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_ID_ListW
CM_Get_Device_IDW
CM_Get_Child

kernel32

GetCurrentProcess
IsWow64Process
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryExA
LoadLibraryA
WideCharToMultiByte
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
CloseHandle
OutputDebugStringA
GetEnvironmentVariableA
GetSystemDirectoryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ReadFile
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetCurrentThread
HeapReAlloc
GetTimeZoneInformation
MultiByteToWideChar
GetFileAttributesExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
WriteFile
GetConsoleCP
SetStdHandle
CreateFileW
GetStringTypeW
RaiseException
HeapSize
SetEndOfFile
WriteConsoleW
OutputDebugStringW

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegCloseKey
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken

Exports

Exports

vkAcquireNextImage2KHR
vkAcquireNextImageKHR
vkAllocateCommandBuffers
vkAllocateDescriptorSets
vkAllocateMemory
vkBeginCommandBuffer
vkBindBufferMemory
vkBindBufferMemory2
vkBindImageMemory
vkBindImageMemory2
vkCmdBeginQuery
vkCmdBeginRenderPass
vkCmdBeginRenderPass2
vkCmdBindDescriptorSets
vkCmdBindIndexBuffer
vkCmdBindPipeline
vkCmdBindVertexBuffers
vkCmdBlitImage
vkCmdClearAttachments
vkCmdClearColorImage
vkCmdClearDepthStencilImage
vkCmdCopyBuffer
vkCmdCopyBufferToImage
vkCmdCopyImage
vkCmdCopyImageToBuffer
vkCmdCopyQueryPoolResults
vkCmdDispatch
vkCmdDispatchBase
vkCmdDispatchIndirect
vkCmdDraw
vkCmdDrawIndexed
vkCmdDrawIndexedIndirect
vkCmdDrawIndexedIndirectCount
vkCmdDrawIndirect
vkCmdDrawIndirectCount
vkCmdEndQuery
vkCmdEndRenderPass
vkCmdEndRenderPass2
vkCmdExecuteCommands
vkCmdFillBuffer
vkCmdNextSubpass
vkCmdNextSubpass2
vkCmdPipelineBarrier
vkCmdPushConstants
vkCmdResetEvent
vkCmdResetQueryPool
vkCmdResolveImage
vkCmdSetBlendConstants
vkCmdSetDepthBias
vkCmdSetDepthBounds
vkCmdSetDeviceMask
vkCmdSetEvent
vkCmdSetLineWidth
vkCmdSetScissor
vkCmdSetStencilCompareMask
vkCmdSetStencilReference
vkCmdSetStencilWriteMask
vkCmdSetViewport
vkCmdUpdateBuffer
vkCmdWaitEvents
vkCmdWriteTimestamp
vkCreateBuffer
vkCreateBufferView
vkCreateCommandPool
vkCreateComputePipelines
vkCreateDescriptorPool
vkCreateDescriptorSetLayout
vkCreateDescriptorUpdateTemplate
vkCreateDevice
vkCreateDisplayModeKHR
vkCreateDisplayPlaneSurfaceKHR
vkCreateEvent
vkCreateFence
vkCreateFramebuffer
vkCreateGraphicsPipelines
vkCreateImage
vkCreateImageView
vkCreateInstance
vkCreatePipelineCache
vkCreatePipelineLayout
vkCreateQueryPool
vkCreateRenderPass
vkCreateRenderPass2
vkCreateSampler
vkCreateSamplerYcbcrConversion
vkCreateSemaphore
vkCreateShaderModule
vkCreateSharedSwapchainsKHR
vkCreateSwapchainKHR
vkCreateWin32SurfaceKHR
vkDestroyBuffer
vkDestroyBufferView
vkDestroyCommandPool
vkDestroyDescriptorPool
vkDestroyDescriptorSetLayout
vkDestroyDescriptorUpdateTemplate
vkDestroyDevice
vkDestroyEvent
vkDestroyFence
vkDestroyFramebuffer
vkDestroyImage
vkDestroyImageView
vkDestroyInstance
vkDestroyPipeline
vkDestroyPipelineCache
vkDestroyPipelineLayout
vkDestroyQueryPool
vkDestroyRenderPass
vkDestroySampler
vkDestroySamplerYcbcrConversion
vkDestroySemaphore
vkDestroyShaderModule
vkDestroySurfaceKHR
vkDestroySwapchainKHR
vkDeviceWaitIdle
vkEndCommandBuffer
vkEnumerateDeviceExtensionProperties
vkEnumerateDeviceLayerProperties
vkEnumerateInstanceExtensionProperties
vkEnumerateInstanceLayerProperties
vkEnumerateInstanceVersion
vkEnumeratePhysicalDeviceGroups
vkEnumeratePhysicalDevices
vkFlushMappedMemoryRanges
vkFreeCommandBuffers
vkFreeDescriptorSets
vkFreeMemory
vkGetBufferDeviceAddress
vkGetBufferMemoryRequirements
vkGetBufferMemoryRequirements2
vkGetBufferOpaqueCaptureAddress
vkGetDescriptorSetLayoutSupport
vkGetDeviceGroupPeerMemoryFeatures
vkGetDeviceGroupPresentCapabilitiesKHR
vkGetDeviceGroupSurfacePresentModesKHR
vkGetDeviceMemoryCommitment
vkGetDeviceMemoryOpaqueCaptureAddress
vkGetDeviceProcAddr
vkGetDeviceQueue
vkGetDeviceQueue2
vkGetDisplayModeProperties2KHR
vkGetDisplayModePropertiesKHR
vkGetDisplayPlaneCapabilities2KHR
vkGetDisplayPlaneCapabilitiesKHR
vkGetDisplayPlaneSupportedDisplaysKHR
vkGetEventStatus
vkGetFenceStatus
vkGetImageMemoryRequirements
vkGetImageMemoryRequirements2
vkGetImageSparseMemoryRequirements
vkGetImageSparseMemoryRequirements2
vkGetImageSubresourceLayout
vkGetInstanceProcAddr
vkGetPhysicalDeviceDisplayPlaneProperties2KHR
vkGetPhysicalDeviceDisplayPlanePropertiesKHR
vkGetPhysicalDeviceDisplayProperties2KHR
vkGetPhysicalDeviceDisplayPropertiesKHR
vkGetPhysicalDeviceExternalBufferProperties
vkGetPhysicalDeviceExternalFenceProperties
vkGetPhysicalDeviceExternalSemaphoreProperties
vkGetPhysicalDeviceFeatures
vkGetPhysicalDeviceFeatures2
vkGetPhysicalDeviceFormatProperties
vkGetPhysicalDeviceFormatProperties2
vkGetPhysicalDeviceImageFormatProperties
vkGetPhysicalDeviceImageFormatProperties2
vkGetPhysicalDeviceMemoryProperties
vkGetPhysicalDeviceMemoryProperties2
vkGetPhysicalDevicePresentRectanglesKHR
vkGetPhysicalDeviceProperties
vkGetPhysicalDeviceProperties2
vkGetPhysicalDeviceQueueFamilyProperties
vkGetPhysicalDeviceQueueFamilyProperties2
vkGetPhysicalDeviceSparseImageFormatProperties
vkGetPhysicalDeviceSparseImageFormatProperties2
vkGetPhysicalDeviceSurfaceCapabilities2KHR
vkGetPhysicalDeviceSurfaceCapabilitiesKHR
vkGetPhysicalDeviceSurfaceFormats2KHR
vkGetPhysicalDeviceSurfaceFormatsKHR
vkGetPhysicalDeviceSurfacePresentModesKHR
vkGetPhysicalDeviceSurfaceSupportKHR
vkGetPhysicalDeviceWin32PresentationSupportKHR
vkGetPipelineCacheData
vkGetQueryPoolResults
vkGetRenderAreaGranularity
vkGetSemaphoreCounterValue
vkGetSwapchainImagesKHR
vkInvalidateMappedMemoryRanges
vkMapMemory
vkMergePipelineCaches
vkQueueBindSparse
vkQueuePresentKHR
vkQueueSubmit
vkQueueWaitIdle
vkResetCommandBuffer
vkResetCommandPool
vkResetDescriptorPool
vkResetEvent
vkResetFences
vkResetQueryPool
vkSetEvent
vkSignalSemaphore
vkTrimCommandPool
vkUnmapMemory
vkUpdateDescriptorSetWithTemplate
vkUpdateDescriptorSets
vkWaitForFences
vkWaitSemaphores

Sections

.text
Size: 777KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cfguard
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wuapi.dll
.dll regsvr32 windows x64

bdd516f68fe2b04b258a7916ceb9d16a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
memmove
_o__wtol
_o_free
_o_iswspace
_o_malloc
_o_mbstowcs_s
_o_qsort
_o_strcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstombs_s
_o_wcstoul
__CxxFrameHandler3
_CxxThrowException
_o__get_errno
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
wcsstr
_o__cexit
_o__callnewh
wcsrchr
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
strrchr
strchr
__C_specific_handler
__std_terminate
__CxxFrameHandler4
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameA
LoadLibraryExW
FreeLibrary
LockResource
LoadStringW
SizeofResource
GetModuleHandleExW
LoadResource
FindResourceExW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive
CreateMutexExW
ResetEvent
OpenEventW
InitializeCriticalSection
WaitForSingleObjectEx
CreateEventW
LeaveCriticalSection
ReleaseMutex
DeleteCriticalSection
CreateSemaphoreExW
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
OpenSemaphoreW
SetEvent

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
RaiseException

api-ms-win-core-processthreads-l1-1-0

OpenProcessToken
GetCurrentProcessId
GetCurrentThread
OpenThreadToken
GetCurrentProcess
CreateThread
CreateProcessW
GetCurrentThreadId
TerminateProcess

api-ms-win-core-localization-l1-2-0

SetThreadLocale
FormatMessageW
GetThreadLocale

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

NdrDllGetClassObject
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
CStdStubBuffer_IsIIDSupported
NdrStubCall3
IUnknown_QueryInterface_Proxy
NdrOleFree
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
UuidToStringW
RpcStringFreeW
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
UuidToStringA
UuidFromStringW
UuidCreate
IUnknown_Release_Proxy
UuidCreateNil
UuidCompare
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
RpcStringFreeA
NdrCStdStubBuffer2_Release
NdrStubForwardingFunction
CStdStubBuffer_Invoke
RpcServerInqCallAttributesW

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient9
NdrProxyForwardingFunction10
ObjectStublessClient10
NdrProxyForwardingFunction9
ObjectStublessClient8
NdrProxyForwardingFunction12
NdrProxyForwardingFunction21
NdrProxyForwardingFunction3
NdrProxyForwardingFunction7
CStdStubBuffer2_Connect
ObjectStublessClient24
ObjectStublessClient4
ObjectStublessClient19
CStdStubBuffer2_QueryInterface
ObjectStublessClient13
NdrProxyForwardingFunction5
NdrProxyForwardingFunction11
ObjectStublessClient7
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction6
NdrProxyForwardingFunction19
ObjectStublessClient23
NdrProxyForwardingFunction14
ObjectStublessClient15
NdrProxyForwardingFunction16
ObjectStublessClient18
NdrProxyForwardingFunction18
ObjectStublessClient3
NdrProxyForwardingFunction17
ObjectStublessClient22
NdrProxyForwardingFunction8
CStdStubBuffer2_CountRefs
NdrProxyForwardingFunction4
ObjectStublessClient12
ObjectStublessClient11
NdrProxyForwardingFunction13
NdrProxyForwardingFunction20
ObjectStublessClient14
NdrProxyForwardingFunction15

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventSetInformation
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegOpenCurrentUser
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-shcore-thread-l1-1-0

GetProcessReference

api-ms-win-security-base-l1-1-0

AllocateAndInitializeSid
CopySid
CheckTokenMembership
FreeSid
DuplicateToken
ImpersonateSelf
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
IsValidSid
GetLengthSid
DuplicateTokenEx
GetTokenInformation

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc
GlobalFree
GlobalAlloc

api-ms-win-core-localization-obsolete-l1-2-0

GetNumberFormatW
GetUserDefaultUILanguage
CompareStringA

crypt32

CertFindCertificateInStore
CryptProtectData
CryptUnprotectData
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CryptHashPublicKeyInfo
CertOpenStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertControlStore
CertCloseStore

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-threadpool-legacy-l1-1-0

DeleteTimerQueueTimer
CreateTimerQueueTimer

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
CreateActCtxW
DeactivateActCtx
ActivateActCtx

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathIsRootW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
StartServiceW
OpenSCManagerW

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W
QueryServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrRChrW
StrChrW

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

GetDriveTypeW
ReadFile
GetFileType
CreateDirectoryW
CreateFileW
LocalFileTimeToFileTime
GetFileAttributesW
SetFileTime
SetFilePointer
GetFileSizeEx
WriteFile
GetVolumePathNameW

api-ms-win-core-datetime-l1-1-1

GetDateFormatEx

api-ms-win-core-wow64-l1-1-0

Wow64DisableWow64FsRedirection
IsWow64Process
Wow64RevertWow64FsRedirection

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 558KB - Virtual size: 558KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d22b658f9fde8f8fcc101dbaaa5aeab

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

advapi32

kernel32

user32

shell32

gdi32

rpcrt4

ole32

bcrypt

api-ms-win-security-base-l1-1-0

Exports

Exports

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 660KB - Virtual size: 658KB

.data Size: 16KB - Virtual size: 28KB

.pdata Size: 60KB - Virtual size: 56KB

.rsrc Size: 152KB - Virtual size: 151KB

.reloc Size: 12KB - Virtual size: 10KB

e569e6f445d32ba23766ad67d1e3787f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

comctl32

version

user32

oleaut32

netapi32

advapi32

Exports

Exports

Sections

.text Size: 718KB - Virtual size: 718KB

.itext Size: 6KB - Virtual size: 5KB

.data Size: 14KB - Virtual size: 13KB

.bss Size: - Virtual size: 27KB

.idata Size: 4KB - Virtual size: 3KB

.didata Size: 512B - Virtual size: 420B

.edata Size: 512B - Virtual size: 154B

.tls Size: - Virtual size: 24B

.rdata Size: 512B - Virtual size: 93B

.rsrc Size: 210KB - Virtual size: 209KB

03f310fd1bd3afc702f5db7aa523cddf

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3cCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

eb:0e:1f:1e:ae:fe:05:e7:31:eb:3c:56:a2:f8:77:ab:c9:ad:98:35:3d:cf:f6:0e:27:f6:76:d4:ff:bb:c9:f9Signer

Signature Validations

Verification

27/02/2023, 09:31 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-string-l1-1-0

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 660KB - Virtual size: 658KB

.data
Size: 16KB - Virtual size: 28KB

.pdata
Size: 60KB - Virtual size: 56KB

.rsrc
Size: 152KB - Virtual size: 151KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 718KB - Virtual size: 718KB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 420B

.edata
Size: 512B - Virtual size: 154B

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 210KB - Virtual size: 209KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

eb:0e:1f:1e:ae:fe:05:e7:31:eb:3c:56:a2:f8:77:ab:c9:ad:98:35:3d:cf:f6:0e:27:f6:76:d4:ff:bb:c9:f9
Signer

27/02/2023, 09:31
Valid: false

.text
Size: 872KB - Virtual size: 868KB

.rdata
Size: 212KB - Virtual size: 208KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 28KB - Virtual size: 25KB

.didat
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

.reloc
Size: 4KB - Virtual size: 2KB

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

d5:74:c3:ea:7c:d0:b3:3b:38:49:1e:e7:bb:99:67:72:6c:c0:9d:be:e0:54:e0:99:31:b5:3a:95:05:af:a0:28
Signer

27/02/2023, 09:31
Valid: false

.text
Size: 163KB - Virtual size: 163KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 30KB - Virtual size: 105KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 132KB - Virtual size: 132KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:02:66:bd:15:80:ef:a7:5c:d6:d3:00:00:00:00:02:66
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

99:36:00:2d:63:8d:dc:7d:27:9e:21:e3:d8:be:62:5d:4e:6c:68:50:b8:56:3b:19:e3:ff:44:56:61:da:3d:17
Signer