fruit_warriors_script___gui_hack___autofarm___i___[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

fruit_warriors_script___gui_hack___autofarm___i___.zip
Size

6.9MB
MD5

6f4db608909e314fc76020e240a08d6d
SHA1

53b4eeaaefd63bc1aeae5c0e0859688ad5146b2b
SHA256

48b3cc0799138804952d7804a326a9356b4713be099d09a03d315d6fa8a6df28
SHA512

e9535e18fa225f586f9097aa218eecfff41eeb6894a4942e49291f81d21d2b13451d8737aebf3ee74f99f1c085717edb5880c5ac0bc7a84724b09b7f0280653a
SSDEEP

196608:5RNhCYH7FXmNPQK7VmXcTMR6M5pl1slFTXJUtI:XNhCSFX0J4XoMR6MlMTXJT

Score

1^/10

Malware Config

Signatures

Files

fruit_warriors_script___gui_hack___autofarm___i___.zip
.zip
UpdateAgent.dll
.dll windows x64

6889babfc88aeedab5cdd8d238e06967

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-05-2022 19:23

Not After

04-05-2023 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90
Signer

Actual PE Digest

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

27-02-2023 09:31
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__wcsicmp
_o__wcsnicmp
_o__wcstoui64
_o__wfopen
_o__wsplitpath_s
_o__wtof
_o__wtoi
_o_fclose
_o_feof
_o_fgetws
_o_free
memmove
_o_iswctype
_o_iswspace
_o_malloc
_o_memcpy_s
_o_strncpy_s
_o_strtol
_o_terminate
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
__CxxFrameHandler3
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
wcsstr
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
strrchr
wcsrchr
strchr
wcschr
__C_specific_handler
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcscmp
memset
wcsnlen
strcmp
strncmp
wcsncmp

ntdll

RtlNtStatusToDosError
NtSetInformationFile
RtlCompareUnicodeString
NtUnloadKey2
RtlDosPathNameToNtPathName_U_WithStatus
RtlAdjustPrivilege
NtLoadKey2
NtDelayExecution
NtShutdownSystem
NtQueryLicenseValue
RtlDestroyEnvironment
NtSetInformationProcess
RtlCreateEnvironmentEx
RtlSetEnvironmentVariable
RtlDowncaseUnicodeChar
RtlExpandEnvironmentStrings_U
RtlInitUnicodeStringEx
RtlLengthSid
RtlDuplicateUnicodeString
NtQueryPerformanceCounter
NtFlushKey
DbgPrintEx
NtQueryVolumeInformationFile
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlCreateUnicodeStringFromAsciiz
NtQueryValueKey
DbgPrint
NtCreateFile
RtlFreeHeap
NtClose
RtlQueryEnvironmentVariable_U
LdrLoadDll
RtlDosPathNameToNtPathName_U
LdrUnloadDll
LdrGetDllHandle
NtOpenKey
NtWriteFile
LdrGetProcedureAddress
NtQueryObject
RtlLeaveCriticalSection
RtlInitializeCriticalSection
RtlEnterCriticalSection
RtlTimeToTimeFields
RtlDeleteCriticalSection
RtlNtStatusToDosErrorNoTeb
RtlLengthSecurityDescriptor
RtlValidSid
NtOpenProcessToken
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
NtDuplicateToken
RtlSetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlQueryInformationAcl
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlRaiseStatus
RtlCreateHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlReAllocateHeap
RtlInitUnicodeString
NtSetInformationThread
NtQueryInformationThread
RtlDestroyHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlGetGroupSecurityDescriptor
RtlCopySid
NtOpenThreadToken
RtlGetVersion
RtlSetGroupSecurityDescriptor
RtlCreateSecurityDescriptor
RtlFindAceByType
RtlGetDaclSecurityDescriptor
RtlDeleteSecurityObject
NtYieldExecution
NtQueryKey
NtDeleteKey
RtlSetCurrentTransaction
NtEnumerateKey
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateValueKey
NtOpenKeyEx
RtlGetAce
RtlpApplyLengthFunction
RtlAddAccessAllowedAceEx
NtReadFile
NtCreateKeyTransacted
RtlNewSecurityObjectEx
NtDeleteFile
NtSetSecurityObject
RtlGetCurrentTransaction
NtDeleteValueKey
RtlAddAce
NtQueryAttributesFile
NtFlushBuffersFile
NtDuplicateObject
NtFsControlFile
NtQueryInformationFile
RtlCreateAcl
NtCreateKey
NtOpenKeyTransactedEx
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetEaFile
RtlReleaseRelativeName
NtQueryEaFile
NtWaitForSingleObject
RtlCopyUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCreateEnvironment
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlExpandEnvironmentStrings
NtQueryInformationToken
VerSetConditionMask

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
DestroyPrivateObjectSecurity
MakeSelfRelativeSD
InitializeAcl
InitializeSecurityDescriptor
FreeSid
CopySid
EqualSid
SetSecurityDescriptorDacl
CreatePrivateObjectSecurityWithMultipleInheritance
GetSecurityDescriptorControl
AllocateAndInitializeSid
IsValidSid
AdjustTokenPrivileges
IsValidAcl
AddAccessAllowedAceEx
CheckTokenMembership
IsValidSecurityDescriptor

api-ms-win-core-file-l1-1-0

SetEndOfFile
GetLogicalDriveStringsW
SetFileTime
GetShortPathNameW
DeleteFileW
GetLogicalDrives
GetVolumeInformationW
GetFileSizeEx
FindFirstFileW
GetFileInformationByHandle
FindNextFileW
FlushFileBuffers
SetFileInformationByHandle
SetFilePointer
GetDiskFreeSpaceW
ReadFile
RemoveDirectoryW
GetFullPathNameW
DeleteFileA
SetFilePointerEx
CreateFileA
CreateDirectoryW
CreateFileW
GetFileType
SetFileAttributesW
GetFileAttributesW
FindFirstFileExW
FindClose
GetDriveTypeW
GetFinalPathNameByHandleW
GetLongPathNameW
GetTempFileNameW
GetFileSize
WriteFile
GetDiskFreeSpaceExW

api-ms-win-core-libraryloader-l1-1-0

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExA
GetModuleFileNameA
GetProcAddress
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
RegEnumKeyExW
RegSetKeySecurity
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
ReleaseSRWLockShared
InitializeCriticalSectionEx
CreateMutexW
ResetEvent
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OpenSemaphoreW
WaitForSingleObjectEx
CreateMutexExW
AcquireSRWLockExclusive
ReleaseSemaphore
AcquireSRWLockShared
OpenEventW
EnterCriticalSection
CreateSemaphoreExW
DeleteCriticalSection
WaitForMultipleObjectsEx
CreateMutexA
SetEvent
TryEnterCriticalSection
CreateEventW
ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseMutex
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapValidate
HeapReAlloc
HeapCompact
HeapFree
HeapCreate
HeapWalk
HeapAlloc
HeapDestroy
HeapSize
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

GetErrorMode
UnhandledExceptionFilter
SetLastError
GetLastError
SetUnhandledExceptionFilter
SetErrorMode
RaiseException

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateGuid
CoGetMalloc
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoSetProxyBlanket
StringFromGUID2

api-ms-win-core-processthreads-l1-1-0

SetThreadPriority
GetCurrentProcess
GetThreadPriority
TlsSetValue
CreateProcessA
SetPriorityClass
GetExitCodeThread
GetPriorityClass
TlsAlloc
GetProcessId
TlsGetValue
ExitProcess
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
TlsFree
CreateProcessW
TerminateProcess
GetCurrentThread
CreateThread
GetCurrentProcessId
GetExitCodeProcess

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetCommandLineW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW

api-ms-win-eventing-provider-l1-1-0

EventWriteString
EventProviderEnabled
EventRegister
EventWriteTransfer
EventUnregister

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetWindowsDirectoryW
GlobalMemoryStatusEx
GetComputerNameExW
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetSystemInfo
GetTickCount64
GetVersion
GetSystemDirectoryW
GetVersionExW
GetTickCount
GetVersionExA
GetLocalTime

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetTempPathW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
FormatMessageW
GetLocaleInfoW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
LocalFree
GlobalLock
LocalAlloc
GlobalSize

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileW
MoveFileW
GlobalMemoryStatus
WaitForMultipleObjects
CreateFileMappingA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-memory-l1-1-0

VirtualFree
CreateFileMappingW
MapViewOfFile
VirtualAlloc
VirtualQuery
VirtualProtect
UnmapViewOfFile

crypt32

CertVerifyCertificateChainPolicy
CryptHashCertificate2

rpcrt4

I_RpcMapWin32Status
UuidToStringW
RpcStringFreeW
UuidFromStringW
UuidCreate

oleaut32

SysAllocString
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

api-ms-win-core-file-l2-1-0

CopyFileExW
GetFileInformationByHandleEx
MoveFileExW

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-shutdown-l1-1-0

InitiateSystemShutdownExW

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvCertFromChain

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-security-provider-l1-1-0

SetSecurityInfo

wer

WerReportAddFile
WerReportSetUIOption
WerReportSubmit
WerReportCreate
WerReportCloseHandle
WerReportSetParameter

api-ms-win-core-localization-obsolete-l1-2-0

LCIDToLocaleName

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathMatchSpecW

api-ms-win-eventing-controller-l1-1-0

EnableTraceEx2
ControlTraceW

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-security-cryptoapi-l1-1-0

CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

api-ms-win-devices-config-l1-1-1

CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_PropertyW

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

Exports

Exports

CreateDeploymentSession
CreateDeploymentSessionEx
CreateOfflineDeploymentSession
UA_CommitActionList
UA_CreateActionList
UA_CreateDownloadList
UA_CreateDownloadListFromActionList
UA_CreatePackageListFromDownloadList
UA_InstallActionList
UA_ReleaseDownloadList

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 597KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.exe
.exe windows x86

e569e6f445d32ba23766ad67d1e3787f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vssapi.dll
.dll windows x64

2d6ab4be0895e18f906975049d810b7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

wcsncmp
wcstok
_wcsdup
wcsrchr
wcspbrk
wcschr
_errno
_beginthreadex
towlower
_wtoi64
_wtoi
wcstoul
memmove_s
tolower
iswdigit
_vsnprintf
memcmp
swscanf
qsort
wcsstr
memcpy
memmove
memset
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
__CxxFrameHandler3
??1exception@@UEAA@XZ
memcpy_s
malloc
towupper
_wcsnicmp
free
_resetstkoflw
_purecall
wcscat_s
realloc
_wcsicmp
_vsnwprintf
__C_specific_handler
??0exception@@QEAA@AEBQEBD@Z
wcscmp

ntdll

NtQueryDirectoryObject
NtOpenDirectoryObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlAdjustPrivilege
RtlUnlockBootStatusData
NtQuerySystemInformation
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtOpenKey
NtQueryValueKey
EtwRegisterTraceGuidsW
RtlIpv4StringToAddressW
RtlIpv6StringToAddressW
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
NtQueryVolumeInformationFile
NtCreateFile
RtlNtStatusToDosError
NtQueryInformationFile
NtFsControlFile
NtClose
RtlInitUnicodeString
EtwTraceMessage
RtlGetSetBootStatusData

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetModuleFileNameW
LoadResource
GetModuleHandleExW
GetProcAddress
FreeLibrary
LockResource
FreeResource
GetModuleFileNameA
LoadLibraryExW
SizeofResource
LoadStringW
FindResourceExW

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-registry-l1-1-0

RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegUnLoadKeyW
RegEnumValueW
RegLoadKeyW

api-ms-win-core-synch-l1-1-0

ReleaseMutex
AcquireSRWLockExclusive
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
CreateEventW
CreateMutexW
DeleteCriticalSection
ReleaseSemaphore
EnterCriticalSection
OpenSemaphoreW
WaitForSingleObjectEx
InitializeCriticalSection
ResetEvent
LeaveCriticalSection
ReleaseSRWLockExclusive
CreateSemaphoreExW
SetEvent
CreateMutexExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcpynW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetVolumeInformationW
ReadFile
FindFirstFileW
FindNextFileW
FindClose
SetFilePointer
GetVolumePathNameW
CreateFileW
SetFilePointerEx
DeleteFileW
WriteFile
GetFileAttributesW
CreateDirectoryW
GetLogicalDrives
GetFullPathNameW
GetDriveTypeW

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW

api-ms-win-core-file-l1-2-0

GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
SetLastError
RaiseException
UnhandledExceptionFilter
SetErrorMode
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-sysinfo-l1-1-0

GetComputerNameExW
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
GetTickCount
GetSystemTime
GetSystemInfo
GetTickCount64
GetVersionExW
GetWindowsDirectoryW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapDestroy
GetProcessHeap
HeapAlloc

api-ms-win-core-heap-l2-1-0

GlobalAlloc
LocalAlloc
GlobalFree
LocalFree

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
ResumeThread
SetThreadToken
GetCurrentThread
TerminateProcess
TlsGetValue
GetCurrentProcess
TlsSetValue
CreateThread
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
OpenThreadToken

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringA
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vsstrace

ord9
ord7
ord5
ord4
ord2
ord8
ord6
ord11
ord3
ord10
ord1

api-ms-win-security-base-l1-1-0

GetSidSubAuthorityCount
AddAccessAllowedAceEx
AddAccessDeniedAceEx
InitializeAcl
AddAce
GetAce
GetAclInformation
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
CopySid
GetLengthSid
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
CreateWellKnownSid
PrivilegeCheck
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
EqualDomainSid
DuplicateToken
RevertToSelf
IsValidSid
EqualSid
GetTokenInformation

api-ms-win-eventlog-legacy-l1-1-0

ReportEventW
RegisterEventSourceW
DeregisterEventSource

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW

rpcrt4

UuidFromStringW
UuidToStringW
UuidCreate
RpcStringFreeW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventActivityIdControl
EventRegister

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-file-l2-1-0

CopyFileExW

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

ws2_32

GetNameInfoW
InetPtonW
WSAStartup

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

Exports

Exports

??0CVssJetWriter@@QEAA@XZ
??0CVssWriter@@QEAA@XZ
??1CVssJetWriter@@UEAA@XZ
??1CVssWriter@@UEAA@XZ
?AreComponentsSelected@CVssJetWriter@@IEBA_NXZ
?AreComponentsSelected@CVssWriter@@IEBA_NXZ
?CreateVssBackupComponents@@YAJPEAPEAVIVssBackupComponents@@@Z
?CreateVssExamineWriterMetadata@@YAJPEAGPEAPEAVIVssExamineWriterMetadata@@@Z
?GetBackupType@CVssJetWriter@@IEBA?AW4_VSS_BACKUP_TYPE@@XZ
?GetBackupType@CVssWriter@@IEBA?AW4_VSS_BACKUP_TYPE@@XZ
?GetContext@CVssJetWriter@@IEBAJXZ
?GetContext@CVssWriter@@IEBAJXZ
?GetCurrentLevel@CVssJetWriter@@IEBA?AW4_VSS_APPLICATION_LEVEL@@XZ
?GetCurrentLevel@CVssWriter@@IEBA?AW4_VSS_APPLICATION_LEVEL@@XZ
?GetCurrentSnapshotSetId@CVssJetWriter@@IEBA?AU_GUID@@XZ
?GetCurrentSnapshotSetId@CVssWriter@@IEBA?AU_GUID@@XZ
?GetCurrentVolumeArray@CVssJetWriter@@IEBAPEAPEBGXZ
?GetCurrentVolumeArray@CVssWriter@@IEBAPEAPEBGXZ
?GetCurrentVolumeCount@CVssJetWriter@@IEBAIXZ
?GetCurrentVolumeCount@CVssWriter@@IEBAIXZ
?GetRestoreType@CVssJetWriter@@IEBA?AW4_VSS_RESTORE_TYPE@@XZ
?GetRestoreType@CVssWriter@@IEBA?AW4_VSS_RESTORE_TYPE@@XZ
?GetSnapshotDeviceName@CVssJetWriter@@IEBAJPEBGPEAPEBG@Z
?GetSnapshotDeviceName@CVssWriter@@IEBAJPEBGPEAPEBG@Z
?Initialize@CVssJetWriter@@QEAAJU_GUID@@PEBG_N211K@Z
?Initialize@CVssWriter@@QEAAJU_GUID@@PEBGW4VSS_USAGE_TYPE@@W4VSS_SOURCE_TYPE@@W4_VSS_APPLICATION_LEVEL@@KW4VSS_ALTERNATE_WRITER_STATE@@_N1@Z
?InstallAlternateWriter@CVssWriter@@QEAAJU_GUID@@0@Z
?IsBootableSystemStateBackedUp@CVssJetWriter@@IEBA_NXZ
?IsBootableSystemStateBackedUp@CVssWriter@@IEBA_NXZ
?IsPartialFileSupportEnabled@CVssJetWriter@@IEBA_NXZ
?IsPartialFileSupportEnabled@CVssWriter@@IEBA_NXZ
?IsPathAffected@CVssJetWriter@@IEBA_NPEBG@Z
?IsPathAffected@CVssWriter@@IEBA_NPEBG@Z
?OnAbortBegin@CVssJetWriter@@UEAAXXZ
?OnAbortEnd@CVssJetWriter@@UEAAXXZ
?OnBackOffIOOnVolume@CVssWriter@@UEAA_NPEAGU_GUID@@1@Z
?OnBackupComplete@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnBackupCompleteBegin@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnBackupCompleteEnd@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@_N@Z
?OnBackupShutdown@CVssWriter@@UEAA_NU_GUID@@@Z
?OnContinueIOOnVolume@CVssWriter@@UEAA_NPEAGU_GUID@@1@Z
?OnFreezeBegin@CVssJetWriter@@UEAA_NXZ
?OnFreezeEnd@CVssJetWriter@@UEAA_N_N@Z
?OnIdentify@CVssJetWriter@@UEAA_NPEAVIVssCreateWriterMetadata@@@Z
?OnIdentify@CVssWriter@@UEAA_NPEAVIVssCreateWriterMetadata@@@Z
?OnPostRestore@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@_N@Z
?OnPostSnapshot@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPostSnapshot@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPreRestore@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPreRestoreBegin@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPreRestoreEnd@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@_N@Z
?OnPrepareBackup@CVssWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPrepareBackupBegin@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UEAA_NPEAVIVssWriterComponents@@_N@Z
?OnPrepareSnapshotBegin@CVssJetWriter@@UEAA_NXZ
?OnPrepareSnapshotEnd@CVssJetWriter@@UEAA_N_N@Z
?OnThawBegin@CVssJetWriter@@UEAA_NXZ
?OnThawEnd@CVssJetWriter@@UEAA_N_N@Z
?OnVSSApplicationStartup@CVssWriter@@UEAA_NXZ
?OnVSSShutdown@CVssWriter@@UEAA_NXZ
?SetWriterFailure@CVssJetWriter@@IEAAJJ@Z
?SetWriterFailure@CVssWriter@@IEAAJJ@Z
?Subscribe@CVssWriter@@QEAAJK@Z
?Uninitialize@CVssJetWriter@@QEAAXXZ
?Unsubscribe@CVssWriter@@QEAAJXZ
CreateVssBackupComponentsInternal
CreateVssExamineWriterMetadataInternal
CreateVssExpressWriterInternal
CreateVssSnapshotSetDescription
CreateWriter
CreateWriterEx
DllCanUnloadNow
DllGetClassObject
GetProviderMgmtInterface
GetProviderMgmtInterfaceInternal
IsVolumeSnapshotted
IsVolumeSnapshottedInternal
LoadVssSnapshotSetDescription
ShouldBlockRevert
ShouldBlockRevertInternal
VssFreeSnapshotProperties
VssFreeSnapshotPropertiesInternal

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
w32time.dll
.dll regsvr32 windows x64

b589087b583232ae3bee8c420299bd11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp_win

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
wcscmp
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ultow
memmove
_o__wcsicmp
_o__wcsnicmp
_o_ceil
_o_floor
_o_free
_o_log
_o_malloc
_o_qsort
_o_sqrt
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstoul
_CxxThrowException
_o__execute_onexit_table
_o__errno
_o__crt_atexit
__CxxFrameHandler3
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcsstr
wcschr
__C_specific_handler
_set_se_translator
__CxxFrameHandler4
_local_unwind
memcmp
memcpy

rpcrt4

NdrServerCall2
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcServerUnregisterIf
NdrServerCallAll
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcRevertToSelf
RpcServerInqCallAttributesW
RpcImpersonateClient
RpcMgmtInqServerPrincNameW
RpcStringFreeW
RpcBindingFree
NdrClientCall3
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoW
RpcStringBindingComposeW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTime
GetTickCount64
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
CreateSemaphoreExW
ResetEvent
CreateEventW
ReleaseSemaphore
AcquireSRWLockExclusive
DeleteCriticalSection
WaitForMultipleObjectsEx
CreateMutexExW
ReleaseSRWLockExclusive
OpenSemaphoreW
WaitForSingleObject
ReleaseMutex
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSectionEx
SetEvent

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
GetLastError
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
OpenProcessToken
SetThreadPriority
GetCurrentProcess
GetExitCodeThread
TerminateProcess
SetThreadStackGuarantee
CreateThread
OpenThreadToken
GetCurrentProcessId
GetCurrentThread

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
LoadLibraryExW
GetModuleHandleW
LoadStringW
GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
SetHandleInformation
GetHandleInformation

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-registry-l1-1-0

RegGetValueA
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegGetValueW
RegOpenKeyExA

api-ms-win-core-synch-l1-2-0

Sleep

bcrypt

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash

logoncli

NetLogonSetServiceBits
NetLogonGetTimeServiceParentDomain
I_NetlogonComputeClientSignature
DsGetDcNameW
I_NetlogonComputeServerDigest
I_NetlogonComputeServerSignature
I_NetlogonGetTrustRid
DsGetSiteNameW
I_NetlogonComputeClientDigest

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
AdjustTokenPrivileges
PrivilegeCheck
GetTokenInformation

api-ms-win-service-management-l1-1-0

OpenSCManagerW
CreateServiceW
OpenServiceW
DeleteService
CloseServiceHandle

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW
ChangeServiceConfig2W

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWrite
EventWriteTransfer
EventRegister
EventUnregister

api-ms-win-power-setting-l1-1-0

PowerSettingUnregisterNotification
PowerSettingRegisterNotification

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-file-l1-1-0

WriteFile
FileTimeToLocalFileTime
CreateFileW
GetFileSizeEx

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus

api-ms-win-core-threadpool-private-l1-1-0

RegisterWaitForSingleObjectEx

api-ms-win-service-private-l1-1-0

I_ScSetServiceBitsW

nsi

NsiGetAllParameters

api-ms-win-core-perfcounters-l1-1-0

PerfSetCounterSetInfo
PerfSetCounterRefValue
PerfDeleteInstance
PerfCreateInstance
PerfStartProvider
PerfStopProvider

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
UnregisterWaitEx
QueueUserWorkItem
ChangeTimerQueueTimer
DeleteTimerQueueTimer

ntdll

RtlAllocateHeap
RtlImageNtHeader
RtlFreeHeap
RtlDeleteResource
NtSetSystemTime
NtSetSystemInformation
NtQuerySystemInformation
RtlIsStateSeparationEnabled
RtlConvertSharedToExclusive
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlInitializeCriticalSection
RtlInitializeGenericTableAvl
RtlEnterCriticalSection
RtlInsertElementGenericTableAvl
RtlLeaveCriticalSection
RtlLookupElementGenericTableAvl
RtlDeleteElementGenericTableAvl
RtlDeleteCriticalSection
RtlConvertExclusiveToShared
RtlAcquireResourceExclusive
RtlInitializeResource
RtlReleaseResource
NtOpenFile
RtlStringFromGUID
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
RtlReleaseSRWLockExclusive
RtlRunOnceExecuteOnce
RtlNtStatusToDosError
RtlAcquireSRWLockExclusive
RtlInitUnicodeString
RtlAcquireResourceShared

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-memory-l1-1-0

VirtualProtect
VirtualQuery
VirtualAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

logf

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer
SvchostEntry_W32Time
SvchostPushServiceGlobals
TimeProvClose
TimeProvCommand
TimeProvOpen
W32TimeBufferFree
W32TimeDcPromo
W32TimeDeleteConfig
W32TimeGetNetlogonServiceBits
W32TimeLog
W32TimeQueryConfig
W32TimeQueryConfiguration
W32TimeQueryHardwareProviderStatus
W32TimeQueryNTPProviderStatus
W32TimeQueryNtpProviderConfiguration
W32TimeQuerySource
W32TimeQueryStatus
W32TimeSetConfig
W32TimeSyncNow
W32TimeVerifyJoinConfig
W32TimeVerifyUnjoinConfig
W32TmServiceMain
fnW32TmI_ScSetServiceBits
fnW32TmRegisterServiceCtrlHandlerEx
fnW32TmSetServiceStatus

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6889babfc88aeedab5cdd8d238e06967

Code Sign

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8dCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90Signer

Signature Validations

Verification

27-02-2023 09:31 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

ntdll

api-ms-win-security-base-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-memory-l1-1-0

crypt32

rpcrt4

oleaut32

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-shutdown-l1-1-0

wintrust

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-provider-l1-1-0

wer

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-eventing-controller-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-devices-config-l1-1-1

api-ms-win-core-errorhandling-l1-1-2

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

PAGE Size: 10KB - Virtual size: 10KB

.rdata Size: 597KB - Virtual size: 596KB

33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4a:d3:6f:4a:f9:a3:35:61:17:a0:e6:49:3a:fd:69:c2:a1:dd:c9:92:fd:df:84:20:0d:3a:54:1e:8b:db:02:90
Signer

27-02-2023 09:31
Valid: false

.text
Size: 1.8MB - Virtual size: 1.8MB

PAGE
Size: 10KB - Virtual size: 10KB

.rdata
Size: 597KB - Virtual size: 596KB

.data
Size: 26KB - Virtual size: 41KB

.pdata
Size: 46KB - Virtual size: 45KB

.didat
Size: 512B - Virtual size: 24B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 718KB - Virtual size: 718KB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 14KB - Virtual size: 13KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 4KB - Virtual size: 3KB

.didata
Size: 512B - Virtual size: 420B

.edata
Size: 512B - Virtual size: 154B

.tls
Size: - Virtual size: 24B

.rdata
Size: 512B - Virtual size: 93B

.rsrc
Size: 171KB - Virtual size: 171KB