Extracted

• file.exe

  .exe windows x86

  9cbefe68f395e67356e2a5d8d1b285c0

  
  

  Code Sign

  33:00:00:03:8d:b0:bf:e1:b0:ca:33:b3:d4:00:00:00:00:03:8d

  Certificate

  Issuer

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  05-05-2022 19:23

  Not After

  04-05-2023 19:23

  Subject

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:07:76:56:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2011 18:41

  Not After

  19-10-2026 18:51

  Subject

  CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  d9:0c:53:38:d2:ea:0a:01:50:88:4e:00:70:93:c1:05:bb:4e:f4:08:3d:ad:3a:9f:a3:95:88:1c:92:38:25:8d

  Signer

  Actual PE Digest

  d9:0c:53:38:d2:ea:0a:01:50:88:4e:00:70:93:c1:05:bb:4e:f4:08:3d:ad:3a:9f:a3:95:88:1c:92:38:25:8d

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  27-02-2023 09:36

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DEBUG_STRIPPED

  Imports

  kernel32

  WriteFile

  WriteConsoleW

  WaitForMultipleObjects

  WaitForSingleObject

  VirtualQuery

  VirtualFree

  VirtualAlloc

  SwitchToThread

  SuspendThread

  SetWaitableTimer

  SetUnhandledExceptionFilter

  SetProcessPriorityBoost

  SetEvent

  SetErrorMode

  SetConsoleCtrlHandler

  ResumeThread

  PostQueuedCompletionStatus

  LoadLibraryA

  LoadLibraryW

  SetThreadContext

  GetThreadContext

  GetSystemInfo

  GetSystemDirectoryA

  GetStdHandle

  GetQueuedCompletionStatusEx

  GetProcessAffinityMask

  GetProcAddress

  GetEnvironmentStringsW

  GetConsoleMode

  FreeEnvironmentStringsW

  ExitProcess

  DuplicateHandle

  CreateWaitableTimerExW

  CreateThread

  CreateIoCompletionPort

  CreateFileA

  CreateEventA

  CloseHandle

  AddVectoredExceptionHandler

  Sections

  .text

  Size: 1.6MB - Virtual size: 1.6MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1.1MB - Virtual size: 1.1MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 200KB - Virtual size: 386KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 1024B - Virtual size: 988B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 51KB - Virtual size: 51KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 69KB - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  .symtab

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ