Use_75970_As_Passw0rd[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Use_75970_As_Passw0rd.rar
Size

16.2MB
MD5

672487c01a8271fa1b1be74cd7f2e1a2
SHA1

b543fc47b4f98b4d67ebee3fa0555690d9836a7e
SHA256

9a3d0f721e48bc83c708f4a374a2468ebf012d345f5fa40db9396df0dd3351ff
SHA512

f13132da76c646108ed808879f3ddba73013a21c20ccdece43966f090a623974711e128f3356cc70d3bca442411588ff592c6f42be16447199ef402c0385a06c
SSDEEP

393216:6DVUe29qw71vtxPyoDgvCc70L58H1CZz3XlffO4pJX3w6kgV:6D29qihNgvN7018VCdpfP/X8q

Score

1^/10

Malware Config

Signatures

Files

Use_75970_As_Passw0rd.rar
.rar

Password: 75970
AdonisUI.ClassicTheme.dll
.dll windows x86

Password: 75970

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdonisUI.ClassicTheme.xml
.xml
AdonisUI.dll
.dll windows x86

Password: 75970

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdonisUI.xml
.xml
BouncyCastle.Crypto.dll
.dll windows x86

Password: 75970

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:d7:ef:74:a9:ff:03:a2:20:b6:ed:bb:39:9d:14:c1
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/03/2020, 00:00

Not After

23/03/2023, 12:00

Subject

SERIALNUMBER=5101633,CN=Claire Novotny LLC,O=Claire Novotny LLC,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61
Signer

Actual PE Digest

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=5101633,CN=Claire Novotny LLC,O=Claire Novotny LLC,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553

19/10/2021, 11:53
Valid: true

Chain 1

SERIALNUMBER=5101633,CN=Claire Novotny LLC,O=Claire Novotny LLC,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13084e657720596f726b,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BouncyCastle.Crypto.xml
.xml
Setup.exe
.exe windows x86

Password: 75970

32b37a1ff8b4e9d40e4e5c4a048ee542

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalSize
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

gdi32

GetDeviceCaps

ole32

CoInitialize

user32

CharUpperBuffW

Exports

Exports

|i�9wk�+��-��4�d^��lv�r�fb ��Tk�<�~r0�B��z��Yl��YF-�5:��M୅��͓r/�xu ��Z�' �� R� �U<5��(=�ڕ� E\Ӂ-�Ot�߷��4��+��X`ĩ�_J�X��x�қ��W� ŏ3k�{��V�a�k�z� ��( H-�n��_I�_�� ah��.pn.�NDA��{1Ĝ��}�%�00p{��M�^1�s�-2�;��3��H�0��o瞫��K��ܵ��x�cƳ��U^��CM̥>R^l��7��S��4�p�6w�,�I��+��l w��7�k��`��U̶�ASY^h7'�0�Ô��ɧ��U�ȩVy�o0_��o$6�bN�a�Ȗ6�1$�K.�Z��쐩A��}�j�6!�� Bd${?�<*l�O��Q�c��0��y��'��||�}��v�G��*N�j�(`��J+� ��X�� !k��yռ �WF�S�9�Ԝ�b��Sko8�Ӣ�\G��+��橞#g�(�A��aR|ޭ^��qz��qw#'gA�ݐ�L��-4��M��s��Bۉ��߉ ��#��Jn�"��'��RV*�w�aF��LߤMK�hL0 �J�|�W"��܎��b^�@�a��c��B�i��Yce��L�XEc�V��_��P�a`)��l�Iܙ�sQ��%��=l0�:��Jie:oDy�|�k��@��S�n�[FՁK=e��_�ໟ�=��I�{ȈM9��%~��|�*��[�q��.�s��w��F��@��Fޫ�8�Q��t=Wy�j!�7��x�>d��M��N� ��Xr�-d'MF0o��Y-e��r��".A;�9˩Z��+htm'�ɰ�R��w�'��G��!��;X��[�� #�6{�:�RKGv.\�P�3�Y �$��Mv2�T�l�,��ŗ�O|�Dٷ^�ƕ��)H��8,� <~hXq-N��(e�WM��D��n9�l�e"pyG��q�A<�\�z�z� B*�ٛV�J�3�{v'��a��a�.��w?��?-w��֟<+AHxRoEr��<k��l��rZv��P�w��C�X��K�R1Pm��\�� ņ��p��;>�_^��'�es$$E&�dU��fa��sD�oFb �^�1��R��k��̪x�엚�4��w��T,�"�a@ѫeD��-��|�Ի_��ْ��=�2��,�͇L��U��v�Xۛ<=��S��Γ��0�\�GI,3�p��_��4 �ɛ��nk�jߗG?N�7��IT$f~�hR'ȼ�V�ʅml��I�� Vh=1��ai�߁�t��I�!��m��a�x�Dj]��>s��[��W��o��)��߁,��W�]_o4`��I+��E�!*qgqT�]�'t��G}b��y��yK<�%�$D��7IO4W��u�,�_�-��1Pފ�5ċtBm�D�e��tm ӽ� |gf(娯"~��'�D��u�(�s۝'��jêՊ�T��S�� ǵE*��H��rθ8P��2��9��S�E�G�JwJ:��B�eO�V� D��x��*E0#�l�3#��Pk무�!��|`�lr��a��t��X��6@v�+��a'��U~��m�_�0Y��n�CJW{X!;��+N��.(.��E��'��v�*��ܵ��V��(G��\�ˑ��[i~��ku8/�it�BӪ@��Ff��_/g��و�,O6�ӱ�^G�a�|g�$;��\��%�a.G�6-�g�p�2��=��B.� N��g��\9��(:�f�~�sn�Ȇ�&6�X��C\)@��z�%�,`��1z�R��I��,��Z5��M?2�>�/�Ɣ��#��<��{\Y��@+C��B9�謗��ژ�7�-��^0�t��~��m��E#&N�K�L�> �9Jiz �� ow��z��΢\�=��!�F�6�U�}oj�~��sXPl��:O��VL�,�s�9��90��e�܇�9��5�emN��7V�4k�Q=zm�E�'8��vI��P��g��ꒅf�:/H?�S"6w[��+9�Ne��0� �\.�w$��?8�OSzQ��H#� @2*��7�@y��Ӑ;����O` ��?��YH�ǁ� ��ҕQ"��w�D��[Y�`ΆۗU�cuJS˷f�X/XZ��j��?��.<W�D�&��4s3IOR�R+ɥ�}(��|��2��@k��<��u��s��:��@J��.g�!b�4�E8��a.�V�1��"��P{��f�fH*��[I)�j��b��<t��4�(��5��a}�e'-��S��HZ�Ӗ(X�+��~�v�@�S�8��㹱�Z��Ҏ��t��h�X��}��km��=�a��n�HQ?��d�Y��?_��p7U��J�|(��Y�݈T�@ ��K+ 3S&?k҈J�4N噿��`&f��9��x��SS�I,�,�� Zȥ�1�L�$�"C��Hb|�'�oSmٱd�6�||H�[�]U��0��}�wwX�#C�M$J��ᆻ`w��;��6��J�ț��d�_��!�ۛtl�ႮzqY| b��E�ND�<ћ�c#'h;M\�~^-�%X$谱�*�l��<o?dw�%=W��(`%�t�V ��iEm�o&V��ۍ��[��X��Sa��X�AuY�R-�0��􈬺�|g�jT��&т�x=��7��U?�$R�`^��{��iL�`V�B�,� u��xez�-��M��'�sC��Z��KF:

Sections

.text
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

./|~
Size: - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tpT
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.j**
Size: 13.2MB - Virtual size: 13.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x64/SQLite.Interop.dll
.dll windows x64

Password: 75970

a42f73521c784fa06f1d886fcbcefcba

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd
Signer

Actual PE Digest

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

02/11/2021, 17:47
Valid: true

Chain 1

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo

wintrust

WinVerifyTrust

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
WriteConsoleW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
AreFileApisANSI
SetEnvironmentVariableA
RaiseException
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
lstrcmpiW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI00b5de0dbe05adc8
SI00f2097672333949
SI013768ea228eaf06
SI03ee1370ff2172fd
SI050169b0f137dcac
SI061f9351f6b79d40
SI066df4a47deb7b95
SI075258fe7332f5c9
SI07646c0ac405baf1
SI0a8f1a0337a9feb7
SI0b65268e19d3b81d
SI0e7c9abcb195c68c
SI0f556a49067bf550
SI0fe7fecb92f1b44b
SI12409cae6ddf2f1e
SI12a7c0808f3f99f2
SI150953dc62f0a879
SI1527d54f96ad891e
SI15d5f41c81892f13
SI19b2677a019ab7ab
SI1ae480d1861ed022
SI1bc1bc471c8cd143
SI1c7a7970970b9619
SI21d24eac30bb9014
SI23e7cf9c8e559e93
SI2409c7e1eb500ce9
SI24bb313f312e2857
SI24f5c83eaddd65e8
SI252aeb4a9d3dc2ff
SI2b074e8cf29cb472
SI2b5f6f3d24eb7ba3
SI2bc16556d60ccfcd
SI2c7820fd77bf7594
SI31a566678d8c54ab
SI327cfc7a6b1fd1fb
SI32b0162a49ae8729
SI349980d776ee39ac
SI36ddf861177da59c
SI36e67160052f7f69
SI3723ba2973e3b57b
SI3974af1f94b94613
SI3d45b939740dff51
SI3d527d6e902c8427
SI3efc17e9bbe52434
SI3f596ca698b243fc
SI3f8b1cdb4dc92eff
SI45d842f2d2322061
SI462a496f3247faf2
SI46481015c7f49c68
SI4983499b64278231
SI4987aea8bdedf163
SI4abff63f9a080046
SI4bf5a93645714882
SI4ceb9ee614df7639
SI4fb6877896ef7303
SI50a9b553ac0b2e2a
SI52058dea2268cd04
SI546abd8b90c0f48d
SI568a7d0a1f4d0ff4
SI57335d3e329eea8d
SI5887bf867911838d
SI588da80b6a264802
SI5b2b3e8bff031a75
SI5b7374ef2d63d8eb
SI5c7fb49466251e7d
SI609efcf96ea8408a
SI61a330d2e855b61b
SI633e1c91fb9a8aa1
SI64119fb980b7e962
SI6479b9cf07b87f67
SI674c3bc07fc17979
SI6901b186cfd089f2
SI690ffdcfd9cda629
SI69d8a1d378771295
SI6cfa851319f410c1
SI6d14611bb8b2c8bc
SI6e539204336d5b4b
SI6e6c544c028b2de9
SI70e4ec628dd7e188
SI7164645d0504ae24
SI72621cc08869a205
SI72b05b1ad5f34d61
SI75fe921d50a95fe0
SI768767362ea03a94
SI77ffe3fede90bfbb
SI783104ea11038afc
SI79f6c64948ab63d2
SI7a4943591207dd14
SI7b97ee05aa1e64c7
SI7c373366af3ee2f7
SI7cd7250399b1ea60
SI7da3b9691a73b4a2
SI7f41c842e0d89557
SI8162bd921f89d839
SI824276b89178ecbe
SI83d1cf4976f57337
SI863e1ae0679961f5
SI87a11c29fe1dc17b
SI88974d2e6bd51eff
SI8a3a9f59ab5f24ee
SI8d447a033d183aaf
SI8d676d5954c732bc
SI8dd2c969f2a6a31e
SI8e33e5864c547f3f
SI9196a02c851acbfb
SI919f742193b92a4b
SI943321d364f02e5d
SI94d8f51c6c1db577
SI950480ab972e108d
SI9517b76a4f0b657e
SI9662fa92cee70cf1
SI979d7afd84d6f0ca
SI989b06a5a9b937fe
SI989b754accd7cddf
SI9bf461db9bf83c22
SI9c6d7cd7b7d38055
SI9cb7692f61998485
SI9ea49276dcf9849f
SIa069da76968b7553
SIa0f9dd1158cbfb0c
SIa1d7e21a548b910c
SIa26b8e5116b7d93b
SIa2a6050a8dbd3b7a
SIa3401e98cbad673e
SIa3f7b31190ce0815
SIa618e7f1e95b5c32
SIa62692883d0c456a
SIa8e1a742a358dc07
SIa9b758d3ae2e9aea
SIab3ed5feb3c43f0c
SIada7f27769d7f95b
SIae9562605f0b7c06
SIb391996b7b633820
SIb3f045f05d2d1b0e
SIb4089165600bb7f5
SIb4e97c410be9a2cf
SIb6d52d8cb2f1045a
SIb739af05c351a5b0
SIb84ee16d149e7562
SIb94a6bc97d77e69f
SIbc9b0b73a965892b
SIbff6307869d58daf
SIc001296960f3e921
SIc0bb4eab77f5a999
SIc21d402df09e0c69
SIc26100c97b176329
SIc28b5d2d1f102994
SIc2d8715ee8c9e908
SIc38599462746964c
SIc3b0ae4f7a27b7a8
SIc5d5610a73781fac
SIc8c63d94dd03040b
SIca6f27da046939cc
SIcbf931747ce28d75
SIcc134e65c80c0c61
SIcd2334250b08e199
SIcd6b4ac0aeff7202
SId00f524badf4f5cf
SId6deafdcc0c75049
SId99ac2a61d035e11
SIdba35b6dcb77d463
SIdbbe1b52f304f379
SIdc2e4e1ccfa9a043
SIdc6920f226dceb74
SIdca7c218fe9393fb
SIde347320a2d725fa
SIdeb28053ce71d5b4
SIdfd4d81e1791b463
SIe25e8f29ef2a78eb
SIe2cb515ade8c0235
SIe57aa77c8884d3f9
SIe6405dfd7b63ead9
SIe68a75d48671c8a5
SIe7632ce587b97772
SIea4313bfab0cfe57
SIea8388f7613ed158
SIec91f505db92f298
SIecd4a7ef4a5968a1
SIeea5cda6d9846aa5
SIef12447577961bdf
SIf060fffd3e5c94b5
SIf21356bf3fa1a8ef
SIf216ef3874529d42
SIf356c1132676af25
SIf4199c70bfb81a15
SIf499bb5c421377e7
SIf71b64d343ddea8b
SIf8090240c1414098
SIf8364af380546f2d
SIf86df75514f4442f
SIf8a71e249d9c661f
SIf8b1716e85b0e192
SIf8ee6276be88ce12
SIfc350ae509dc2b53
SIfca3960780d005fa
SIfcfad09d1b0a60ec
SIfd52d1389825aac4
SIfdb97bb7d9d0d622
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_json_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/SQLite.Interop.dll
.dll windows x86

Password: 75970

39ace63b362beb47a2a7a8202a5c4f2d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

01/10/2021, 00:00

Not After

12/12/2024, 23:59

Subject

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df
Signer

Actual PE Digest

18:28:ac:13:a6:25:5d:21:f8:30:42:d7:18:8e:57:cb:ff:65:3f:df

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

02/11/2021, 17:46
Valid: true

Chain 1

SERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo

wintrust

WinVerifyTrust

kernel32

TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
WriteConsoleW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetEnvironmentVariableA
AreFileApisANSI
DecodePointer
SetStdHandle
RaiseException
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

user32

wsprintfW

advapi32

CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey

Exports

Exports

SI00b5de0dbe05adc8
SI00f2097672333949
SI03ee1370ff2172fd
SI066df4a47deb7b95
SI07646c0ac405baf1
SI0a8f1a0337a9feb7
SI0e7c9abcb195c68c
SI12409cae6ddf2f1e
SI12a7c0808f3f99f2
SI150953dc62f0a879
SI1527d54f96ad891e
SI19b2677a019ab7ab
SI1ae480d1861ed022
SI1bc1bc471c8cd143
SI1c7a7970970b9619
SI21d24eac30bb9014
SI23e7cf9c8e559e93
SI2409c7e1eb500ce9
SI24bb313f312e2857
SI252aeb4a9d3dc2ff
SI2b5f6f3d24eb7ba3
SI2bc16556d60ccfcd
SI2c7820fd77bf7594
SI31a566678d8c54ab
SI327cfc7a6b1fd1fb
SI32b0162a49ae8729
SI36ddf861177da59c
SI36e67160052f7f69
SI3723ba2973e3b57b
SI3d45b939740dff51
SI3d527d6e902c8427
SI3efc17e9bbe52434
SI3f596ca698b243fc
SI3f8b1cdb4dc92eff
SI45d842f2d2322061
SI462a496f3247faf2
SI46481015c7f49c68
SI4983499b64278231
SI4987aea8bdedf163
SI4abff63f9a080046
SI4bf5a93645714882
SI4ceb9ee614df7639
SI4fb6877896ef7303
SI50a9b553ac0b2e2a
SI52058dea2268cd04
SI546abd8b90c0f48d
SI568a7d0a1f4d0ff4
SI588da80b6a264802
SI5b2b3e8bff031a75
SI5b7374ef2d63d8eb
SI5c7fb49466251e7d
SI609efcf96ea8408a
SI61a330d2e855b61b
SI633e1c91fb9a8aa1
SI674c3bc07fc17979
SI6901b186cfd089f2
SI69d8a1d378771295
SI6cfa851319f410c1
SI6d14611bb8b2c8bc
SI6e539204336d5b4b
SI70e4ec628dd7e188
SI7164645d0504ae24
SI72621cc08869a205
SI75fe921d50a95fe0
SI768767362ea03a94
SI783104ea11038afc
SI79f6c64948ab63d2
SI7f41c842e0d89557
SI8162bd921f89d839
SI824276b89178ecbe
SI83d1cf4976f57337
SI863e1ae0679961f5
SI87a11c29fe1dc17b
SI88974d2e6bd51eff
SI8a3a9f59ab5f24ee
SI8d447a033d183aaf
SI8d676d5954c732bc
SI8e33e5864c547f3f
SI9196a02c851acbfb
SI919f742193b92a4b
SI943321d364f02e5d
SI94d8f51c6c1db577
SI950480ab972e108d
SI9517b76a4f0b657e
SI9662fa92cee70cf1
SI979d7afd84d6f0ca
SI989b06a5a9b937fe
SI989b754accd7cddf
SI9c6d7cd7b7d38055
SI9cb7692f61998485
SIa069da76968b7553
SIa0f9dd1158cbfb0c
SIa26b8e5116b7d93b
SIa2a6050a8dbd3b7a
SIa3401e98cbad673e
SIa3f7b31190ce0815
SIa618e7f1e95b5c32
SIa62692883d0c456a
SIae9562605f0b7c06
SIb3f045f05d2d1b0e
SIb4089165600bb7f5
SIb4e97c410be9a2cf
SIb6d52d8cb2f1045a
SIb739af05c351a5b0
SIbc9b0b73a965892b
SIbff6307869d58daf
SIc001296960f3e921
SIc26100c97b176329
SIc28b5d2d1f102994
SIc38599462746964c
SIc3b0ae4f7a27b7a8
SIca6f27da046939cc
SIcbf931747ce28d75
SIcc134e65c80c0c61
SIcd6b4ac0aeff7202
SId6deafdcc0c75049
SId99ac2a61d035e11
SIdba35b6dcb77d463
SIdc2e4e1ccfa9a043
SIdc6920f226dceb74
SIde347320a2d725fa
SIdfd4d81e1791b463
SIe25e8f29ef2a78eb
SIe57aa77c8884d3f9
SIe6405dfd7b63ead9
SIe68a75d48671c8a5
SIe7632ce587b97772
SIea4313bfab0cfe57
SIea8388f7613ed158
SIec91f505db92f298
SIecd4a7ef4a5968a1
SIef12447577961bdf
SIf060fffd3e5c94b5
SIf21356bf3fa1a8ef
SIf216ef3874529d42
SIf356c1132676af25
SIf4199c70bfb81a15
SIf499bb5c421377e7
SIf71b64d343ddea8b
SIf8364af380546f2d
SIf86df75514f4442f
SIf8a71e249d9c661f
SIf8b1716e85b0e192
SIf8ee6276be88ce12
SIfc350ae509dc2b53
SIfca3960780d005fa
SIfd52d1389825aac4
SIfdb97bb7d9d0d622
_SI013768ea228eaf06@8
_SI050169b0f137dcac@12
_SI061f9351f6b79d40@8
_SI075258fe7332f5c9@0
_SI0b65268e19d3b81d@12
_SI0f556a49067bf550@8
_SI0fe7fecb92f1b44b@12
_SI15d5f41c81892f13@8
_SI24f5c83eaddd65e8@4
_SI2b074e8cf29cb472@16
_SI349980d776ee39ac@12
_SI3974af1f94b94613@12
_SI57335d3e329eea8d@12
_SI5887bf867911838d@12
_SI64119fb980b7e962@12
_SI6479b9cf07b87f67@8
_SI690ffdcfd9cda629@8
_SI6e6c544c028b2de9@4
_SI72b05b1ad5f34d61@12
_SI77ffe3fede90bfbb@32
_SI7a4943591207dd14@4
_SI7b97ee05aa1e64c7@12
_SI7c373366af3ee2f7@4
_SI7cd7250399b1ea60@4
_SI7da3b9691a73b4a2@12
_SI8dd2c969f2a6a31e@12
_SI9bf461db9bf83c22@8
_SI9ea49276dcf9849f@12
_SIa1d7e21a548b910c@4
_SIa8e1a742a358dc07@8
_SIa9b758d3ae2e9aea@12
_SIab3ed5feb3c43f0c@0
_SIada7f27769d7f95b@4
_SIb391996b7b633820@36
_SIb84ee16d149e7562@12
_SIb94a6bc97d77e69f@8
_SIc0bb4eab77f5a999@20
_SIc21d402df09e0c69@8
_SIc2d8715ee8c9e908@4
_SIc5d5610a73781fac@12
_SIc8c63d94dd03040b@44
_SIcd2334250b08e199@112
_SId00f524badf4f5cf@20
_SIdbbe1b52f304f379@4
_SIdca7c218fe9393fb@24
_SIdeb28053ce71d5b4@12
_SIe2cb515ade8c0235@12
_SIeea5cda6d9846aa5@12
_SIf8090240c1414098@4
_SIfcfad09d1b0a60ec@20
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_json_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 75970

Password: 75970

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 284KB - Virtual size: 284KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 75970

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 161KB - Virtual size: 161KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 75970

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77Certificate

Key Usages

03:d7:ef:74:a9:ff:03:a2:20:b6:ed:bb:39:9d:14:c1Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61Signer

Signature Validations

Verification

19/10/2021, 11:53 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 3.2MB - Virtual size: 3.2MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 75970

32b37a1ff8b4e9d40e4e5c4a048ee542

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

ole32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 97KB

.rdata Size: - Virtual size: 10KB

.data Size: - Virtual size: 1KB

./|~ Size: - Virtual size: 10.8MB

.tpT Size: 1024B - Virtual size: 884B

.j** Size: 13.2MB - Virtual size: 13.2MB

.rsrc Size: 305KB - Virtual size: 305KB

Password: 75970

.text
Size: 284KB - Virtual size: 284KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 161KB - Virtual size: 161KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

03:d7:ef:74:a9:ff:03:a2:20:b6:ed:bb:39:9d:14:c1
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

f6:a3:c5:7e:59:87:21:c6:7b:dd:bc:9b:b2:2d:4f:d1:d2:a5:cc:63:04:1d:78:fb:93:6c:0e:40:16:85:b2:61
Signer

19/10/2021, 11:53
Valid: true

.text
Size: 3.2MB - Virtual size: 3.2MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 97KB

.rdata
Size: - Virtual size: 10KB

.data
Size: - Virtual size: 1KB

./|~
Size: - Virtual size: 10.8MB

.tpT
Size: 1024B - Virtual size: 884B

.j**
Size: 13.2MB - Virtual size: 13.2MB

.rsrc
Size: 305KB - Virtual size: 305KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3e:e8:ad:96:a2:e1:d0:66:85:77:ae:c2:41:dc:ef:f3:d5:76:58:fd
Signer

02/11/2021, 17:47
Valid: true

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 263KB - Virtual size: 263KB

.data
Size: 17KB - Virtual size: 22KB

.pdata
Size: 70KB - Virtual size: 70KB

.gfids
Size: 512B - Virtual size: 156B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 5KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92
Certificate