redline | Driver Booster (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Driver Booster (1).zip
Size

117.9MB
MD5

d7e42e79e60e731ab020d57de7278aae
SHA1

9d7b19369f971ac7c16f52a405d24c2a3e44f9fc
SHA256

8196edf91031df56f8b4f7116165479aa83cdb4608222fba9787335164a48597
SHA512

5521738b81a407311a1f6425bdd60eb2b0ca331b39c19323865b16deb6bf4c0216e94decde7a8be6e8a25702d7edcd7eac2b19c6ec697763b0ab622cdc9df0a6
SSDEEP

3145728:iMBvkhQaFyK0O0SfdC7jKo3V1Pk/zuuLKlkIO6LrpSYfM:fB8hQakO0SAD3c/zuYKlkr6L0Yk

Score

10^/10

redline

Malware Config

Signatures

Redline family
redline

Files

Driver Booster (1).zip
.zip
Driver Booster/Driver Booster.exe
.exe windows x86

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.2MB - Virtual size: 7.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver Booster/abiod.dll
.dll windows x64

Password: 1234

f13e537fb73ac9fba443d473ab249712

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:ef:92:c6:80:7c:f8:44:0d:51:da:5e:c4:27:3b:43:e8:ed:4c:b6:c3:de:0a:ee:ae:a1:65:69:2a:d1:b5:0c
Signer

Actual PE Digest

35:ef:92:c6:80:7c:f8:44:0d:51:da:5e:c4:27:3b:43:e8:ed:4c:b6:c3:de:0a:ee:ae:a1:65:69:2a:d1:b5:0c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

02/03/2022, 20:35
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msi

ord205
ord70
ord16
ord96
ord72
ord116
ord158
ord211
ord14
ord111
ord131
ord8
ord92
ord113
ord145
ord115
ord139
ord58
ord47
ord103
ord74
ord49
ord167
ord118
ord125
ord17
ord160
ord159
ord32

shlwapi

SHDeleteEmptyKeyW
SHCopyKeyW
SHDeleteKeyW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

FindNextFileW
GetFullPathNameW
ReadFile
RemoveDirectoryW
SetFileAttributesW
SetFilePointer
CloseHandle
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetWindowsDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
FormatMessageW
lstrcmpW
FindFirstFileW
lstrcpyW
lstrcatW
lstrlenW
CopyFileW
MoveFileExW
GetUserDefaultUILanguage
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetSystemDirectoryW
lstrcmpiW
GetCommandLineW
SetLastError
GetExitCodeProcess
CreateProcessW
GetSystemTime
MoveFileW
SystemTimeToFileTime
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
GetShortPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
GetDriveTypeW
FindClose
DeleteFileW
CreateFileW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCurrentThread
GetStdHandle
GetFileType
MultiByteToWideChar
GetDateFormatW
RtlUnwind
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
SetStdHandle
GetTimeZoneInformation
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
ReadConsoleW
OutputDebugStringW
WriteConsoleW
lstrcpynW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindFirstFileExW
LoadLibraryExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree

user32

GetSystemMetrics
wsprintfW

advapi32

RegCloseKey
RegUnLoadKeyW
RegLoadKeyW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyExW
RegCreateKeyW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegFlushKey
RegDeleteKeyW
RegQueryInfoKeyW
ConvertSidToStringSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
OpenSCManagerW
EnumServicesStatusExW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyA
RegEnumKeyExW
RegCreateKeyExW
CreateProcessWithTokenW
LookupPrivilegeValueW
LookupAccountSidW
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
CreateProcessAsUserW

ole32

CoCreateInstance
CLSIDFromString
CoInitializeEx

Exports

Exports

AcrobatMaintenanceRemove
AddAsianLanguageSupport
AddChineseSLanguageSupport
AddChineseTLanguageSupport
AddEBookSupport
AddExtendedLanguageSupport
AddFeature
AddFeatureEx
AddJapaneseLanguageSupport
AddKoreanLanguageSupport
AddPDFMaker
AddPDFMakerEx
ApplyUpdates
ApplyUpdatesEx
ApplyUpdatesExRD
CaptureDistillerSettingsEx
CreateAcroUserSettings
FileRenameShortToLong
IsBrowserIntegrated
MaintenanceRepair
MigrateUserRegistry
MigrateUserRegistryEx
ReaderMaintenanceRemove
RemoveFeature
RemoveFeatureEx
RemoveUpdates
RemoveUpdatesEx
RemoveUpdatesExRD
SetShortNameFixUp
SetupUpdaterForReboot
TurnOffPDFMakerIOD
TurnOnPDFMakerIOD
UpdateCache
ValidateInstaller

Sections

.text
Size: 534KB - Virtual size: 533KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver Booster/ace.dll
.dll windows x86

Password: 1234

23076d501d734740bd988395f9a2bdc0

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:ed:9b:1d:5a:7c:6c:25:f0:62:ac:52:81:e1:d8:0e:6e:a6:30:b0:f6:06:1a:9a:7b:71:a7:b2:9d:04:bf:d0
Signer

Actual PE Digest

57:ed:9b:1d:5a:7c:6c:25:f0:62:ac:52:81:e1:d8:0e:6e:a6:30:b0:f6:06:1a:9a:7b:71:a7:b2:9d:04:bf:d0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

02/08/2022, 21:10
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObject
CreateThread
ReleaseSemaphore
CreateSemaphoreA
GetSystemTime
GetModuleFileNameW
SystemTimeToFileTime
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GlobalMemoryStatus
GetProfileStringA
CreateDirectoryW
MultiByteToWideChar
CreateFileW
DeleteFileW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
GetFileAttributesW
ReadFile
SetFilePointerEx
WriteFile
GetLastError
MoveFileExW
FileTimeToSystemTime
WideCharToMultiByte
IsValidCodePage
GetACP
Sleep
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThreadId
QueryPerformanceCounter
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
VerifyVersionInfoW
GetSystemInfo
IsProcessorFeaturePresent
FindClose
VerSetConditionMask
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead

user32

LoadStringA

gdi32

GetICMProfileW
DeleteDC
CreateDCW
CreateDCA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegQueryValueExA

shell32

SHGetFolderPathW

ole32

CoCreateInstance

msvcp140

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

vcruntime140

__current_exception
strstr
_except_handler4_common
__std_type_info_destroy_list
__CxxFrameHandler3
memcmp
wcsstr
_purecall
memmove
__current_exception_context
__std_exception_destroy
__std_exception_copy
memset
memcpy
__RTDynamicCast
__std_terminate
_CxxThrowException

api-ms-win-crt-math-l1-1-0

fabs
pow
log10
log2
sqrt
log
_fdsign

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initterm_e
_invalid_parameter_noinfo
_errno
_initterm
terminate
_cexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_crt_atexit

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcat
wcstok_s
wcscmp
strcmp
strlen
strnlen
towupper
strcpy

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
free
realloc
malloc

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

ACEGetVersion
ACEHasFeature
ACEInitDelayed
ACEInitialize
ACEInitializeEx
ACETerminate

Sections

.text
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver Booster/agm.dll
.dll windows x86

Password: 1234

0c4ef399e3ebaa650bb9619d8524550c

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:01:b6:07:e2:76:e8:06:db:7b:ca:e5:b2:08:e5:dc:0c:3a:e6:9a:b3:c9:3d:10:61:20:62:42:a0:40:36:db
Signer

Actual PE Digest

fb:01:b6:07:e2:76:e8:06:db:7b:ca:e5:b2:08:e5:dc:0c:3a:e6:9a:b3:c9:3d:10:61:20:62:42:a0:40:36:db

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

02/08/2022, 21:10
Valid: true

Chain 1

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Acrobat DC,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
VerSetConditionMask
IsProcessorFeaturePresent
VerifyVersionInfoW
QueryPerformanceCounter
IsDebuggerPresent
TerminateProcess
GetWindowsDirectoryA
UnhandledExceptionFilter
CreateEventW
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
GetModuleHandleW
VirtualQuery
VirtualProtect
RaiseException
InitializeSListHead
GetSystemDirectoryW
GetSystemDirectoryA
GetCurrentDirectoryA
GetFileSize
ReadFile
SetCurrentDirectoryA
GlobalSize
WaitForSingleObject
GetProfileStringW
GetSystemDefaultLCID
GetLocaleInfoA
GetACP
GetFileTime
CreateFileA
LoadLibraryA
FindNextFileA
FindFirstFileA
FindClose
GetUserDefaultLangID
GetThreadLocale
GetTimeFormatW
GetTimeFormatA
GetDateFormatW
GetDateFormatA
GetCurrentProcess
DuplicateHandle
CreateSemaphoreA
GetVersionExA
GetThreadPriority
SetThreadPriority
GetCurrentThread
lstrcmpW
GetEnvironmentVariableW
GlobalHandle
GetTempFileNameW
GetTempPathW
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GlobalFree
GlobalAlloc
LoadLibraryW
FreeLibrary
GetLocalTime
GlobalLock
GlobalUnlock
OutputDebugStringA
GetTempPathA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SystemTimeToFileTime
CreateWaitableTimerA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ResumeThread
SetWaitableTimer
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentProcessId
GetProcAddress
Sleep
ReleaseSemaphore
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CloseHandle
GetTickCount
GetSystemInfo
GetModuleHandleA
OpenEventA
CreateEventA
GetSystemTimeAsFileTime
LocalFree
SetUnhandledExceptionFilter
FormatMessageA

user32

DestroyWindow
SetWindowPos
LoadCursorA
LoadIconA
CreateWindowExA
SetActiveWindow
CharNextW
GetMonitorInfoA
EnumDisplayMonitors
UnregisterClassA
RegisterClassA
GetClientRect
GetActiveWindow
WindowFromDC
GetDC
ReleaseDC
GetWindowRect
ScrollWindowEx
OffsetRect
MonitorFromPoint
MonitorFromWindow
GetSystemMetrics
GetDesktopWindow
DefWindowProcA

gdi32

EndPath
CloseFigure
BeginPath
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
GetDIBColorTable
CreateDIBSection
ModifyWorldTransform
SetWorldTransform
GetWorldTransform
SetStretchBltMode
SetROP2
StretchDIBits
StretchBlt
SetPolyFillMode
SetGraphicsMode
SetDIBits
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RealizePalette
ResetDCW
RestoreDC
Rectangle
PatBlt
FillPath
LineTo
IntersectClipRect
GetViewportOrgEx
GetStockObject
GetRgnBox
GetRegionData
GetGraphicsMode
GetDeviceCaps
GetCurrentObject
GetClipRgn
GetClipBox
ExtEscape
Escape
EqualRgn
DeleteObject
DeleteDC
CreateRectRgn
CreatePatternBrush
CreatePolyPolygonRgn
CreatePalette
CreateICW
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CombineRgn
BitBlt
PolyBezierTo
PolylineTo
SetBrushOrgEx
PolyDraw
SelectClipPath
SetMiterLimit
StrokePath
ExtCreatePen
OffsetRgn
MoveToEx
GetObjectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegGetValueA
RegSetValueExA

ole32

CreateStreamOnHGlobal

msvcp140

_Xtime_get_ticks
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xinvalid_argument@std@@YAXPBD@Z
_Query_perf_counter
_Query_perf_frequency
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PAV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$ctype@D@std@@2V0locale@2@A

shlwapi

PathRemoveFileSpecA
PathAppendA

vcruntime140

__std_type_info_compare
memchr
wcschr
strchr
wcsstr
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
memcpy
_purecall
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
memmove
__std_terminate
memset
memcmp
strstr

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
realloc

api-ms-win-crt-string-l1-1-0

strtok_s
tolower
isdigit
toupper
_wcsicmp
strncmp
wcsncpy
strcat_s
strcpy_s
wcscpy_s
_stricmp
strncpy
_wcsnicmp

api-ms-win-crt-convert-l1-1-0

atoi
_ltoa_s
strtol

api-ms-win-crt-filesystem-l1-1-0

remove
_lock_file
_unlock_file
rename

api-ms-win-crt-stdio-l1-1-0

fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
ungetc
setvbuf
feof
fopen
fputs
fgetc
fflush
setbuf
__stdio_common_vsprintf
freopen
getc
fclose
_get_stream_buffer_pointers
fopen_s
__stdio_common_vsprintf_s
__stdio_common_vfprintf
__stdio_common_vswprintf
__acrt_iob_func
ferror
clearerr
fgets
rewind
ftell
fseek
_wfopen_s
ungetwc
fputwc
__stdio_common_vsscanf
fgetwc

api-ms-win-crt-runtime-l1-1-0

_initterm
_invalid_parameter_noinfo_noreturn
terminate
_cexit
_crt_atexit
_execute_onexit_table
_beginthreadex
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
_control87
_initterm_e
strerror

api-ms-win-crt-time-l1-1-0

_gmtime64
_localtime64
_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_atan_precise
floor
_hypot
_fdclass
_CIfmod
_isnan
_libm_sse2_cos_precise
_CIatan2
ldexp
ceil
_libm_sse2_sqrt_precise
_libm_sse2_log_precise
_libm_sse2_sin_precise
_libm_sse2_pow_precise
_libm_sse2_log10_precise
modf

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

AGMGetVersion
AGMInitialize
AGMTerminate

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 166KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 306KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Driver Booster/data/core_ui.ff
Driver Booster/data/d3b1b57fafe24aea8e26c061ad90b3a0_6a92ac2ff46341e79a92c94a9dd3eeb4_cull.bytes
Driver Booster/datacache.dll
.dll windows x86

Password: 1234

31386d2af4010e6933948002809c5899

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:ab:7d:1b:07:43:db:67:20:97:84:3d:b2:c2:e5:dc:51:97:5f:39:7a:8a:91:ca:55:2f:b4:a3:0d:ec:bb:65
Signer

Actual PE Digest

3c:ab:7d:1b:07:43:db:67:20:97:84:3d:b2:c2:e5:dc:51:97:5f:39:7a:8a:91:ca:55:2f:b4:a3:0d:ec:bb:65

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

13/12/2021, 21:13
Valid: true

Chain 1

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tier0

LOG_GENERAL
LoggingSystem_Log
LoggingSystem_IsChannelEnabled
??0CThreadLocalBase@GenericThreadLocals@@QAE@XZ
??1CThreadLocalBase@GenericThreadLocals@@QAE@XZ
?Lock@CThreadMutex@@QAEXXZ
?Unlock@CThreadMutex@@QAEXXZ
??0CThreadMutex@@QAE@XZ
??1CThreadMutex@@QAE@XZ
Plat_ExitProcess
WriteMiniDump
??1CThreadEvent@@QAE@XZ
CreateSimpleThread
Plat_FloatTime
DevMsg
ThreadInMainThread
Plat_MSTime
ThreadSetDebugName
??0CThreadEvent@@QAE@_N@Z
?Set@CThreadEvent@@QAE_NXZ
?Reset@CThreadEvent@@QAE_NXZ
?Wait@CThreadEvent@@QAE_NI@Z
Plat_IsInDebugSession
?DevWarning@@YAXPBDZZ
?Get@CThreadLocalBase@GenericThreadLocals@@QBEPAXXZ
?g_nThreadID@@3V?$CThreadLocalInt@H@GenericThreadLocals@@A
Error
ThreadSleep
?DevMsg@@YAXPBDZZ
Msg
Warning
g_pMemAlloc
?Lock@CThreadFastMutex@@ACEXII@Z
ThreadInterlockedAssignIf64

vstdlib

KeyValuesSystem

kernel32

CreateFileW
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
DecodePointer
EncodePointer
GetStringTypeW
GetACP
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetFileType
GetStdHandle
LCMapStringW
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
TlsSetValue
InitializeCriticalSectionAndSpinCount
GetLastError
TlsAlloc
GetProcAddress
FreeLibrary
TlsGetValue
TlsFree
LoadLibraryExW
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
GetCurrentProcessId
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwind
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RaiseException
InterlockedFlushSList

Exports

Exports

CreateInterface

Sections

.text
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1234

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 7.2MB - Virtual size: 7.2MB

.rsrc Size: 179KB - Virtual size: 179KB

.reloc Size: 512B - Virtual size: 12B

Password: 1234

f13e537fb73ac9fba443d473ab249712

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:eaCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

35:ef:92:c6:80:7c:f8:44:0d:51:da:5e:c4:27:3b:43:e8:ed:4c:b6:c3:de:0a:ee:ae:a1:65:69:2a:d1:b5:0cSigner

Signature Validations

Verification

02/03/2022, 20:35 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

msi

shlwapi

version

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 534KB - Virtual size: 533KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 4KB - Virtual size: 10KB

.pdata Size: 28KB - Virtual size: 27KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

Password: 1234

23076d501d734740bd988395f9a2bdc0

Code Sign

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:eaCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

57:ed:9b:1d:5a:7c:6c:25:f0:62:ac:52:81:e1:d8:0e:6e:a6:30:b0:f6:06:1a:9a:7b:71:a7:b2:9d:04:bf:d0Signer

Signature Validations

Verification

02/08/2022, 21:10 Valid: true

Chain 1

.text
Size: 7.2MB - Virtual size: 7.2MB

.rsrc
Size: 179KB - Virtual size: 179KB

.reloc
Size: 512B - Virtual size: 12B

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

35:ef:92:c6:80:7c:f8:44:0d:51:da:5e:c4:27:3b:43:e8:ed:4c:b6:c3:de:0a:ee:ae:a1:65:69:2a:d1:b5:0c
Signer

02/03/2022, 20:35
Valid: true

.text
Size: 534KB - Virtual size: 533KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 28KB - Virtual size: 27KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

57:ed:9b:1d:5a:7c:6c:25:f0:62:ac:52:81:e1:d8:0e:6e:a6:30:b0:f6:06:1a:9a:7b:71:a7:b2:9d:04:bf:d0
Signer

02/08/2022, 21:10
Valid: true

.text
Size: 844KB - Virtual size: 843KB

.rdata
Size: 248KB - Virtual size: 247KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 46KB - Virtual size: 45KB

01:1f:39:a2:26:1a:99:3d:d1:51:76:da:6f:e4:fb:ea
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

fb:01:b6:07:e2:76:e8:06:db:7b:ca:e5:b2:08:e5:dc:0c:3a:e6:9a:b3:c9:3d:10:61:20:62:42:a0:40:36:db
Signer

02/08/2022, 21:10
Valid: true