cab1[.]cab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cab1.cab
Size

206.6MB
MD5

6aa997d696c22774da0dca41f16e0aa9
SHA1

bf02e727365c4d86e079e170a1dac03786fe02c4
SHA256

306288015225584bc4fc5616732fdd4221f808c0f587d29d4eb22b888f3d5e2e
SHA512

413e4d33652fccbad3246ef423f7d6f0a719fa977b3953eeaa5e87959027eaa42dc5ec1b3caf430df10daed21dcd2f5dfda6fe6bbc671211bbcd33a57f39499a
SSDEEP

3145728:h5ytKdb0OaS9G/IfDjdEjWv7GRVJm30Fjd/VYM7FBrl2ubGRwCaUhFT5x/b5XvA3:r50fk7CGGVf3Y2BRzt/OFT5othB95h

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

resource
unpack001/fil11403A1F7689AA731A5594DAFAFACD4B
unpack001/fil2B3E4DBBF5401A8E7CA5710F1EABCECF
unpack001/fil47BD4227F4DCA2D5C929E8C4F953838B
unpack001/fil57DD060D28409D823CA0C1E83DD868BF
unpack001/fil5A012F08A65EFB658198A9147CC9864A
unpack001/fil849E070312A5FD7646215A528A79FA5F
unpack001/fil9A6338E8527CA2265D6CC9A34D80898F
unpack001/filA98C2F20411DC611907B3ECD5D824B6E
unpack001/filAE2624A660E8D7422E1F56986A1B73A2
unpack001/filC237EF23D73B183D758C8248DEC6461C
unpack001/filD1000CE4B80C7983BE1336FD24579858
unpack001/filF1724B358DEB72A438FA5B4C37113378

Files

cab1.cab
.cab
fil04ADDC655279CC6CC00A2D050A44E3E8
.exe windows x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ff:c2:87:f2:28:30:76:a2:80:9e:40:1a:30:12:0a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/05/2019, 00:00

Not After

06/06/2022, 12:00

Subject

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:a0:06:93:39:d8:25:f6:40:4d:3e:36:0b:aa:f6:98:77:b9:61:c3
Signer

Actual PE Digest

ac:a0:06:93:39:d8:25:f6:40:4d:3e:36:0b:aa:f6:98:77:b9:61:c3

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

09/01/2020, 07:31
Valid: true

Chain 1

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fil11403A1F7689AA731A5594DAFAFACD4B
.exe windows x86

f34e9315b5ebf05d88a9c1e893c79887

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

d3d11

D3D11CreateDevice

d3dx11_43

D3DX11GetImageInfoFromMemory
D3DX11CreateTextureFromMemory
D3DX11CompileFromMemory
D3DX11SaveTextureToFileA
D3DX11CreateThreadPump

d3dcompiler_43

D3DDisassemble
D3DReflect

d3dx10_43

D3DXFloat32To16Array

avrt

AvSetMmThreadCharacteristicsA
AvRevertMmThreadCharacteristics

psapi

GetProcessImageFileNameA
GetModuleInformation

kernel32

WideCharToMultiByte
GetFileAttributesA
CreateFileW
CreateDirectoryA
GetLastError
RemoveDirectoryA
GetCurrentDirectoryA
CloseHandle
GetFileInformationByHandle
DeleteFileA
FormatMessageA
LocalFree
GetLogicalProcessorInformation
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetComputerNameA
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
Sleep
GetProcessAffinityMask
ResumeThread
SwitchToThread
CreateMutexA
ReleaseMutex
SetEvent
CreateEventA
ResetEvent
GetModuleHandleExA
FreeLibrary
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
OpenProcess
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
HeapFree
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
GetFileType
ExitThread
GetCurrentThreadId
CreateThread
GetProcAddress
GetModuleHandleW
ExitProcess
HeapAlloc
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
CreateFileA
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
ReadFile
LoadLibraryW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
SetThreadExecutionState
GetModuleFileNameA
TlsGetValue

user32

GetForegroundWindow
GetWindowThreadProcessId
GetUpdateRect
GetKeyState
PostQuitMessage
SendNotifyMessageA
RegisterWindowMessageA
MessageBoxA
GetMessageA
TranslateMessage
SetForegroundWindow
GetMonitorInfoA
EndPaint
ShowWindow
GetClientRect
SystemParametersInfoA
UnregisterClassA
RegisterClassExA
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
InvalidateRect
DefWindowProcA
PeekMessageA
CallNextHookEx
DestroyWindow
BeginPaint
LoadCursorA
AdjustWindowRectEx
LockSetForegroundWindow
DispatchMessageA
ShowCursor

gdi32

PatBlt
GetCharABCWidthsFloatA
CreateFontIndirectA
GetTextMetricsA
SetTextColor
Rectangle
SetTextAlign
TextOutA
DeleteDC
CreateDIBSection
SetBkMode
CreateCompatibleDC
SelectObject
DeleteObject
GetStockObject

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFolderPathAndSubDirA

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

dxgi

CreateDXGIFactory1

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 522KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fil249A8A7479C354DD9CE08B965729D399
fil2B3E4DBBF5401A8E7CA5710F1EABCECF
.exe windows x86

3e342284fd3e5045bb9c48f95dc71918

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
WriteConsoleW
GetFileType
lstrlenW
GetStdHandle
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcAddress
LoadLibraryW
FreeLibrary
ExitProcess

user32

wvsprintfW

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fil409DA8CB85CEE5C9414412A068F9E873
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:fb:24:1b:5e:db:82:5b:27:d2:70:9e:ae:f8:86:f9
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/05/2013, 00:00

Not After

10/05/2016, 12:00

Subject

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Saratoga,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:b9:eb:e1:24:30:a3:56:5c:df:27:eb:64:4e:ff:4c:34:43:e7:fb
Signer

Actual PE Digest

7b:b9:eb:e1:24:30:a3:56:5c:df:27:eb:64:4e:ff:4c:34:43:e7:fb

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Saratoga,ST=California,C=US

13/01/2014, 16:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fil47BD4227F4DCA2D5C929E8C4F953838B
.exe windows x86

2db0ae27334664dcad4c4ec2fcb1eb2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d11

D3D11CreateDevice

d3dx11_43

D3DX11SaveTextureToFileA
D3DX11CreateThreadPump
D3DX11CompileFromMemory
D3DX11CreateTextureFromMemory
D3DX11GetImageInfoFromMemory

d3dcompiler_43

D3DDisassemble
D3DReflect

d3dx10_43

D3DXFloat32To16Array

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA

psapi

GetProcessImageFileNameA
GetModuleInformation

kernel32

CreateFileA
WideCharToMultiByte
GetFileAttributesA
CreateFileW
CreateDirectoryA
GetLastError
RemoveDirectoryA
GetCurrentDirectoryA
CloseHandle
GetFileInformationByHandle
DeleteFileA
GetLogicalProcessorInformation
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
Sleep
GetProcessAffinityMask
ResumeThread
SwitchToThread
GetComputerNameA
SetEvent
CreateEventA
ResetEvent
CreateMutexA
ReleaseMutex
GetModuleHandleExA
FreeLibrary
GetFullPathNameA
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
OpenProcess
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
HeapFree
HeapSetInformation
GetStartupInfoW
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
GetFileType
GetProcAddress
GetModuleHandleW
ExitProcess
HeapAlloc
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
TlsGetValue
TlsSetValue
TlsFree
SetLastError
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
HeapSize
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
ReadFile
LoadLibraryW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
LocalFree
FormatMessageA
SetThreadExecutionState
GetModuleFileNameA
TlsAlloc

user32

GetForegroundWindow
GetWindowThreadProcessId
GetUpdateRect
GetKeyState
PostQuitMessage
ShowCursor
MessageBoxA
GetMessageA
TranslateMessage
SetForegroundWindow
GetMonitorInfoA
EndPaint
ShowWindow
GetClientRect
SystemParametersInfoA
UnregisterClassA
RegisterClassExA
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
InvalidateRect
DefWindowProcA
PeekMessageA
CallNextHookEx
DestroyWindow
BeginPaint
LoadCursorA
SendNotifyMessageA
RegisterWindowMessageA
AdjustWindowRectEx
DispatchMessageA
LockSetForegroundWindow

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFolderPathAndSubDirA

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

dxgi

CreateDXGIFactory1

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 519KB - Virtual size: 519KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fil4ADAAD2F425DD27207CBCE8AB4547A9A
fil4C5ABB7A6B7D29290F63022619C3B91C
.exe windows x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ff:c2:87:f2:28:30:76:a2:80:9e:40:1a:30:12:0a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/05/2019, 00:00

Not After

06/06/2022, 12:00

Subject

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:8b:f6:79:4a:26:be:7a:e2:c9:b5:64:9c:56:5a:8b:27:f8:14:7e
Signer

Actual PE Digest

29:8b:f6:79:4a:26:be:7a:e2:c9:b5:64:9c:56:5a:8b:27:f8:14:7e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

09/01/2020, 07:31
Valid: true

Chain 1

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fil4C5E8BBAA1B0A19D314915359C4B08CD
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ff:c2:87:f2:28:30:76:a2:80:9e:40:1a:30:12:0a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/05/2019, 00:00

Not After

06/06/2022, 12:00

Subject

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:cf:73:f5:2c:20:57:d9:6c:c2:c2:3e:49:4c:24:8b:1d:70:90:b7
Signer

Actual PE Digest

9e:cf:73:f5:2c:20:57:d9:6c:c2:c2:3e:49:4c:24:8b:1d:70:90:b7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

09/01/2020, 07:31
Valid: true

Chain 1

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fil57DD060D28409D823CA0C1E83DD868BF
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fil5A012F08A65EFB658198A9147CC9864A
.exe windows x64

8d4c8a17446c3c788fc3b1bc62fda2d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

d3d11

D3D11CreateDevice

d3dx11_43

D3DX11GetImageInfoFromMemory
D3DX11CreateTextureFromMemory
D3DX11CreateThreadPump
D3DX11CompileFromMemory

d3dcompiler_43

D3DReflect
D3DDisassemble

d3dx10_43

D3DXFloat32To16Array

avrt

AvSetMmThreadCharacteristicsA
AvRevertMmThreadCharacteristics

psapi

GetProcessImageFileNameA
GetModuleInformation

kernel32

LocalFree
GetFullPathNameA
CreateFileA
WideCharToMultiByte
GetFileAttributesA
CreateFileW
CreateDirectoryA
GetLastError
RemoveDirectoryA
GetCurrentDirectoryA
CloseHandle
GetFileInformationByHandle
DeleteFileA
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLogicalProcessorInformation
SystemTimeToFileTime
GetSystemTime
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
Sleep
GetProcessAffinityMask
ResumeThread
SwitchToThread
GetComputerNameA
CreateMutexA
ReleaseMutex
SetEvent
CreateEventA
ResetEvent
FormatMessageA
FreeLibrary
GetModuleFileNameA
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
OpenProcess
EncodePointer
DecodePointer
InitializeCriticalSection
HeapFree
RtlPcToFileHeader
GetStartupInfoW
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
GetFileType
GetProcAddress
GetModuleHandleW
ExitProcess
RaiseException
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
HeapSetInformation
SetThreadExecutionState
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
ReadFile
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetModuleHandleExA
GetVersion

user32

GetClientRect
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
GetUpdateRect
GetKeyState
PostQuitMessage
GetMessageA
TranslateMessage
InvalidateRect
LockSetForegroundWindow
GetMonitorInfoA
EndPaint
AdjustWindowRectEx
DefWindowProcA
ShowWindow
SystemParametersInfoA
UnregisterClassA
RegisterClassExA
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
LoadCursorA
PeekMessageA
CallNextHookEx
DestroyWindow
BeginPaint
ShowCursor
SendNotifyMessageA
RegisterWindowMessageA
DispatchMessageA
MessageBoxA

gdi32

GetTextMetricsA
CreateFontIndirectA
CreateDIBSection
GetCharABCWidthsFloatA
DeleteDC
PatBlt
SetBkMode
Rectangle
SetTextAlign
SetTextColor
TextOutA
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject

shell32

SHGetFolderPathAndSubDirA

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

dxgi

CreateDXGIFactory1

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fil7CEDF3B457D47DE6EFAF93D8A729E5F2
fil7D7B607D3F66DAB3002395582101CC4C
fil849E070312A5FD7646215A528A79FA5F
.exe windows x64

983b24a440f1fb4db134c29507354aed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3d11

D3D11CreateDevice

d3dx11_43

D3DX11SaveTextureToFileA
D3DX11CreateThreadPump
D3DX11CompileFromMemory
D3DX11CreateTextureFromMemory
D3DX11GetImageInfoFromMemory

d3dcompiler_43

D3DDisassemble
D3DReflect

d3dx10_43

D3DXFloat32To16Array

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadCharacteristicsA

psapi

GetProcessImageFileNameA
GetModuleInformation

kernel32

CreateFileA
WideCharToMultiByte
GetFileAttributesA
CreateFileW
CreateDirectoryA
GetLastError
RemoveDirectoryA
GetCurrentDirectoryA
CloseHandle
GetFileInformationByHandle
DeleteFileA
GetLogicalProcessorInformation
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
Sleep
GetProcessAffinityMask
ResumeThread
SwitchToThread
GetComputerNameA
SetEvent
CreateEventA
ResetEvent
CreateMutexA
ReleaseMutex
GetModuleHandleExA
FreeLibrary
GetFullPathNameA
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
OpenProcess
EncodePointer
DecodePointer
InitializeCriticalSection
HeapFree
GetStartupInfoW
RtlPcToFileHeader
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
GetFileType
GetProcAddress
GetModuleHandleW
ExitProcess
HeapAlloc
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
LCMapStringW
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
SetLastError
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
SetUnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
HeapSize
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
ReadFile
LoadLibraryW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
LocalFree
FormatMessageA
SetThreadExecutionState
GetModuleFileNameA
FlsFree

user32

GetForegroundWindow
GetWindowThreadProcessId
GetUpdateRect
GetKeyState
PostQuitMessage
ShowCursor
MessageBoxA
GetMessageA
TranslateMessage
SetForegroundWindow
GetMonitorInfoA
EndPaint
ShowWindow
GetClientRect
SystemParametersInfoA
UnregisterClassA
RegisterClassExA
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
InvalidateRect
DefWindowProcA
PeekMessageA
CallNextHookEx
DestroyWindow
BeginPaint
LoadCursorA
SendNotifyMessageA
RegisterWindowMessageA
AdjustWindowRectEx
DispatchMessageA
LockSetForegroundWindow

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFolderPathAndSubDirA

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

dxgi

CreateDXGIFactory1

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 981KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
fil85FF41E8BE93D798F04BA826FBCA3157
fil8B88E225F35EFC27B6E787D021FA6C29
fil9A6338E8527CA2265D6CC9A34D80898F
.exe windows x64

3e342284fd3e5045bb9c48f95dc71918

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
WriteConsoleW
GetFileType
lstrlenW
GetStdHandle
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcAddress
LoadLibraryW
FreeLibrary
ExitProcess

user32

wvsprintfW

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filA527E9A3F36D2AF5FC537A4192E2956C
filA931C5B9F2348EC23A74162D0DCB9E10
filA98C2F20411DC611907B3ECD5D824B6E
.exe windows x86

49bbcd7528ef078a1540de06a930af6f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

d3d11

D3D11CreateDevice

d3dx11_43

D3DX11GetImageInfoFromMemory
D3DX11CreateTextureFromMemory
D3DX11CreateThreadPump
D3DX11CompileFromMemory

d3dcompiler_43

D3DReflect
D3DDisassemble

d3dx10_43

D3DXFloat32To16Array

avrt

AvSetMmThreadCharacteristicsA
AvRevertMmThreadCharacteristics

psapi

GetProcessImageFileNameA
GetModuleInformation

kernel32

LocalFree
GetFullPathNameA
CreateFileA
WideCharToMultiByte
GetFileAttributesA
CreateFileW
CreateDirectoryA
GetLastError
RemoveDirectoryA
GetCurrentDirectoryA
CloseHandle
GetFileInformationByHandle
DeleteFileA
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLogicalProcessorInformation
SystemTimeToFileTime
GetSystemTime
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
Sleep
GetProcessAffinityMask
ResumeThread
SwitchToThread
GetComputerNameA
CreateMutexA
ReleaseMutex
SetEvent
CreateEventA
ResetEvent
FormatMessageA
FreeLibrary
GetModuleFileNameA
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
OpenProcess
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
InitializeCriticalSection
HeapFree
HeapSetInformation
GetStartupInfoW
HeapAlloc
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
GetFileType
GetProcAddress
GetModuleHandleW
ExitProcess
RaiseException
GetCPInfo
RtlUnwind
LCMapStringW
IsProcessorFeaturePresent
WriteFile
SetThreadExecutionState
GetModuleFileNameW
GetLocaleInfoW
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
ReadFile
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetModuleHandleExA
GetStdHandle

user32

GetClientRect
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
GetUpdateRect
GetKeyState
PostQuitMessage
GetMessageA
TranslateMessage
InvalidateRect
LockSetForegroundWindow
GetMonitorInfoA
EndPaint
AdjustWindowRectEx
DefWindowProcA
ShowWindow
SystemParametersInfoA
UnregisterClassA
RegisterClassExA
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
LoadCursorA
PeekMessageA
CallNextHookEx
DestroyWindow
BeginPaint
ShowCursor
SendNotifyMessageA
RegisterWindowMessageA
DispatchMessageA
MessageBoxA

gdi32

GetTextMetricsA
CreateFontIndirectA
CreateDIBSection
GetCharABCWidthsFloatA
DeleteDC
PatBlt
SetBkMode
Rectangle
SetTextAlign
SetTextColor
TextOutA
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject

shell32

SHGetFolderPathAndSubDirA

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

dxgi

CreateDXGIFactory1

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filAE2624A660E8D7422E1F56986A1B73A2
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filB2AC7BD1D4F5CCE96A0AF6B5B5767583
filC237EF23D73B183D758C8248DEC6461C
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
filCE2D1941A491430B28D5F20653FA843B
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ff:c2:87:f2:28:30:76:a2:80:9e:40:1a:30:12:0a
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/05/2019, 00:00

Not After

06/06/2022, 12:00

Subject

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e9:0c:d0:28:38:fe:00:d6:b1:57:24:76:60:9a:79:aa:68:97:b5:d5
Signer

Actual PE Digest

e9:0c:d0:28:38:fe:00:d6:b1:57:24:76:60:9a:79:aa:68:97:b5:d5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

09/01/2020, 07:31
Valid: true

Chain 1

CN=FUTUREMARK INC,O=FUTUREMARK INC,L=Fremont,ST=California,C=US

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
filD1000CE4B80C7983BE1336FD24579858
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
filD312BB03FFEC647D60F58E87AA1A2E1D
filD3CF20E55C7B3DF796871E0EB0A3A747
filDE3C49E6188456A14490E9A7EBF3CBCA
filE26078BC1987C3840587DFE5EEF085AA
filECFFADB52DC6EAB0EEC33439CD0E52F8
filF1724B358DEB72A438FA5B4C37113378
.exe windows x64

8eab6f7288b229f8ce114f59edb9a1eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

d3d11

D3D11CreateDevice

d3dx11_43

D3DX11GetImageInfoFromMemory
D3DX11CreateTextureFromMemory
D3DX11CompileFromMemory
D3DX11SaveTextureToFileA
D3DX11CreateThreadPump

d3dcompiler_43

D3DDisassemble
D3DReflect

d3dx10_43

D3DXFloat32To16Array

avrt

AvSetMmThreadCharacteristicsA
AvRevertMmThreadCharacteristics

psapi

GetProcessImageFileNameA
GetModuleInformation

kernel32

WideCharToMultiByte
GetFileAttributesA
CreateFileW
CreateDirectoryA
GetLastError
RemoveDirectoryA
GetCurrentDirectoryA
CloseHandle
GetFileInformationByHandle
DeleteFileA
FormatMessageA
LocalFree
GetLogicalProcessorInformation
SystemTimeToFileTime
GetSystemTime
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetComputerNameA
GetCurrentProcess
WaitForSingleObject
GetCurrentThread
Sleep
GetProcessAffinityMask
ResumeThread
SwitchToThread
CreateMutexA
ReleaseMutex
SetEvent
CreateEventA
ResetEvent
GetModuleHandleExA
FreeLibrary
MultiByteToWideChar
GetCommandLineA
GetModuleHandleA
OpenProcess
EncodePointer
DecodePointer
InitializeCriticalSection
HeapFree
GetStartupInfoW
RtlPcToFileHeader
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
PeekNamedPipe
GetFileType
ExitThread
GetCurrentThreadId
CreateThread
GetProcAddress
GetModuleHandleW
ExitProcess
HeapAlloc
GetCPInfo
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
HeapSetInformation
GetVersion
HeapCreate
FlsGetValue
FlsSetValue
FlsFree
CreateFileA
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
ReadFile
LoadLibraryW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
WriteConsoleW
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
SetThreadExecutionState
GetModuleFileNameA
SetLastError

user32

GetForegroundWindow
GetWindowThreadProcessId
GetUpdateRect
GetKeyState
PostQuitMessage
SendNotifyMessageA
RegisterWindowMessageA
MessageBoxA
GetMessageA
TranslateMessage
SetForegroundWindow
GetMonitorInfoA
EndPaint
ShowWindow
GetClientRect
SystemParametersInfoA
UnregisterClassA
RegisterClassExA
UnhookWindowsHookEx
SetWindowsHookExA
CreateWindowExA
InvalidateRect
DefWindowProcA
PeekMessageA
CallNextHookEx
DestroyWindow
BeginPaint
LoadCursorA
AdjustWindowRectEx
LockSetForegroundWindow
DispatchMessageA
ShowCursor

gdi32

PatBlt
GetCharABCWidthsFloatA
CreateFontIndirectA
GetTextMetricsA
SetTextColor
Rectangle
SetTextAlign
TextOutA
DeleteDC
CreateDIBSection
SetBkMode
CreateCompatibleDC
SelectObject
DeleteObject
GetStockObject

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetFolderPathAndSubDirA

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

dxgi

CreateDXGIFactory1

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 986KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0c:ff:c2:87:f2:28:30:76:a2:80:9e:40:1a:30:12:0aCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

ac:a0:06:93:39:d8:25:f6:40:4d:3e:36:0b:aa:f6:98:77:b9:61:c3Signer

Signature Validations

Verification

09/01/2020, 07:31 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 20KB - Virtual size: 19KB

.rsrc Size: 290KB - Virtual size: 289KB

f34e9315b5ebf05d88a9c1e893c79887

Headers

DLL Characteristics

File Characteristics

Imports

winmm

d3d11

d3dx11_43

d3dcompiler_43

d3dx10_43

avrt

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dxgi

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 522KB - Virtual size: 521KB

.data Size: 108KB - Virtual size: 121KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 1KB - Virtual size: 1KB

3e342284fd3e5045bb9c48f95dc71918

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 204B

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:fb:24:1b:5e:db:82:5b:27:d2:70:9e:ae:f8:86:f9Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0c:ff:c2:87:f2:28:30:76:a2:80:9e:40:1a:30:12:0a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

ac:a0:06:93:39:d8:25:f6:40:4d:3e:36:0b:aa:f6:98:77:b9:61:c3
Signer

09/01/2020, 07:31
Valid: true

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 290KB - Virtual size: 289KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 522KB - Virtual size: 521KB

.data
Size: 108KB - Virtual size: 121KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 204B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:fb:24:1b:5e:db:82:5b:27:d2:70:9e:ae:f8:86:f9
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

7b:b9:eb:e1:24:30:a3:56:5c:df:27:eb:64:4e:ff:4c:34:43:e7:fb
Signer

13/01/2014, 16:04
Valid: false

.text
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 519KB - Virtual size: 519KB

.data
Size: 107KB - Virtual size: 120KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0c:ff:c2:87:f2:28:30:76:a2:80:9e:40:1a:30:12:0a
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

29:8b:f6:79:4a:26:be:7a:e2:c9:b5:64:9c:56:5a:8b:27:f8:14:7e
Signer

09/01/2020, 07:31
Valid: true

.text
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 290KB - Virtual size: 289KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate