Lunatic[.]V1[.]rar

Resubmissions

08/05/2023, 01:37

230508-b12b5aad4s 7

08/05/2023, 01:35

230508-bz6v8aad3y 7

Sharing

Copy URL Twitter E-mail

General

Target

Lunatic.V1.rar
Size

25.6MB
MD5

0672ddf05b406d1e9d100950651362d9
SHA1

88273d5416895a090be1d9cc366223e508b4fad3
SHA256

71e312895c934d6ee09573275ee3ed0f27a55d8dac9b051569cc08dadec76cbf
SHA512

4b577198c6e03ffb155edc2f7024d0e27ddc4056212de00ff4a0c73a10ddea6d785e6f851d9d289b7b751c3be60175b3713245814f213c784d6afeb5091d1b79
SSDEEP

786432:X55Onq6lVD6BNT57kpxRjhiQLN56Cpi7C:mq6lQBNT57Ms05VB

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/Lunatic V1/Lunatic V1.exe	pyinstaller

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lunatic V1/Lunatic V1.exe
unpack001/Lunatic V1/Module.dll
unpack001/Lunatic V1/bin/ICSharpCode.AvalonEdit.dll
unpack001/Lunatic V1/client_clr.dll

Files

Lunatic.V1.rar
.rar
Lunatic V1/Lunatic V1.exe
.exe windows x64

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunatic V1/Module.dll
.dll windows x86

eb0f0d8ca0013274726c52a5c01fa44c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AllocConsole
AreFileApisANSI
CloseHandle
ConnectNamedPipe
ConvertFiberToThread
ConvertThreadToFiberEx
CopyFileA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFiberEx
CreateFileA
CreateFileW
CreateNamedPipeA
CreateRemoteThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFiber
DisableThreadLibraryCalls
DisconnectNamedPipe
EnterCriticalSection
FindClose
FindFirstFileExW
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeConsole
FreeLibrary
GetACP
GetConsoleMode
GetConsoleWindow
GetCurrentConsoleFontEx
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoEx
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetStdHandle
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
InitOnceBeginInitialize
InitOnceComplete
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
K32EnumProcessModules
K32GetModuleFileNameExA
K32GetModuleInformation
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
Module32FirstW
Module32NextW
MoveFileExA
MultiByteToWideChar
OpenProcess
PeekNamedPipe
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResetEvent
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleA
SetCurrentConsoleFontEx
SetEvent
SetFileInformationByHandle
SetLastError
SetUnhandledExceptionFilter
Sleep
SleepEx
SwitchToFiber
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAllocEx
VirtualFree
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
WriteProcessMemory
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetHashParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
GetCurrentHwProfileA
RegisterEventSourceW
ReportEventW

dbghelp

StackWalk
SymCleanup
SymFunctionTableAccess
SymGetLineFromAddr
SymGetModuleBase
SymGetSymFromAddr
SymInitialize
UnDecorateSymbolName

user32

CallWindowProcA
ClientToScreen
CloseClipboard
CreateWindowExA
DefWindowProcA
DeleteMenu
DestroyWindow
EmptyClipboard
GetCapture
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetForegroundWindow
GetProcessWindowStation
GetSystemMenu
GetSystemMetrics
GetUserObjectInformationW
GetWindowLongA
GetWindowRect
IsChild
MessageBoxA
MessageBoxW
MonitorFromPoint
MonitorFromWindow
OpenClipboard
RegisterClipboardFormatA
ReleaseCapture
ReleaseDC
ScreenToClient
SendInput
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetProcessDPIAware
SetWindowLongA
ShowWindow
TrackMouseEvent
UnregisterClassA
keybd_event
mouse_event
GetProcessWindowStation
GetUserObjectInformationW

gdi32

CreateRectRgn
DeleteObject
GetDeviceCaps

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyaddr
gethostbyname
gethostname
getpeername
getservbyname
getservbyport
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
inet_ntop
inet_pton
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

shlwapi

PathMatchSpecA

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetNameStringA
CertOpenStore
CertOpenSystemStoreW
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

msvcp140

??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??0facet@locale@std@@IAE@I@Z
??0ios_base@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??1facet@locale@std@@MAE@XZ
??1ios_base@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Id_cnt@id@locale@std@@0HA
?_Incref@facet@locale@std@@UAEXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPBDH@Z
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xbad_function_call@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?fail@ios_base@std@@QBE_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?good@ios_base@std@@QBE_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
_Cnd_destroy_in_situ
_Cnd_do_broadcast_at_thread_exit
_Cnd_init_in_situ
_Cnd_signal
_Cnd_timedwait
_Cnd_wait
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
_Mtx_unlock
_Query_perf_counter
_Query_perf_frequency
_Thrd_detach
_Thrd_id
_Thrd_join
_Thrd_sleep
_Tolower
_Toupper
_Xtime_get_ticks

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

d3dcompiler_47

D3DCompile

dwmapi

DwmIsCompositionEnabled

wldap32

ord301
ord45
ord22
ord32
ord26
ord30
ord35
ord143
ord200
ord41
ord33
ord27
ord50
ord211
ord60
ord217
ord46
ord79

normaliz

IdnToAscii

vcruntime140

_CxxThrowException
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
_except_handler3
_except_handler4_common
_purecall
memchr
memcmp
memcpy
memmove
memset
strchr
strrchr
strstr
wcsstr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
_close
_fileno
_fseeki64
_get_stream_buffer_pointers
_open
_setmode
_wfopen
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fopen_s
fputc
fputs
fread
freopen_s
fseek
fsetpos
ftell
fwrite
puts
setvbuf
ungetc

api-ms-win-crt-runtime-l1-1-0

__sys_errlist
__sys_nerr
_beginthreadex
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_exit
_getpid
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_seh_filter_dll
abort
exit
raise
signal
strerror
strerror_s
system
terminate

api-ms-win-crt-filesystem-l1-1-0

_access
_lock_file
_stat64
_stat64i32
_unlink
_unlock_file

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc
realloc

api-ms-win-crt-math-l1-1-0

_dsign
_dtest
_fdopen
acos
asin
atan
atan2
ceil
cos
cosh
exp
exp2
floor
fmod
frexp
ldexp
log
log10
log2
modf
pow
round
sin
sinh
sqrt
tan
tanh

api-ms-win-crt-time-l1-1-0

_gmtime64
_gmtime64_s
_localtime64
_time64
strftime

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-convert-l1-1-0

atof
atoi
strtod
strtol
strtoll
strtoul
strtoull
wcstombs

api-ms-win-crt-string-l1-1-0

_strdup
isalnum
isalpha
isdigit
isspace
isupper
strcat
strcat_s
strcmp
strcpy_s
strcspn
strlen
strncat
strncmp
strncpy
strncpy_s
strnlen
strpbrk
strspn
tolower
toupper
wcslen

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 707KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.astaghf
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.astaghf
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lunatic V1/bin/ICSharpCode.AvalonEdit.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 603KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunatic V1/bin/ICSharpCode.AvalonEdit.xml
.xml
Lunatic V1/bin/System.Buffers.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62
Signer

Actual PE Digest

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

03/05/2023, 12:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunatic V1/bin/System.Buffers.xml
Lunatic V1/bin/System.Diagnostics.DiagnosticSource.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:03:04:c1:03:19:7e:c6:05:e4:04:00:00:00:00:03:04
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/08/2022, 20:23

Not After

03/08/2023, 20:23

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:e2:ba:0a:1e:68:4c:e2:70:3b:7e:d5:ad:b9:fd:30:7c:c5:49:ed:12:c2:6b:81:4b:6c:7d:ee:0a:a8:96:d8
Signer

Actual PE Digest

52:e2:ba:0a:1e:68:4c:e2:70:3b:7e:d5:ad:b9:fd:30:7c:c5:49:ed:12:c2:6b:81:4b:6c:7d:ee:0a:a8:96:d8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

03/05/2023, 12:04
Valid: true

Chain 1

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunatic V1/bin/System.Diagnostics.DiagnosticSource.xml
Lunatic V1/bin/System.Memory.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:32

Not After

01/09/2022, 18:32

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27
Signer

Actual PE Digest

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

03/05/2023, 12:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunatic V1/bin/System.Memory.xml
Lunatic V1/bin/System.Numerics.Vectors.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=AOC+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:11

Not After

11/08/2018, 20:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/08/2017, 20:20

Not After

11/08/2018, 20:20

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6
Signer

Actual PE Digest

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

03/05/2023, 12:04
Valid: false

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d
Signer

Actual PE Digest

12:57:a0:40:75:36:a1:51:f8:dd:f2:97:bc:f9:16:a8:2c:bd:f3:8d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

15/05/2018, 20:19
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunatic V1/bin/System.Numerics.Vectors.xml
Lunatic V1/bin/System.Runtime.CompilerServices.Unsafe.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:13:8c:0c:1c:31:35:bc:d2:5f:00:00:00:00:02:13
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/02/2021, 20:09

Not After

10/02/2022, 20:09

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:70:99:f3:f5:b7:ef:fb:27:e6:01:6f:08:b5:3a:37:53:0b:75:67:14:d0:60:c5:7a:94:ea:2c:97:22:88:f7
Signer

Actual PE Digest

a0:70:99:f3:f5:b7:ef:fb:27:e6:01:6f:08:b5:3a:37:53:0b:75:67:14:d0:60:c5:7a:94:ea:2c:97:22:88:f7

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

03/05/2023, 12:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunatic V1/bin/System.Runtime.CompilerServices.Unsafe.xml
Lunatic V1/bin/Tabs/Untitled 1.lua
Lunatic V1/bin/Tabs/Untitled 2.lua
Lunatic V1/bin/highlighting/syntax.xshd
.xml
Lunatic V1/client_clr.dll
.dll windows x86

e607b770e1cce9d4567d19c8bcfaf011

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
InitializeSRWLock
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualLock
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
CreateFiberEx
FindClose
FindFirstFileW
FindNextFileW
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetStdHandle
GetFileType
WriteFile
GetEnvironmentVariableW
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SwitchToFiber
SystemTimeToFileTime
GetSystemTime
GetLastError
SetLastError
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetFileAttributesA
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcessId
FormatMessageA
GetLocalTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
Sleep
GetProcAddress
LocalFree
DeleteFiber

ole32

CoCreateInstance
CoSetProxyBlanket
CoUninitialize

oleaut32

VariantChangeType
SetErrorInfo
VariantInit
VariantCopy
VariantClear
SysAllocString
SysFreeString
CreateErrorInfo
GetErrorInfo

msvcp140

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
_Thrd_join
_Thrd_id
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_do_broadcast_at_thread_exit
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?__ExceptionPtrDestroy@@YAXPAX@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Xbad_function_call@std@@YAXXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

ws2_32

WSASetLastError
inet_addr
connect
ioctlsocket
getsockname
getsockopt
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
htonl
shutdown
htons
listen
ntohs
select
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
inet_pton
closesocket
recv
send
bind
WSAGetLastError
inet_ntop
socket
setsockopt
accept
getpeername
WSAPoll
sendto
recvfrom

vcruntime140

_purecall
__std_terminate
__std_type_info_compare
memmove
memcpy
__std_exception_destroy
__CxxFrameHandler3
__std_exception_copy
strrchr
strchr
strstr
memchr
__current_exception
__current_exception_context
__FrameUnwindFilter
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
memset
wcsstr

api-ms-win-crt-runtime-l1-1-0

strerror_s
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
perror
raise
signal
_beginthreadex
abort
_errno
_exit
exit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-convert-l1-1-0

strtoul
strtoull
strtod
strtoll
atoll
strtol
atoi
atof

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
_callnewh
free

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_dclass
_except1
_dsign

api-ms-win-crt-stdio-l1-1-0

_wfopen
fputs
__stdio_common_vsscanf
__acrt_iob_func
fwrite
ftell
fseek
fflush
__stdio_common_vfprintf
fread
fopen
fclose
__stdio_common_vswprintf
_write
__stdio_common_vsprintf
_getcwd
_read
feof
ferror
fgets
_fileno
setvbuf
_setmode
__stdio_common_vsprintf_s

api-ms-win-crt-string-l1-1-0

isspace
strcpy_s
strcat_s
strncpy_s
strcspn
strcmp
_strnicmp
strncpy
strncmp
tolower
_stricmp
_strdup
strspn
isdigit

api-ms-win-crt-time-l1-1-0

_ftime64
_gmtime64_s
_gmtime64
_time64
_mktime64
_localtime64

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-filesystem-l1-1-0

_rmdir
_mkdir
_stat64i32
remove
_access

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

advapi32

RegCreateKeyExA
RegSetValueExA
RegGetValueA
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegCloseKey

api-ms-win-crt-environment-l1-1-0

getenv

bcrypt

BCryptGenRandom

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertOpenStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CertCloseStore

mscoree

_CorDllMain

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 856KB - Virtual size: 855KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lunatic V1/close_lunatic_V2.bat
Lunatic V1/reset_key.bat
Lunatic V1/workspace/ButtersSlotNames.cfg
Lunatic V1/workspace/HALOxHUB BF/Bread4Later.json
Lunatic V1/workspace/HALOxHUB BF/CheckSaveSetting.json

Resubmissions

Sharing

General

Malware Config

Signatures

Files

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 64KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 266KB - Virtual size: 265KB

.reloc Size: 2KB - Virtual size: 1KB

eb0f0d8ca0013274726c52a5c01fa44c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

dbghelp

user32

gdi32

ws2_32

shlwapi

crypt32

msvcp140

imm32

d3dcompiler_47

dwmapi

wldap32

normaliz

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: - Virtual size: 4.3MB

.rdata Size: - Virtual size: 707KB

.data Size: - Virtual size: 1.3MB

.00cfg Size: - Virtual size: 8B

.tls Size: - Virtual size: 9KB

.astaghf Size: - Virtual size: 1.5MB

.astaghf Size: 5.3MB - Virtual size: 5.3MB

.reloc Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 223B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 603KB - Virtual size: 602KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 266KB - Virtual size: 265KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: - Virtual size: 4.3MB

.rdata
Size: - Virtual size: 707KB

.data
Size: - Virtual size: 1.3MB

.00cfg
Size: - Virtual size: 8B

.tls
Size: - Virtual size: 9KB

.astaghf
Size: - Virtual size: 1.5MB

.astaghf
Size: 5.3MB - Virtual size: 5.3MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 223B

.text
Size: 603KB - Virtual size: 602KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

d4:65:dc:35:86:93:2f:fb:0d:d0:c1:ac:2f:31:92:bd:28:75:14:21:57:3f:3b:7d:55:33:05:32:59:3d:d4:62
Signer

03/05/2023, 12:04
Valid: false

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:04:c1:03:19:7e:c6:05:e4:04:00:00:00:00:03:04
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

52:e2:ba:0a:1e:68:4c:e2:70:3b:7e:d5:ad:b9:fd:30:7c:c5:49:ed:12:c2:6b:81:4b:6c:7d:ee:0a:a8:96:d8
Signer

03/05/2023, 12:04
Valid: true

.text
Size: 156KB - Virtual size: 156KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:52:8b:33:aa:f8:95:f3:39:db:00:00:00:00:02:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a4:6c:07:cf:a9:38:ad:dd:05:7b:ae:24:e4:ad:78:9e:fa:07:82:fb:e0:b3:ea:d5:f5:bc:8e:78:ff:71:9b:27
Signer

03/05/2023, 12:04
Valid: false

.text
Size: 126KB - Virtual size: 126KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:00:c2:a0:09:c5:37:76:e9:f6:cd:00:00:00:00:00:c2
Certificate

33:00:00:01:79:7c:2e:57:4e:52:e1:ca:d6:00:01:00:00:01:79
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:00:c4:e9:89:f8:7a:81:50:e9:ff:00:00:00:00:00:c4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

99:0e:22:c8:fb:bc:e4:62:63:f1:99:41:db:03:50:70:a9:f7:d6:99:5f:43:9a:3b:2d:d5:4b:9c:fc:3d:7c:e6
Signer