General

Malware Config

Signatures

Files

• m.zip

  .zip
• 6.txt
• MSVCR100.txt

  .dll windows x86

  5271d5ce8b44dd47bc92563e27585466

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22-08-2007 22:31

  Not After

  25-08-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:cf:3e:00:00:00:00:00:0f

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  07-12-2009 22:40

  Not After

  07-03-2011 22:40

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16-09-2006 01:04

  Not After

  15-09-2019 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:06:94:2d:00:00:00:00:00:09

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25-07-2008 19:02

  Not After

  25-07-2013 19:12

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  05:c5:93:9c:0d:cd:fc:08:2e:51:ee:8e:e1:e0:0f:4b:d3:83:4c:d6

  Signer

  Actual PE Digest

  05:c5:93:9c:0d:cd:fc:08:2e:51:ee:8e:e1:e0:0f:4b:d3:83:4c:d6

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  19-02-2011 08:36

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  EncodePointer

  DecodePointer

  RaiseException

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleW

  GetProcAddress

  ExitProcess

  WriteFile

  GetStdHandle

  GetCurrentThreadId

  TlsGetValue

  GetCommandLineW

  GetCommandLineA

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  ExitThread

  CloseHandle

  GetLastError

  ResumeThread

  CreateThread

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  InterlockedDecrement

  GetCurrentThread

  FindNextFileA

  FindFirstFileExA

  FindClose

  FindNextFileW

  FindFirstFileExW

  GetLogicalDrives

  GetDiskFreeSpaceA

  FileTimeToSystemTime

  FileTimeToLocalFileTime

  SetErrorMode

  Sleep

  Beep

  GetFileAttributesA

  SetFileAttributesA

  SetEnvironmentVariableA

  GetCurrentDirectoryA

  SetCurrentDirectoryA

  GetCurrentDirectoryW

  SetCurrentDirectoryW

  GetFullPathNameA

  GetDriveTypeW

  GetCurrentProcessId

  CreateDirectoryA

  MoveFileA

  RemoveDirectoryA

  GetDriveTypeA

  DeleteFileA

  GetFileAttributesW

  SetEnvironmentVariableW

  SetFileAttributesW

  GetFullPathNameW

  CreateDirectoryW

  MoveFileW

  RemoveDirectoryW

  DeleteFileW

  GetExitCodeProcess

  WaitForSingleObject

  CreateProcessA

  LoadLibraryA

  FreeLibrary

  CreateProcessW

  ReadFile

  DuplicateHandle

  GetCurrentProcess

  GetSystemTimeAsFileTime

  GetTimeZoneInformation

  GetLocalTime

  WideCharToMultiByte

  SetFileTime

  LocalFileTimeToFileTime

  SystemTimeToFileTime

  SetLocalTime

  InterlockedPopEntrySList

  InterlockedFlushSList

  QueryDepthSList

  InterlockedPushEntrySList

  CreateTimerQueue

  CreateTimerQueueTimer

  DeleteTimerQueueTimer

  SetEvent

  CreateEventW

  SwitchToThread

  SignalObjectAndWait

  TryEnterCriticalSection

  GetTickCount

  VirtualFree

  GetVersionExW

  SetThreadPriority

  VirtualAlloc

  GetSystemInfo

  GetProcessAffinityMask

  VirtualProtect

  SetThreadAffinityMask

  InitializeSListHead

  ReleaseSemaphore

  CreateSemaphoreW

  WaitForMultipleObjects

  GetThreadPriority

  LoadLibraryW

  SleepEx

  OutputDebugStringW

  FreeLibraryAndExitThread

  GetModuleHandleA

  GetThreadTimes

  DebugBreak

  MultiByteToWideChar

  GetStringTypeW

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  GetTimeFormatA

  GetDateFormatA

  GetTimeFormatW

  GetDateFormatW

  RtlUnwind

  HeapAlloc

  HeapFree

  HeapCreate

  HeapDestroy

  HeapQueryInformation

  HeapReAlloc

  HeapSize

  HeapValidate

  HeapCompact

  HeapWalk

  VirtualQuery

  SetHandleCount

  GetFileType

  GetStartupInfoW

  GetFileInformationByHandle

  PeekNamedPipe

  CreateFileA

  CreateFileW

  SetFilePointer

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  CreatePipe

  SetStdHandle

  ReadConsoleInputA

  SetConsoleMode

  PeekConsoleInputA

  GetNumberOfConsoleInputEvents

  ReadConsoleInputW

  WriteConsoleW

  ReadConsoleW

  SetEndOfFile

  GetProcessHeap

  InterlockedExchange

  LockFile

  UnlockFile

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  TerminateProcess

  SetConsoleCtrlHandler

  GetLocaleInfoW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  LCMapStringW

  CompareStringW

  GetUserDefaultLCID

  GetLocaleInfoA

  EnumSystemLocalesA

  IsValidLocale

  IsProcessorFeaturePresent

  Exports

  Exports

  $I10_OUTPUT

  ??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z

  ??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z

  ??0SchedulerPolicy@Concurrency@@QAA@IZZ

  ??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z

  ??0SchedulerPolicy@Concurrency@@QAE@XZ

  ??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ

  ??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ

  ??0_ReaderWriterLock@details@Concurrency@@QAE@XZ

  ??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ

  ??0_ReentrantLock@details@Concurrency@@QAE@XZ

  ??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ

  ??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z

  ??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z

  ??0_SpinLock@details@Concurrency@@QAE@ACJ@Z

  ??0_TaskCollection@details@Concurrency@@QAE@XZ

  ??0_Timer@details@Concurrency@@IAE@I_N@Z

  ??0__non_rtti_object@std@@QAE@ABV01@@Z

  ??0__non_rtti_object@std@@QAE@PBD@Z

  ??0bad_cast@std@@AAE@PBQBD@Z

  ??0bad_cast@std@@QAE@ABV01@@Z

  ??0bad_cast@std@@QAE@PBD@Z

  ??0bad_target@Concurrency@@QAE@PBD@Z

  ??0bad_target@Concurrency@@QAE@XZ

  ??0bad_typeid@std@@QAE@ABV01@@Z

  ??0bad_typeid@std@@QAE@PBD@Z

  ??0context_self_unblock@Concurrency@@QAE@PBD@Z

  ??0context_self_unblock@Concurrency@@QAE@XZ

  ??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z

  ??0context_unblock_unbalanced@Concurrency@@QAE@XZ

  ??0critical_section@Concurrency@@QAE@XZ

  ??0default_scheduler_exists@Concurrency@@QAE@PBD@Z

  ??0default_scheduler_exists@Concurrency@@QAE@XZ

  ??0event@Concurrency@@QAE@XZ

  ??0exception@std@@QAE@ABQBD@Z

  ??0exception@std@@QAE@ABQBDH@Z

  ??0exception@std@@QAE@ABV01@@Z

  ??0exception@std@@QAE@XZ

  ??0improper_lock@Concurrency@@QAE@PBD@Z

  ??0improper_lock@Concurrency@@QAE@XZ

  ??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z

  ??0improper_scheduler_attach@Concurrency@@QAE@XZ

  ??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z

  ??0improper_scheduler_detach@Concurrency@@QAE@XZ

  ??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z

  ??0improper_scheduler_reference@Concurrency@@QAE@XZ

  ??0invalid_link_target@Concurrency@@QAE@PBD@Z

  ??0invalid_link_target@Concurrency@@QAE@XZ

  ??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z

  ??0invalid_multiple_scheduling@Concurrency@@QAE@XZ

  ??0invalid_operation@Concurrency@@QAE@PBD@Z

  ??0invalid_operation@Concurrency@@QAE@XZ

  ??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z

  ??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ

  ??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z

  ??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ

  ??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z

  ??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ

  ??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z

  ??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ

  ??0message_not_found@Concurrency@@QAE@PBD@Z

  ??0message_not_found@Concurrency@@QAE@XZ

  ??0missing_wait@Concurrency@@QAE@PBD@Z

  ??0missing_wait@Concurrency@@QAE@XZ

  ??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z

  ??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ

  ??0operation_timed_out@Concurrency@@QAE@PBD@Z

  ??0operation_timed_out@Concurrency@@QAE@XZ

  ??0reader_writer_lock@Concurrency@@QAE@XZ

  ??0scheduler_not_attached@Concurrency@@QAE@PBD@Z

  ??0scheduler_not_attached@Concurrency@@QAE@XZ

  ??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z

  ??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z

  ??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z

  ??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z

  ??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z

  ??0task_canceled@details@Concurrency@@QAE@PBD@Z

  ??0task_canceled@details@Concurrency@@QAE@XZ

  ??0unsupported_os@Concurrency@@QAE@PBD@Z

  ??0unsupported_os@Concurrency@@QAE@XZ

  ??1SchedulerPolicy@Concurrency@@QAE@XZ

  ??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ

  ??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ

  ??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ

  ??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ

  ??1_SpinLock@details@Concurrency@@QAE@XZ

  ??1_TaskCollection@details@Concurrency@@QAE@XZ

  ??1_Timer@details@Concurrency@@IAE@XZ

  ??1__non_rtti_object@std@@UAE@XZ

  ??1bad_cast@std@@UAE@XZ

  ??1bad_typeid@std@@UAE@XZ

  ??1critical_section@Concurrency@@QAE@XZ

  ??1event@Concurrency@@QAE@XZ

  ??1exception@std@@UAE@XZ

  ??1reader_writer_lock@Concurrency@@QAE@XZ

  ??1scoped_lock@critical_section@Concurrency@@QAE@XZ

  ??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ

  ??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ

  ??1type_info@@UAE@XZ

  ??2@YAPAXI@Z

  ??2@YAPAXIHPBDH@Z

  ??3@YAXPAX@Z

  ??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z

  ??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z

  ??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z

  ??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z

  ??4bad_cast@std@@QAEAAV01@ABV01@@Z

  ??4bad_typeid@std@@QAEAAV01@ABV01@@Z

  ??4exception@std@@QAEAAV01@ABV01@@Z

  ??8type_info@@QBE_NABV0@@Z

  ??9type_info@@QBE_NABV0@@Z

  ??_7__non_rtti_object@std@@6B@

  ??_7bad_cast@std@@6B@

  ??_7bad_typeid@std@@6B@

  ??_7exception@@6B@

  ??_7exception@std@@6B@

  ??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ

  ??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ

  ??_Fbad_cast@std@@QAEXXZ

  ??_Fbad_typeid@std@@QAEXXZ

  ??_U@YAPAXI@Z

  ??_U@YAPAXIHPBDH@Z

  ??_V@YAXPAX@Z

  ?Alloc@Concurrency@@YAPAXI@Z

  ?Block@Context@Concurrency@@SAXXZ

  ?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z

  ?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z

  ?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ

  ?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ

  ?CurrentContext@Context@Concurrency@@SAPAV12@XZ

  ?Detach@CurrentScheduler@Concurrency@@SAXXZ

  ?DisableTracing@Concurrency@@YAJXZ

  ?EnableTracing@Concurrency@@YAJXZ

  ?Free@Concurrency@@YAXPAX@Z

  ?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ

  ?GetExecutionContextId@Concurrency@@YAIXZ

  ?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ

  ?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ

  ?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ

  ?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z

  ?GetProcessorCount@Concurrency@@YAIXZ

  ?GetProcessorNodeCount@Concurrency@@YAIXZ

  ?GetSchedulerId@Concurrency@@YAIXZ

  ?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ

  ?Id@Context@Concurrency@@SAIXZ

  ?Id@CurrentScheduler@Concurrency@@SAIXZ

  ?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ

  ?Log2@details@Concurrency@@YAKI@Z

  ?Oversubscribe@Context@Concurrency@@SAX_N@Z

  ?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z

  ?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ

  ?ScheduleGroupId@Context@Concurrency@@SAIXZ

  ?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z

  ?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z

  ?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z

  ?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z

  ?VirtualProcessorId@Context@Concurrency@@SAIXZ

  ?Yield@Context@Concurrency@@SAXXZ

  ?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ

  ?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ

  ?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z

  ?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ

  ?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ

  ?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z

  ?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ

  ?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ

  ?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ

  ?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ

  ?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ

  ?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z

  ?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z

  ?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ

  ?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ

  ?_Copy_str@exception@std@@AAEXPBD@Z

  ?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ

  ?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ

  ?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ

  ?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ

  ?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z

  ?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z

  ?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ

  ?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ

  ?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ

  ?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ

  ?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ

  ?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ

  ?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ

  ?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ

  ?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ

  ?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ

  ?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ

  ?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z

  ?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z

  ?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z

  ?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z

  ?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z

  ?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z

  ?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ

  ?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ

  ?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ

  ?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ

  ?_SpinYield@Context@Concurrency@@SAXXZ

  ?_Start@_Timer@details@Concurrency@@IAEXXZ

  ?_Stop@_Timer@details@Concurrency@@IAEXXZ

  ?_Tidy@exception@std@@AAEXXZ

  ?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z

  ?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ

  ?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ

  ?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ

  ?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ

  ?_Type_info_dtor@type_info@@CAXPAV1@@Z

  ?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z

  ?_UnderlyingYield@details@Concurrency@@YAXXZ

  ?_ValidateExecute@@YAHP6GHXZ@Z

  ?_ValidateRead@@YAHPBXI@Z

  ?_ValidateWrite@@YAHPAXI@Z

  ?_Value@_SpinCount@details@Concurrency@@SAIXZ

  ?__ExceptionPtrAssign@@YAXPAXPBX@Z

  ?__ExceptionPtrCompare@@YA_NPBX0@Z

  ?__ExceptionPtrCopy@@YAXPAXPBX@Z

  ?__ExceptionPtrCopyException@@YAXPAXPBX1@Z

  ?__ExceptionPtrCreate@@YAXPAX@Z

  ?__ExceptionPtrCurrentException@@YAXPAX@Z

  ?__ExceptionPtrDestroy@@YAXPAX@Z

  ?__ExceptionPtrRethrow@@YAXPBX@Z

  ?_inconsistency@@YAXXZ

  ?_invalid_parameter@@YAXPBG00II@Z

  ?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z

  ?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z

  ?_open@@YAHPBDHH@Z

  ?_query_new_handler@@YAP6AHI@ZXZ

  ?_query_new_mode@@YAHXZ

  ?_set_new_handler@@YAP6AHI@ZH@Z

  ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z

  ?_set_new_mode@@YAHH@Z

  ?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z

  ?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

  ?_sopen@@YAHPBDHHH@Z

  ?_type_info_dtor_internal_method@type_info@@QAEXXZ

  ?_wopen@@YAHPB_WHH@Z

  ?_wsopen@@YAHPB_WHHH@Z

  ?before@type_info@@QBEHABV1@@Z

  ?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ

  ?lock@critical_section@Concurrency@@QAEXXZ

  ?lock@reader_writer_lock@Concurrency@@QAEXXZ

  ?lock_read@reader_writer_lock@Concurrency@@QAEXXZ

  ?name@type_info@@QBEPBDPAU__type_info_node@@@Z

  ?native_handle@critical_section@Concurrency@@QAEAAV12@XZ

  ?raw_name@type_info@@QBEPBDXZ

  ?reset@event@Concurrency@@QAEXXZ

  ?set@event@Concurrency@@QAEXXZ

  ?set_new_handler@@YAP6AXXZP6AXXZ@Z

  ?set_terminate@@YAP6AXXZH@Z

  ?set_terminate@@YAP6AXXZP6AXXZ@Z

  ?set_unexpected@@YAP6AXXZH@Z

  ?set_unexpected@@YAP6AXXZP6AXXZ@Z

  ?swprintf@@YAHPAGIPBGZZ

  ?swprintf@@YAHPA_WIPB_WZZ

  ?terminate@@YAXXZ

  ?try_lock@critical_section@Concurrency@@QAE_NXZ

  ?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ

  ?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ

  ?unexpected@@YAXXZ

  ?unlock@critical_section@Concurrency@@QAEXXZ

  ?unlock@reader_writer_lock@Concurrency@@QAEXXZ

  ?vswprintf@@YAHPA_WIPB_WPAD@Z

  ?wait@Concurrency@@YAXI@Z

  ?wait@event@Concurrency@@QAEII@Z

  ?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z

  ?what@exception@std@@UBEPBDXZ

  _CIacos

  _CIasin

  _CIatan

  _CIatan2

  _CIcos

  _CIcosh

  _CIexp

  _CIfmod

  _CIlog

  _CIlog10

  _CIpow

  _CIsin

  _CIsinh

  _CIsqrt

  _CItan

  _CItanh

  _CRT_RTC_INIT

  _CRT_RTC_INITW

  _CreateFrameInfo

  _CxxThrowException

  _EH_prolog

  _FindAndUnlinkFrame

  _Getdays

  _Getmonths

  _Gettnames

  _HUGE

  _IsExceptionObjectToBeDestroyed

  _NLG_Dispatch2

  _NLG_Return

  _NLG_Return2

  _Strftime

  _XcptFilter

  __AdjustPointer

  __BuildCatchObject

  __BuildCatchObjectHelper

  __CppXcptFilter

  __CxxCallUnwindDelDtor

  __CxxCallUnwindDtor

  __CxxCallUnwindStdDelDtor

  __CxxCallUnwindVecDtor

  __CxxDetectRethrow

  __CxxExceptionFilter

  __CxxFrameHandler

  __CxxFrameHandler2

  __CxxFrameHandler3

  __CxxLongjmpUnwind

  __CxxQueryExceptionSize

  __CxxRegisterExceptionObject

  __CxxUnregisterExceptionObject

  __DestructExceptionObject

  __FrameUnwindFilter

  __RTCastToVoid

  __RTDynamicCast

  __RTtypeid

  __STRINGTOLD

  __STRINGTOLD_L

  __TypeMatch

  ___fls_getvalue@4

  ___fls_setvalue@8

  ___lc_codepage_func

  ___lc_collate_cp_func

  ___lc_handle_func

  ___mb_cur_max_func

  ___mb_cur_max_l_func

  ___setlc_active_func

  ___unguarded_readlc_active_add_func

  __argc

  __argv

  __badioinfo

  __clean_type_info_names_internal

  __control87_2

  __create_locale

  __crtCompareStringA

  __crtCompareStringW

  __crtLCMapStringA

  __crtLCMapStringW

  __daylight

  __dllonexit

  __doserrno

  __dstbias

  __fpecode

  __free_locale

  __get_current_locale

  __get_flsindex

  __get_tlsindex

  __getmainargs

  __initenv

  __iob_func

  __isascii

  __iscsym

  __iscsymf

  __iswcsym

  __iswcsymf

  __lconv

  __lconv_init

  __libm_sse2_acos

  __libm_sse2_acosf

  __libm_sse2_asin

  __libm_sse2_asinf

  __libm_sse2_atan

  __libm_sse2_atan2

  __libm_sse2_atanf

  __libm_sse2_cos

  __libm_sse2_cosf

  __libm_sse2_exp

  __libm_sse2_expf

  __libm_sse2_log

  __libm_sse2_log10

  __libm_sse2_log10f

  __libm_sse2_logf

  __libm_sse2_pow

  __libm_sse2_powf

  __libm_sse2_sin

  __libm_sse2_sinf

  __libm_sse2_tan

  __libm_sse2_tanf

  __mb_cur_max

  __p___argc

  __p___argv

  __p___initenv

  __p___mb_cur_max

  __p___wargv

  __p___winitenv

  __p__acmdln

  __p__commode

  __p__daylight

  __p__dstbias

  __p__environ

  __p__fmode

  __p__iob

  __p__mbcasemap

  __p__mbctype

  __p__pctype

  __p__pgmptr

  __p__pwctype

  __p__timezone

  __p__tzname

  __p__wcmdln

  __p__wenviron

  __p__wpgmptr

  __pctype_func

  __pioinfo

  __pwctype_func

  __pxcptinfoptrs

  __report_gsfailure

  __set_app_type

  __set_flsgetvalue

  __setlc_active

  __setusermatherr

  __strncnt

  __swprintf_l

  __sys_errlist

  __sys_nerr

  __threadhandle

  __threadid

  __timezone

  __toascii

  __tzname

  __unDName

  __unDNameEx

  __unDNameHelper

  __uncaught_exception

  __unguarded_readlc_active

  __vswprintf_l

  __wargv

  __wcserror

  __wcserror_s

  __wcsncnt

  __wgetmainargs

  __winitenv

  _abnormal_termination

  _abs64

  _access

  _access_s

  _acmdln

  _aligned_free

  _aligned_malloc

  _aligned_msize

  _aligned_offset_malloc

  _aligned_offset_realloc

  _aligned_offset_recalloc

  _aligned_realloc

  _aligned_recalloc

  _amsg_exit

  _assert

  _atodbl

  _atodbl_l

  _atof_l

  _atoflt

  _atoflt_l

  _atoi64

  _atoi64_l

  _atoi_l

  _atol_l

  _atoldbl

  _atoldbl_l

  _beep

  _beginthread

  _beginthreadex

  _byteswap_uint64

  _byteswap_ulong

  _byteswap_ushort

  _c_exit

  _cabs

  _callnewh

  _calloc_crt

  _cexit

  _cgets

  _cgets_s

  _cgetws

  _cgetws_s

  _chdir

  _chdrive

  _chgsign

  _chkesp

  _chmod

  _chsize

  _chsize_s

  _clearfp

  _close

  _commit

  _commode

  _configthreadlocale

  _control87

  _controlfp

  _controlfp_s

  _copysign

  _cprintf

  _cprintf_l

  _cprintf_p

  Sections

  .text

  Size: 709KB - Virtual size: 708KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 19KB - Virtual size: 22KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 1008B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 19KB - Virtual size: 19KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• WebView2Loader.txt

  .dll windows x86

  608537c42a46a95b31cc1ef01ab6eeb0

  
  

  Code Sign

  33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  02-09-2021 18:33

  Not After

  01-09-2022 18:33

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  00:df:43:86:08:9f:69:ab:31:01:b9:d3:c5:21:47:97:99:b1:64:b3:2b:4c:6e:3f:45:2c:6a:6a:a0:c7:db:b4

  Signer

  Actual PE Digest

  00:df:43:86:08:9f:69:ab:31:01:b9:d3:c5:21:47:97:99:b1:64:b3:2b:4c:6e:3f:45:2c:6a:6a:a0:c7:db:b4

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  03-05-2023 12:02

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_GUARD_CF

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  CreateEventW

  CreateFileW

  DecodePointer

  DeleteCriticalSection

  EncodePointer

  EnterCriticalSection

  ExitProcess

  FindClose

  FindFirstFileExW

  FindNextFileW

  FlushFileBuffers

  FreeEnvironmentStringsW

  FreeLibrary

  GetACP

  GetCPInfo

  GetCommandLineA

  GetCommandLineW

  GetConsoleMode

  GetConsoleOutputCP

  GetCurrentProcess

  GetCurrentProcessId

  GetCurrentThreadId

  GetEnvironmentStringsW

  GetEnvironmentVariableW

  GetFileAttributesW

  GetFileType

  GetLastError

  GetModuleFileNameW

  GetModuleHandleExW

  GetModuleHandleW

  GetOEMCP

  GetProcAddress

  GetProcessHeap

  GetStartupInfoW

  GetStdHandle

  GetStringTypeW

  GetSystemInfo

  GetSystemTimeAsFileTime

  HeapAlloc

  HeapFree

  HeapReAlloc

  HeapSize

  InitializeCriticalSectionAndSpinCount

  InitializeSListHead

  InterlockedFlushSList

  IsDebuggerPresent

  IsProcessorFeaturePresent

  IsValidCodePage

  LCMapStringW

  LeaveCriticalSection

  LoadLibraryExA

  LoadLibraryExW

  LoadLibraryW

  MultiByteToWideChar

  OutputDebugStringA

  OutputDebugStringW

  QueryPerformanceCounter

  RaiseException

  ResetEvent

  RtlUnwind

  SetEvent

  SetFilePointerEx

  SetLastError

  SetStdHandle

  SetUnhandledExceptionFilter

  TerminateProcess

  TlsAlloc

  TlsFree

  TlsGetValue

  TlsSetValue

  UnhandledExceptionFilter

  VirtualProtect

  VirtualQuery

  WaitForSingleObjectEx

  WideCharToMultiByte

  WriteConsoleW

  WriteFile

  Exports

  Exports

  CompareBrowserVersions

  CreateCoreWebView2Environment

  CreateCoreWebView2EnvironmentWithOptions

  GetAvailableCoreWebView2BrowserVersionString

  Sections

  .text

  Size: 58KB - Virtual size: 58KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 27KB - Virtual size: 27KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .00cfg

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .voltbl

  Size: 512B - Virtual size: 72B

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• at.txt
• b.txt
• c.txt
• exe.txt

  .exe windows x86

  6ae531f3439aee07e850dbb1ac7115a4

  
  

  Code Sign

  48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  15-06-2016 00:00

  Not After

  15-06-2024 00:00

  Subject

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  ExtKeyUsageOCSPSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  42:f7:ce:c0:08:6a:c8:87:bb:81:ba:16

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  Not Before

  24-01-2018 09:39

  Not After

  04-07-2020 06:50

  Subject

  CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  13:b7:74:ee:59:e3:5e:c6:06:26:16:89

  Certificate

  Issuer

  CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  28-02-2018 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign TSA for Advanced - G3 - 002-02,O=GMO GlobalSign K.K.,C=JP

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  04:00:00:00:00:01:31:89:c6:50:04

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  02-08-2011 10:00

  Not After

  29-03-2029 10:00

  Subject

  CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:21:58:53:08:a2

  Certificate

  Issuer

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Not Before

  18-03-2009 10:00

  Not After

  18-03-2029 10:00

  Subject

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  ef:6a:b2:a0:69:2a:c4:4c:10:3d:fd:54:f2:65:c9:56:36:40:84:e1:a9:e6:56:a1:6d:7f:5d:d8:5d:7b:03:94

  Signer

  Actual PE Digest

  ef:6a:b2:a0:69:2a:c4:4c:10:3d:fd:54:f2:65:c9:56:36:40:84:e1:a9:e6:56:a1:6d:7f:5d:d8:5d:7b:03:94

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

  15-03-2018 13:17

  Valid: true

  Chain 1

  CN=AutoIt Consulting Ltd,O=AutoIt Consulting Ltd,L=Birmingham,C=GB

  CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

  CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wsock32

  WSACleanup

  socket

  inet_ntoa

  setsockopt

  ntohs

  recvfrom

  ioctlsocket

  htons

  WSAStartup

  __WSAFDIsSet

  select

  accept

  listen

  bind

  closesocket

  WSAGetLastError

  recv

  sendto

  send

  inet_addr

  gethostbyname

  gethostname

  connect

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  winmm

  timeGetTime

  waveOutSetVolume

  mciSendStringW

  comctl32

  ImageList_ReplaceIcon

  ImageList_Destroy

  ImageList_Remove

  ImageList_SetDragCursorImage

  ImageList_BeginDrag

  ImageList_DragEnter

  ImageList_DragLeave

  ImageList_EndDrag

  ImageList_DragMove

  InitCommonControlsEx

  ImageList_Create

  mpr

  WNetUseConnectionW

  WNetCancelConnection2W

  WNetGetConnectionW

  WNetAddConnection2W

  wininet

  InternetQueryDataAvailable

  InternetCloseHandle

  InternetOpenW

  InternetSetOptionW

  InternetCrackUrlW

  HttpQueryInfoW

  InternetQueryOptionW

  HttpOpenRequestW

  HttpSendRequestW

  FtpOpenFileW

  FtpGetFileSize

  InternetOpenUrlW

  InternetReadFile

  InternetConnectW

  psapi

  GetProcessMemoryInfo

  iphlpapi

  IcmpCreateFile

  IcmpCloseHandle

  IcmpSendEcho

  userenv

  DestroyEnvironmentBlock

  UnloadUserProfile

  CreateEnvironmentBlock

  LoadUserProfileW

  uxtheme

  IsThemeActive

  kernel32

  DuplicateHandle

  CreateThread

  WaitForSingleObject

  HeapAlloc

  GetProcessHeap

  HeapFree

  Sleep

  GetCurrentThreadId

  MultiByteToWideChar

  MulDiv

  GetVersionExW

  IsWow64Process

  GetSystemInfo

  FreeLibrary

  LoadLibraryA

  GetProcAddress

  WideCharToMultiByte

  lstrcpyW

  lstrlenW

  GetModuleHandleW

  QueryPerformanceCounter

  VirtualFreeEx

  OpenProcess

  VirtualAllocEx

  WriteProcessMemory

  ReadProcessMemory

  CreateFileW

  SetFilePointerEx

  SetEndOfFile

  ReadFile

  WriteFile

  FlushFileBuffers

  TerminateProcess

  CreateToolhelp32Snapshot

  Process32FirstW

  Process32NextW

  SetFileTime

  GetFileAttributesW

  FindFirstFileW

  FindClose

  GetModuleFileNameW

  SetCurrentDirectoryW

  GetShortPathNameW

  DeleteFileW

  FindNextFileW

  CopyFileExW

  MoveFileW

  CreateDirectoryW

  RemoveDirectoryW

  SetSystemPowerState

  QueryPerformanceFrequency

  FindResourceW

  LoadResource

  LockResource

  SizeofResource

  EnumResourceNamesW

  OutputDebugStringW

  GetTempPathW

  GetTempFileNameW

  DeviceIoControl

  GetLocalTime

  CompareStringW

  GetCurrentProcess

  LeaveCriticalSection

  GetStdHandle

  CreatePipe

  InterlockedExchange

  TerminateThread

  LoadLibraryExW

  FindResourceExW

  CopyFileW

  VirtualFree

  FormatMessageW

  GetExitCodeProcess

  SetErrorMode

  GetPrivateProfileStringW

  WritePrivateProfileStringW

  GetPrivateProfileSectionW

  WritePrivateProfileSectionW

  GetPrivateProfileSectionNamesW

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  SystemTimeToFileTime

  LocalFileTimeToFileTime

  GetDriveTypeW

  GetDiskFreeSpaceExW

  GetDiskFreeSpaceW

  GetVolumeInformationW

  SetVolumeLabelW

  CreateHardLinkW

  SetFileAttributesW

  CreateEventW

  SetEvent

  GetEnvironmentVariableW

  SetEnvironmentVariableW

  GlobalLock

  GlobalUnlock

  GlobalAlloc

  GetFileSize

  GlobalFree

  GlobalMemoryStatusEx

  Beep

  GetSystemDirectoryW

  HeapReAlloc

  HeapSize

  GetComputerNameW

  GetWindowsDirectoryW

  GetCurrentProcessId

  GetProcessIoCounters

  CreateProcessW

  GetProcessId

  SetPriorityClass

  LoadLibraryW

  VirtualAlloc

  IsDebuggerPresent

  GetCurrentDirectoryW

  lstrcmpiW

  DecodePointer

  GetLastError

  RaiseException

  InitializeCriticalSectionAndSpinCount

  DeleteCriticalSection

  InterlockedDecrement

  InterlockedIncrement

  GetCurrentThread

  CloseHandle

  EnterCriticalSection

  GetFullPathNameW

  EncodePointer

  ExitProcess

  GetModuleHandleExW

  ExitThread

  GetSystemTimeAsFileTime

  ResumeThread

  GetCommandLineW

  IsProcessorFeaturePresent

  IsValidCodePage

  GetACP

  GetOEMCP

  GetCPInfo

  SetLastError

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  GetStartupInfoW

  GetStringTypeW

  SetStdHandle

  GetFileType

  GetConsoleCP

  GetConsoleMode

  RtlUnwind

  ReadConsoleW

  GetTimeZoneInformation

  GetDateFormatW

  GetTimeFormatW

  LCMapStringW

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  WriteConsoleW

  GetLongPathNameW

  SetEnvironmentVariableA

  user32

  AdjustWindowRectEx

  CopyImage

  SetWindowPos

  GetCursorInfo

  RegisterHotKey

  ClientToScreen

  GetKeyboardLayoutNameW

  IsCharAlphaW

  IsCharAlphaNumericW

  IsCharLowerW

  IsCharUpperW

  GetMenuStringW

  GetSubMenu

  GetCaretPos

  IsZoomed

  MonitorFromPoint

  GetMonitorInfoW

  SetWindowLongW

  SetLayeredWindowAttributes

  FlashWindow

  GetClassLongW

  TranslateAcceleratorW

  IsDialogMessageW

  GetSysColor

  InflateRect

  DrawFocusRect

  DrawTextW

  FrameRect

  DrawFrameControl

  FillRect

  PtInRect

  DestroyAcceleratorTable

  CreateAcceleratorTableW

  SetCursor

  GetWindowDC

  GetSystemMetrics

  GetActiveWindow

  CharNextW

  wsprintfW

  RedrawWindow

  DrawMenuBar

  DestroyMenu

  SetMenu

  GetWindowTextLengthW

  CreateMenu

  IsDlgButtonChecked

  DefDlgProcW

  CallWindowProcW

  ReleaseCapture

  SetCapture

  CreateIconFromResourceEx

  mouse_event

  ExitWindowsEx

  SetActiveWindow

  FindWindowExW

  EnumThreadWindows

  SetMenuDefaultItem

  InsertMenuItemW

  IsMenu

  TrackPopupMenuEx

  GetCursorPos

  DeleteMenu

  SetRect

  GetMenuItemID

  GetMenuItemCount

  SetMenuItemInfoW

  GetMenuItemInfoW

  SetForegroundWindow

  IsIconic

  FindWindowW

  MonitorFromRect

  keybd_event

  SendInput

  GetAsyncKeyState

  SetKeyboardState

  GetKeyboardState

  GetKeyState

  VkKeyScanW

  LoadStringW

  DialogBoxParamW

  MessageBeep

  EndDialog

  SendDlgItemMessageW

  GetDlgItem

  SetWindowTextW

  CopyRect

  ReleaseDC

  GetDC

  EndPaint

  BeginPaint

  GetClientRect

  GetMenu

  DestroyWindow

  EnumWindows

  GetDesktopWindow

  IsWindow

  IsWindowEnabled

  IsWindowVisible

  EnableWindow

  InvalidateRect

  GetWindowLongW

  GetWindowThreadProcessId

  AttachThreadInput

  GetFocus

  GetWindowTextW

  ScreenToClient

  SendMessageTimeoutW

  EnumChildWindows

  CharUpperBuffW

  GetParent

  GetDlgCtrlID

  SendMessageW

  MapVirtualKeyW

  PostMessageW

  GetWindowRect

  SetUserObjectSecurity

  CloseDesktop

  CloseWindowStation

  OpenDesktopW

  SetProcessWindowStation

  GetProcessWindowStation

  OpenWindowStationW

  GetUserObjectSecurity

  MessageBoxW

  DefWindowProcW

  SetClipboardData

  EmptyClipboard

  CountClipboardFormats

  CloseClipboard

  GetClipboardData

  IsClipboardFormatAvailable

  OpenClipboard

  BlockInput

  GetMessageW

  LockWindowUpdate

  DispatchMessageW

  TranslateMessage

  PeekMessageW

  UnregisterHotKey

  CheckMenuRadioItem

  CharLowerBuffW

  MoveWindow

  SetFocus

  PostQuitMessage

  KillTimer

  CreatePopupMenu

  RegisterWindowMessageW

  SetTimer

  ShowWindow

  CreateWindowExW

  RegisterClassExW

  LoadIconW

  LoadCursorW

  GetSysColorBrush

  GetForegroundWindow

  MessageBoxA

  DestroyIcon

  SystemParametersInfoW

  LoadImageW

  GetClassNameW

  gdi32

  StrokePath

  DeleteObject

  GetTextExtentPoint32W

  ExtCreatePen

  GetDeviceCaps

  EndPath

  SetPixel

  CloseFigure

  CreateCompatibleBitmap

  CreateCompatibleDC

  SelectObject

  StretchBlt

  GetDIBits

  LineTo

  AngleArc

  MoveToEx

  Ellipse

  DeleteDC

  GetPixel

  CreateDCW

  GetStockObject

  GetTextFaceW

  CreateFontW

  SetTextColor

  PolyDraw

  BeginPath

  Rectangle

  SetViewportOrgEx

  GetObjectW

  SetBkMode

  RoundRect

  SetBkColor

  CreatePen

  CreateSolidBrush

  StrokeAndFillPath

  comdlg32

  GetOpenFileNameW

  GetSaveFileNameW

  advapi32

  GetAce

  RegEnumValueW

  RegDeleteValueW

  RegDeleteKeyW

  RegEnumKeyExW

  RegSetValueExW

  RegOpenKeyExW

  RegCloseKey

  RegQueryValueExW

  RegConnectRegistryW

  InitializeSecurityDescriptor

  InitializeAcl

  AdjustTokenPrivileges

  OpenThreadToken

  OpenProcessToken

  LookupPrivilegeValueW

  DuplicateTokenEx

  CreateProcessAsUserW

  CreateProcessWithLogonW

  GetLengthSid

  CopySid

  LogonUserW

  AllocateAndInitializeSid

  CheckTokenMembership

  RegCreateKeyExW

  FreeSid

  GetTokenInformation

  GetSecurityDescriptorDacl

  GetAclInformation

  AddAce

  SetSecurityDescriptorDacl

  GetUserNameW

  InitiateSystemShutdownExW

  shell32

  DragQueryPoint

  ShellExecuteExW

  DragQueryFileW

  SHEmptyRecycleBinW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  SHCreateShellItem

  SHGetDesktopFolder

  SHGetSpecialFolderLocation

  SHGetFolderPathW

  SHFileOperationW

  ExtractIconExW

  Shell_NotifyIconW

  ShellExecuteW

  DragFinish

  ole32

  CoTaskMemAlloc

  CoTaskMemFree

  CLSIDFromString

  ProgIDFromCLSID

  CLSIDFromProgID

  OleSetMenuDescriptor

  MkParseDisplayName

  OleSetContainedObject

  StringFromGUID2

  CreateStreamOnHGlobal

  OleInitialize

  OleUninitialize

  CoInitialize

  CoCreateInstance

  CoUninitialize

  GetRunningObjectTable

  CoGetInstanceFromFile

  CoGetObject

  CoInitializeSecurity

  IIDFromString

  CoSetProxyBlanket

  CoCreateInstanceEx

  oleaut32

  CreateDispTypeInfo

  VariantCopyInd

  SysReAllocString

  SysFreeString

  SafeArrayDestroyDescriptor

  SafeArrayDestroyData

  SafeArrayUnaccessData

  SafeArrayAccessData

  SafeArrayAllocData

  SafeArrayAllocDescriptorEx

  SafeArrayCreateVector

  CreateStdDispatch

  VarR8FromDec

  SafeArrayGetVartype

  OleLoadPicture

  QueryPathOfRegTypeLi

  LoadTypeLibEx

  RegisterTypeLi

  RegisterTypeLibForUser

  VariantCopy

  VariantClear

  UnRegisterTypeLibForUser

  UnRegisterTypeLi

  DispCallFunc

  VariantChangeType

  SysStringLen

  VariantTimeToSystemTime

  SysAllocString

  VariantInit

  Sections

  .text

  Size: 570KB - Virtual size: 569KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 191KB - Virtual size: 191KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 20KB - Virtual size: 35KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 54KB - Virtual size: 53KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• i7.txt

  .exe windows x86

  d3310ce6cbcacb3a9f0809bc33e38abe

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52

  Certificate

  Issuer

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Not Before

  14-04-2015 00:00

  Not After

  13-04-2018 23:59

  Subject

  CN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  10-12-2013 00:00

  Not After

  09-12-2023 23:59

  Subject

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  a3:49:3b:ab:b5:90:11:cd:5b:ba:2a:b0:22:0f:b2:cb:38:f5:83:b4

  Signer

  Actual PE Digest

  a3:49:3b:ab:b5:90:11:cd:5b:ba:2a:b0:22:0f:b2:cb:38:f5:83:b4

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  true

  Verification

  Signing Certificate

  CN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

  01-04-2016 04:55

  Valid: true

  Chain 1

  CN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=US

  CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  jli

  JLI_CmdToArgs

  JLI_GetStdArgc

  JLI_MemAlloc

  JLI_GetStdArgs

  JLI_Launch

  msvcr100

  _initterm_e

  _configthreadlocale

  __setusermatherr

  _commode

  _fmode

  _initterm

  ?terminate@@YAXXZ

  _unlock

  __dllonexit

  _lock

  _onexit

  _except_handler4_common

  _invoke_watson

  _controlfp_s

  _crt_debugger_hook

  __initenv

  exit

  _XcptFilter

  _exit

  _cexit

  __getmainargs

  _amsg_exit

  getenv

  printf

  __argc

  __argv

  __set_app_type

  kernel32

  IsDebuggerPresent

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  DecodePointer

  SetUnhandledExceptionFilter

  EncodePointer

  HeapSetInformation

  InterlockedCompareExchange

  Sleep

  InterlockedExchange

  GetCommandLineA

  GetCurrentProcessId

  Sections

  .text

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 940B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 472B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• jli.txt

  .dll windows x86

  
  

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Exports

  Exports

  JLI_CmdToArgs

  JLI_GetStdArgc

  JLI_GetStdArgs

  JLI_Launch

  JLI_MemAlloc

  JLI_ReportErrorMessage

  JLI_ReportErrorMessageSys

  JLI_ReportMessage

  JLI_SetTraceLauncher

  LI_ReportExceptionDescription

  TMethodImplementationIntercept

  __dbk_fcall_wrapper

  dbkFCallWrapperAddr

  Sections

  Size: 654KB - Virtual size: 1.8MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 3KB - Virtual size: 5KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  Size: 9KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .bss

  Size: - Virtual size: 24KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 1KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 1024B - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  Size: 512B - Virtual size: 435B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 512B - Virtual size: 69B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  Size: 99KB - Virtual size: 176KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

  Size: 58KB - Virtual size: 89KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .edata

  Size: 512B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .idata

  Size: 1024B - Virtual size: 4KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 58KB - Virtual size: 58KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .themida

  Size: - Virtual size: 4.9MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .boot

  Size: 3.0MB - Virtual size: 3.0MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ