MH_v7-1_no_instaler(Files)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MH_v7-1_no_instaler(Files).zip
Size

9.9MB
MD5

859ea84846e0f1ca1fad529de12e4fcd
SHA1

79af508e36812e82e766cc3f78f9c8ae6f1ba5ff
SHA256

f151f08f22468ddc118db4d867e5fcfb9ca3d38b7e12ed9b04c2730949c3adb4
SHA512

c11ca6095f17aa72a0ce2be90213064d9000015e0c593a7c925a478682b526a28a8aaef7f94280a4398725cf24ab19b4cdb409c672cfcfe990609d7cdf2a6d42
SSDEEP

196608:xD8nt/LHdIzn616fZUWAuXFep9+yeKqPCEz9nZ5lnwMcBED4A/77lVU6AsoY8o:GtDm+1IxFI9+yDEBlnwMjk6T7oRo

Score

7^/10

themida

Malware Config

Signatures

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/hackpro.dll	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/XInput9_1_0.dll
unpack001/hackpro.dll
unpack001/hackproldr.dll

Files

MH_v7-1_no_instaler(Files).zip
.zip
XInput9_1_0.dll
.dll windows x86

42778d0f366861bc3aaafd8e329d44fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryW
LoadLibraryA
LoadLibraryW
GetProcAddress
FreeLibrary
WriteConsoleW
LocalFree
FormatMessageA
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
SetFilePointerEx
AreFileApisANSI
CloseHandle
GetLastError
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetCPInfo
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
DecodePointer

Exports

Exports

XInputGetCapabilities
XInputGetDSoundAudioDeviceGuids
XInputGetState
XInputSetState

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
discord_game_sdk.dll
.dll windows x86

edfce0ff7a2d3e9b71bd116fc36e7bcb

Code Sign

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/03/2018, 00:00

Not After

31/03/2021, 12:00

Subject

SERIALNUMBER=5128862,CN=Discord Inc.,O=Discord Inc.,L=San Francisco,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:87:86:d7:51:2f:05:38:75:67:07:46:d7:0e:1f:5e:84:17:ff:bd
Signer

Actual PE Digest

53:87:86:d7:51:2f:05:38:75:67:07:46:d7:0e:1f:5e:84:17:ff:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
sendto
getaddrinfo
WSAStartup
freeaddrinfo
WSACleanup
WSASocketW
ioctlsocket
recv
bind
WSAGetLastError

kernel32

LCMapStringW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
DecodePointer
GetModuleHandleExW
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
EncodePointer
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
GetModuleFileNameW
SetErrorMode
SetThreadErrorMode
lstrlenW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetFileInformationByHandle
CancelIoEx
WriteFile
ReadFile
GetOverlappedResult
FlushFileBuffers
TlsGetValue
TlsSetValue
CreateIoCompletionPort
GetQueuedCompletionStatusEx
PostQueuedCompletionStatus
SetHandleInformation
GetSystemInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
LoadLibraryA
FreeEnvironmentStringsW
FindClose
LeaveCriticalSection
DeleteCriticalSection
SwitchToThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetTempPathW
GetCommandLineW
SetFilePointerEx
InitializeCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcessId
HeapAlloc
HeapFree
TlsAlloc
HeapReAlloc
GetModuleHandleW
GetStdHandle
FindNextFileW
CreateFileW
DeviceIoControl
CreateDirectoryW
FindFirstFileW
DeleteFileW
FormatMessageW
ExitProcess
CreateThread
GetConsoleMode
WriteConsoleW
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
InterlockedFlushSList
GetFileType
GetStringTypeW
HeapSize
SetStdHandle
GetConsoleCP
GetProcessHeap
RaiseException
RtlUnwind
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetCurrentThreadId

advapi32

SystemFunction036
RegCloseKey
RegCreateKeyTransactedW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

ktmw32

CommitTransaction
CreateTransaction

ole32

CoTaskMemFree

shell32

ShellExecuteExW
SHGetKnownFolderPath

Exports

Exports

DiscordCreate
DiscordVersion
rust_eh_personality

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hackpro.dll
.dll windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

?Create@Button@MegaHackExt@@SAPAV12@PBD@Z
?Create@CheckBox@MegaHackExt@@SAPAV12@PBD@Z
?Create@ColourPicker@MegaHackExt@@SAPAV12@UColour@2@@Z
?Create@ComboBox@MegaHackExt@@SAPAV12@PBD0@Z
?Create@HorizontalLayout@MegaHackExt@@SAPAV12@PAX0@Z
?Create@Label@MegaHackExt@@SAPAV12@PBD@Z
?Create@SelectionBox@MegaHackExt@@SAPAV12@PBD@Z
?Create@Spinner@MegaHackExt@@SAPAV12@PBD0@Z
?Create@TextBox@MegaHackExt@@SAPAV12@PBD@Z
?Create@Window@MegaHackExt@@SAPAV12@PBD@Z
?HPX_CallOnMainThread@@YAXP6GXPAX@Z@Z
?HackproAddButton@@YA_NPAXPBDP6GX0@Z@Z
?HackproAddCheckbox@@YAPAXPAXPBDP6GX0@Z2@Z
?HackproAddComboBox@@YAPAXPAXP6GX0HPBD@Z@Z
?HackproAddTextBox@@YAPAXPAXP6GX0@Z@Z
?HackproCommitExt@@YA_NPAX@Z
?HackproGetTextBoxText@@YAPBDPAX@Z
?HackproGetUserData@@YAPAXPAX@Z
?HackproInitialiseExt@@YAPAXPBD@Z
?HackproIsReady@@YA_NXZ
?HackproSetCheckbox@@YA_NPAX_N@Z
?HackproSetComboBoxIndex@@YA_NPAXH@Z
?HackproSetComboBoxStrs@@YA_NPAXPAPBD@Z
?HackproSetTextBoxPlaceholder@@YA_NPAXPBD@Z
?HackproSetTextBoxText@@YA_NPAXPBD@Z
?HackproSetUserData@@YAXPAX0@Z
?add@Window@MegaHackExt@@QAEXPAX@Z
?commit@Client@MegaHackExt@@YAXPAX@Z
?get@CheckBox@MegaHackExt@@QBE_NXZ
?get@ColourPicker@MegaHackExt@@QBE?AUColour@2@XZ
?get@ComboBox@MegaHackExt@@QBEHXZ
?get@SelectionBox@MegaHackExt@@QBE_NH@Z
?get@Spinner@MegaHackExt@@QBENXZ
?get@TextBox@MegaHackExt@@QBEPBDXZ
?getKeybind@Client@MegaHackExt@@YAABV?$vector@EV?$allocator@E@std@@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?getKeys@Client@MegaHackExt@@YAABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?getModEnabled@Client@MegaHackExt@@YA_NPBD@Z
?set@CheckBox@MegaHackExt@@QAEX_N0@Z
?set@ColourPicker@MegaHackExt@@QAEXUColour@2@_N@Z
?set@ComboBox@MegaHackExt@@QAEXH_N@Z
?set@Label@MegaHackExt@@QAEXPBD@Z
?set@SelectionBox@MegaHackExt@@QAEXH_N@Z
?set@Spinner@MegaHackExt@@QAEXN_N@Z
?set@TextBox@MegaHackExt@@QAEXPBD@Z
?setCallback@Button@MegaHackExt@@QAEXP6GXPAV12@@Z@Z
?setCallback@CheckBox@MegaHackExt@@QAEXP6GXPAV12@_N@Z@Z
?setCallback@ColourPicker@MegaHackExt@@QAEXP6GXPAV12@UColour@2@@Z@Z
?setCallback@ComboBox@MegaHackExt@@QAEXP6GXPAV12@HPBD@Z@Z
?setCallback@SelectionBox@MegaHackExt@@QAEXP6GXPAV12@@Z@Z
?setCallback@Spinner@MegaHackExt@@QAEXP6GXPAV12@N@Z@Z
?setCallback@TextBox@MegaHackExt@@QAEXP6GXPAV12@PBD@Z@Z
?setKeybind@Client@MegaHackExt@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$vector@EV?$allocator@E@std@@@4@@Z
?setModEnabled@Client@MegaHackExt@@YAXPBD_N@Z
?setValues@ComboBox@MegaHackExt@@QAEXQAPBD_N@Z
?setValues@SelectionBox@MegaHackExt@@QAEXQAPBD@Z

Sections

Size: 2.3MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 651KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 66KB - Virtual size: 747KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 11KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 144KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.edata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 8.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
hackproldr.dll
.dll windows x86

1cf8c539af762ec1c1f1579aec702975

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
CreateThread
GetModuleHandleExW
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
DeleteFiber
WideCharToMultiByte
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
ConvertFiberToThread
CloseHandle
FreeLibrary
LoadLibraryA
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
LocalFree
FormatMessageA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFilePointerEx
AreFileApisANSI
MoveFileExW
GetFileInformationByHandleEx
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
LoadLibraryExW
ExitProcess
SetConsoleCtrlHandler
ReadFile
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
GetFileSizeEx
FlushFileBuffers
GetConsoleOutputCP
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
IsValidCodePage
LoadLibraryW

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

ws2_32

recv
closesocket
send
WSASetLastError
WSAGetLastError
WSACleanup

crypt32

CertOpenStore
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertGetCertificateContextProperty

user32

GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW

advapi32

CryptDestroyKey
DeregisterEventSource
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
ReportEventW
CryptReleaseContext
CryptAcquireContextW
RegisterEventSourceW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42778d0f366861bc3aaafd8e329d44fe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 4KB - Virtual size: 4KB

edfce0ff7a2d3e9b71bd116fc36e7bcb

Code Sign

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

53:87:86:d7:51:2f:05:38:75:67:07:46:d7:0e:1f:5e:84:17:ff:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

ktmw32

ole32

shell32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 502KB - Virtual size: 501KB

.data Size: 2KB - Virtual size: 5KB

.reloc Size: 67KB - Virtual size: 67KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

Size: 2.3MB - Virtual size: 5.1MB

Size: 651KB - Virtual size: 2.2MB

Size: 66KB - Virtual size: 747KB

Size: 11KB - Virtual size: 68KB

Size: 144KB - Virtual size: 236KB

.edata Size: 3KB - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.themida Size: - Virtual size: 8.0MB

.boot Size: 4.7MB - Virtual size: 4.7MB

.reloc Size: 16B - Virtual size: 4KB

1cf8c539af762ec1c1f1579aec702975

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

ws2_32

crypt32

user32

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 4KB - Virtual size: 4KB

02:8a:a6:e7:b5:16:c0:d1:55:f1:5d:62:90:a4:30:e3
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

53:87:86:d7:51:2f:05:38:75:67:07:46:d7:0e:1f:5e:84:17:ff:bd
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 502KB - Virtual size: 501KB

.data
Size: 2KB - Virtual size: 5KB

.reloc
Size: 67KB - Virtual size: 67KB

.edata
Size: 3KB - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.themida
Size: - Virtual size: 8.0MB

.boot
Size: 4.7MB - Virtual size: 4.7MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 397KB - Virtual size: 396KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 49KB - Virtual size: 48KB