FluLark Loader[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

FluLark Loader.rar
Size

85.5MB
MD5

957f6ef9c28fa88be577d1ee1197a057
SHA1

779f91b9d1c15630f51b21640f285c45e56a4996
SHA256

4f0ebc267da89dd8d4d1b6909bf51f7cc936292ded0619e354d06e92783f1603
SHA512

e1a9fbd164c3aaebf5088973bfe2df146b6117f403f70ce3d3fb8e5def3b8d80f614db8f2d527169db1703733ad707b377ab33a473e6a24b21795a9dafc5332c
SSDEEP

1572864:jtQtT3wdlLuVTAVwF8A4FkkSfz5BC5yaiX45HC1bi1Ald2jThQhBYALEnD:RQtTgdLVuYkbz5EyaiX4mbiAaXhQcALC

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/FluLark Loader/FluLark.exe	pyinstaller

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/FluLark Loader/FluLark.exe
unpack001/FluLark Loader/SimpleInjector.dll
unpack001/FluLark Loader/libcef.dll

Files

FluLark Loader.rar
.rar
FluLark Loader/FluLark.exe
.exe windows x64

1e92fd54d65284238a0e3b74b2715062

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetCPInfo
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetEnvironmentVariableW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FluLark Loader/README.txt
FluLark Loader/SimpleInjector.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FluLark Loader/d3dcompiler_47.dll
.dll windows x64

dc71769f237c0a3ba38879380c54a4e6

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:24

Not After

02/12/2021, 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:f8:dd:06:41:e0:b2:af:59:69:78:fa:5a:2b:28:9b:e2:27:f3:64:44:dd:1d:c6:3e:05:f0:29:0b:70:4c:49
Signer

Actual PE Digest

2d:f8:dd:06:41:e0:b2:af:59:69:78:fa:5a:2b:28:9b:e2:27:f3:64:44:dd:1d:c6:3e:05:f0:29:0b:70:4c:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WriteFile
FreeLibrary
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
GetSystemInfo
GetProcAddress
LoadLibraryExW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleW
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetStringTypeW
SetStdHandle
ReadFile
FreeEnvironmentStringsW
SetEnvironmentVariableW
RaiseException
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
ReadConsoleW
HeapSize
HeapReAlloc
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionEx
RtlPcToFileHeader
LocalAlloc
LocalFree
GetFileSizeEx
GetLastError
CreateFileW
HeapFree
GetProcessHeap
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetFileAttributesW
SetFileAttributesW
DeleteFileW
SetEndOfFile
DeviceIoControl
MapViewOfFileEx
CreateFileMappingA
ExpandEnvironmentStringsW
HeapAlloc
OutputDebugStringA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
HeapCreate
GetModuleFileNameA
CreateFileA
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetCurrentDirectoryW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
MultiByteToWideChar
GetEnvironmentStringsW
DisableThreadLibraryCalls

advapi32

CryptDestroyHash
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
CryptGetHashParam
CryptCreateHash
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FluLark Loader/driver/SaveDefaultgames.exe
.exe windows x64

71df4ec30fc1d0ae7f3a2987729d3acf

Code Sign

0b:4a:6d:c5:3e:1a:06:cf:60:42:1e:b4:fb:dc:74:ae
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/11/2017, 00:00

Not After

08/11/2018, 12:00

Subject

SERIALNUMBER=B98657844,CN=Voicemod Sociedad Limitada,O=Voicemod Sociedad Limitada,L=Valencia,C=ES,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:0b:8e:98:1a:cc:87:76:72:1e:5e:2d:ca:6f:ad:35:67:f7:f1:49:84:66:6e:fb:2f:48:16:1d:a3:05:7f:07
Signer

Actual PE Digest

01:0b:8e:98:1a:cc:87:76:72:1e:5e:2d:ca:6f:ad:35:67:f7:f1:49:84:66:6e:fb:2f:48:16:1d:a3:05:7f:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GlobalFree
QueryPerformanceCounter
GetCurrentProcess
WaitForMultipleObjects
SignalObjectAndWait
WaitForSingleObject
GetModuleHandleA
SetEvent
GetCurrentThread
LoadLibraryA
GetThreadPriority
CloseHandle
ResetEvent
GetPriorityClass
GetProcAddress
FreeLibrary
WideCharToMultiByte
GlobalAlloc
lstrcmpW
SetWaitableTimer
DeviceIoControl
SetThreadPriority
WaitForMultipleObjectsEx
CreateFileW
ResumeThread
CancelWaitableTimer
GetExitCodeThread
GetLastError
TerminateThread
GetVersionExA
CreateWaitableTimerA
GetEnvironmentVariableA
LocalFree
FormatMessageA
GetCurrentThreadId
UnhandledExceptionFilter
QueryPerformanceFrequency
CreateEventA
Sleep
RtlCaptureContext
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
RtlVirtualUnwind

advapi32

RegQueryValueExW
RegCloseKey

ole32

CoTaskMemFree
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoCreateInstance
CoUninitialize
PropVariantClear

msvcp140

?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

winmm

waveOutWrite
waveInPrepareHeader
waveOutGetErrorTextA
waveInClose
timeGetTime
waveInGetNumDevs
waveInReset
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutClose
waveInGetDevCapsA
waveOutRestart
waveOutReset
waveOutPause
waveInOpen
waveOutPrepareHeader
waveInStart
waveInGetErrorTextA
waveOutGetDevCapsA
waveInAddBuffer
waveOutGetPosition
waveOutGetNumDevs
timeEndPeriod
waveInMessage
timeBeginPeriod
waveOutMessage
waveOutOpen

setupapi

SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

vcruntime140

__CxxFrameHandler3
__std_exception_copy
memmove
__std_terminate
__C_specific_handler
_CxxThrowException
memset
memcpy
__std_exception_destroy

api-ms-win-crt-stdio-l1-1-0

setvbuf
__p__commode
fsetpos
_fseeki64
_set_fmode
fclose
__stdio_common_vswprintf
fflush
fputc
__stdio_common_vsprintf
fgetc
fgetpos
fwrite
_get_stream_buffer_pointers
ungetc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
_register_onexit_function
_initialize_onexit_table
_invalid_parameter_noinfo
_seh_filter_exe
_set_app_type
_crt_atexit
_configure_narrow_argv
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
__p___argv
__p___argc
_register_thread_local_exe_atexit_callback
_cexit
_c_exit
_errno

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

_wcsicmp
_wcsnicmp
wcsncpy
iswctype
strncpy

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
_set_new_mode
free
realloc

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FluLark Loader/driver/defaultgames.txt
FluLark Loader/driver/disableDrv.bat
FluLark Loader/driver/setupDrv.bat
FluLark Loader/driver/setupDrvAdmin.bat
FluLark Loader/driver/uninstalldriver.bat
.bat .vbs
FluLark Loader/driver/uninstalldriver.log
FluLark Loader/driver/vmdrv.cat
FluLark Loader/driver/vmdrv.inf
FluLark Loader/driver/vmdrv.sys
.exe windows x64

50ce5027c574a7753f3be8aac7d620bb

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:4a:6d:c5:3e:1a:06:cf:60:42:1e:b4:fb:dc:74:ae
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08/11/2017, 00:00

Not After

08/11/2018, 12:00

Subject

SERIALNUMBER=B98657844,CN=Voicemod Sociedad Limitada,O=Voicemod Sociedad Limitada,L=Valencia,C=ES,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1e:e1:1d:60:9e:7d:97:60:71:00:00:00:00:00:1e
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/10/2017, 17:44

Not After

05/10/2018, 17:44

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:f3:02:26:4f:7d:b6:0a:63:8b:53:18:60:2f:0f:ee:55:06:3b:6a:71:b6:69:63:3f:ac:a8:8e:79:5e:89:4b
Signer

Actual PE Digest

50:f3:02:26:4f:7d:b6:0a:63:8b:53:18:60:2f:0f:ee:55:06:3b:6a:71:b6:69:63:3f:ac:a8:8e:79:5e:89:4b

Digest Algorithm

sha256

PE Digest Matches

true

50:f3:02:26:4f:7d:b6:0a:63:8b:53:18:60:2f:0f:ee:55:06:3b:6a:71:b6:69:63:3f:ac:a8:8e:79:5e:89:4b
Signer

Actual PE Digest

50:f3:02:26:4f:7d:b6:0a:63:8b:53:18:60:2f:0f:ee:55:06:3b:6a:71:b6:69:63:3f:ac:a8:8e:79:5e:89:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExFreePool
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ExAllocatePoolWithTag
ExFreePoolWithTag
_purecall
KeInitializeDpc
KeFlushQueuedDpcs
KeInitializeMutex
KeReleaseMutex
KeInitializeTimerEx
KeCancelTimer
KeSetTimerEx
KeWaitForSingleObject
KeInitializeSpinLock
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItem

portcls.sys

PcInitializeAdapterDriver
PcDispatchIrp
PcAddAdapterDevice
PcRegisterAdapterPowerManagement
PcNewServiceGroup
PcRegisterSubdevice
PcRegisterPhysicalConnection
PcNewPort
PcNewMiniport

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1018B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FluLark Loader/install_python.bat
.bat .ps1
FluLark Loader/libcef.dll
.dll windows x64

ad7ba8dccfbb465fa3b7da566ece942c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AllocConsole
AreFileApisANSI
AssignProcessToJobObject
AttachConsole
CancelIo
CancelIoEx
CheckRemoteDebuggerPresent
ClearCommError
CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateMemoryResourceNotification
CreateMutexW
CreateNamedPipeW
CreatePipe
CreateProcessA
CreateProcessW
CreateRemoteThread
CreateSemaphoreA
CreateSemaphoreW
CreateThread
CreateToolhelp32Snapshot
DebugBreak
DecodePointer
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumResourceNamesW
EnumSystemLocalesEx
EnumSystemLocalesW
EscapeCommFunction
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNextFileA
FindNextFileW
FindNextVolumeW
FindResourceW
FindVolumeClose
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushInstructionCache
FlushViewOfFile
FoldStringW
FormatMessageA
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommModemStatus
GetCommState
GetCommandLineA
GetCommandLineW
GetComputerNameExA
GetComputerNameExW
GetComputerNameW
GetConsoleDisplayMode
GetConsoleMode
GetConsoleOutputCP
GetConsoleScreenBufferInfo
GetCurrencyFormatEx
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetDateFormatEx
GetDateFormatW
GetDiskFreeSpaceA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetDynamicTimeZoneInformation
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetGeoInfoW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameW
GetMaximumProcessorCount
GetMaximumProcessorGroupCount
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetNumberFormatEx
GetOEMCP
GetOverlappedResult
GetPriorityClass
GetPrivateProfileStringW
GetProcAddress
GetProcessAffinityMask
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessId
GetProcessMitigationPolicy
GetProcessTimes
GetProductInfo
GetQueuedCompletionStatus
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDefaultLCID
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemPowerStatus
GetSystemTime
GetSystemTimeAsFileTime
GetTempFileNameA
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadGroupAffinity
GetThreadId
GetThreadLocale
GetThreadPreferredUILanguages
GetThreadPriority
GetThreadPriorityBoost
GetThreadTimes
GetTickCount
GetTimeFormatEx
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetUserDefaultLocaleName
GetUserDefaultUILanguage
GetUserGeoID
GetVersionExW
GetVolumeInformationW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalSize
GlobalUnlock
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapLock
HeapReAlloc
HeapSetInformation
HeapSize
HeapUnlock
HeapValidate
HeapWalk
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPopEntrySList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32EmptyWorkingSet
K32EnumProcessModules
K32GetMappedFileNameW
K32GetModuleFileNameExW
K32GetModuleInformation
K32GetPerformanceInfo
K32GetProcessMemoryInfo
K32QueryWorkingSetEx
LCIDToLocaleName
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocaleNameToLCID
LockFile
LockFileEx
LockResource
MapViewOfFile
MapViewOfFileEx
Module32FirstW
Module32NextW
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenProcess
OpenThread
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
PowerClearRequest
PowerCreateRequest
PowerSetRequest
PrefetchVirtualMemory
Process32FirstW
Process32NextW
ProcessIdToSessionId
PurgeComm
QueryDosDeviceW
QueryFullProcessImageNameW
QueryInformationJobObject
QueryPerformanceCounter
QueryPerformanceFrequency
QueryProcessCycleTime
QueryThreadCycleTime
QueryUnbiasedInterruptTime
RaiseException
RaiseFailFastException
ReadConsoleW
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResolveLocaleName
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlCaptureStackBackTrace
RtlDeleteFunctionTable
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCommState
SetCommTimeouts
SetConsoleCtrlHandler
SetConsoleTextAttribute
SetCurrentDirectoryW
SetDefaultDllDirectories
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetProcessMitigationPolicy
SetProcessShutdownParameters
SetStdHandle
SetThreadAffinityMask
SetThreadExecutionState
SetThreadInformation
SetThreadPriority
SetThreadPriorityBoost
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
SleepEx
SuspendThread
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateJobObject
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeA
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
Wow64GetThreadContext
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpiA
lstrcmpiW
lstrlenA

user32

AdjustWindowRectEx
AllowSetForegroundWindow
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharLowerW
CharNextW
CharToOemBuffW
CharUpperW
ClientToScreen
ClipCursor
CloseClipboard
CloseDesktop
CloseTouchInputHandle
CloseWindowStation
CreateCaret
CreateDesktopW
CreateIconIndirect
CreatePopupMenu
CreateWindowExW
CreateWindowStationW
DdeClientTransaction
DdeConnect
DdeCreateStringHandleW
DdeDisconnect
DdeFreeStringHandle
DdeGetLastError
DdeInitializeW
DdeUninitialize
DefRawInputProc
DefWindowProcW
DestroyCaret
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageW
DisplayConfigGetDeviceInfo
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIconEx
EmptyClipboard
EnableMenuItem
EnableWindow
EndPaint
EnumChildWindows
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumThreadWindows
EnumWindows
EqualRect
ExitWindowsEx
FillRect
FindWindowExW
FindWindowW
FlashWindowEx
FrameRect
GetActiveWindow
GetAncestor
GetAsyncKeyState
GetCapture
GetCaretBlinkTime
GetClassInfoExW
GetClassLongPtrW
GetClassNameW
GetClientRect
GetClipboardData
GetClipboardSequenceNumber
GetCursorInfo
GetCursorPos
GetDC
GetDesktopWindow
GetDisplayConfigBufferSizes
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetGuiResources
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastInputInfo
GetLayeredWindowAttributes
GetMenu
GetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
GetMessageExtraInfo
GetMessagePos
GetMessageTime
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetParent
GetProcessWindowStation
GetPropW
GetQueueStatus
GetRawInputData
GetRawInputDeviceInfoW
GetRawInputDeviceList
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetThreadDesktop
GetTopWindow
GetUserObjectInformationW
GetUserObjectSecurity
GetWindow
GetWindowDC
GetWindowLongPtrW
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowRgn
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
InflateRect
InsertMenuItemW
IntersectRect
InvalidateRect
InvertRect
IsChild
IsClipboardFormatAvailable
IsIconic
IsRectEmpty
IsWindow
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorW
LoadIconW
LoadImageW
LoadStringW
MapVirtualKeyExW
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjectsEx
NotifyWinEvent
OemToCharA
OemToCharBuffA
OffsetRect
OpenClipboard
OpenInputDesktop
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PrintWindow
PtInRect
QueryDisplayConfig
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterHotKey
RegisterPowerSettingNotification
RegisterRawInputDevices
RegisterTouchWindow
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendInput
SendMessageTimeoutW
SendMessageW
SetCapture
SetCaretPos
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetKeyboardState
SetMenuDefaultItem
SetMenuInfo
SetMenuItemInfoW
SetParent
SetProcessDPIAware
SetProcessWindowStation
SetPropW
SetRect
SetRectEmpty
SetThreadDesktop
SetTimer
SetWinEventHook
SetWindowLongPtrW
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCursor
ShowWindow
SystemParametersInfoW
ToUnicodeEx
TrackMouseEvent
TrackPopupMenu
TranslateMessage
UnhookWinEvent
UnhookWindowsHookEx
UnregisterClassW
UnregisterDeviceNotification
UnregisterHotKey
UnregisterPowerSettingNotification
UpdateLayeredWindow
WindowFromPoint

comctl32

InitCommonControlsEx

shell32

CommandLineToArgvW
DragQueryFileW
ord190
ord155
ord680
SHAppBarMessage
SHChangeNotify
ord4
ord2
SHCreateItemFromParsingName
SHGetDesktopFolder
SHGetFileInfoW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetMalloc
SHGetPathFromIDListW
SHGetPropertyStoreForWindow
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetStockIconInfo
SHOpenFolderAndSelectItems
SHOpenWithDialog
SHQueryUserNotificationState
ShellExecuteA
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW

dbghelp

StackWalk64
SymCleanup
SymFromAddr
SymFunctionTableAccess64
SymGetLineFromAddr64
SymGetModuleBase64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

ws2_32

WSACloseEvent
WSACreateEvent
WSADuplicateSocketW
WSAEnumNameSpaceProvidersW
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSALookupServiceBeginW
WSALookupServiceEnd
WSALookupServiceNextW
WSARecvFrom
WSAResetEvent
WSASend
WSASendTo
WSASetEvent
WSASetServiceW
WSASocketW
WSAStartup
WSAWaitForMultipleEvents
WSCEnumProtocols
WSCGetProviderPath
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostname
getpeername
getsockname
getsockopt
htonl
htons
inet_ntop
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
send
sendto
setsockopt
shutdown
socket

iphlpapi

CancelIPChangeNotify
FreeMibTable
GetAdaptersAddresses
GetAdaptersInfo
GetIfTable2
GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
NotifyAddrChange

winmm

midiInAddBuffer
midiInClose
midiInGetDevCapsW
midiInGetNumDevs
midiInOpen
midiInPrepareHeader
midiInReset
midiInStart
midiInUnprepareHeader
midiOutClose
midiOutGetDevCapsW
midiOutGetNumDevs
midiOutLongMsg
midiOutOpen
midiOutPrepareHeader
midiOutReset
midiOutShortMsg
midiOutUnprepareHeader
timeBeginPeriod
timeEndPeriod
timeGetTime
waveInGetNumDevs
waveOutClose
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutReset
waveOutRestart
waveOutUnprepareHeader
waveOutWrite

oleaut32

LoadRegTypeLi
LoadTypeLi
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
SafeArrayPutElement
SafeArrayUnaccessData
SysAllocString
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringByteLen
SysStringLen
VarBstrCmp
VarUI4FromStr
VariantClear
VariantCopy
VariantInit
VariantTimeToSystemTime

dxgi

CreateDXGIFactory1

propsys

InitPropVariantFromCLSID
PSCreateMemoryPropertyStore
PSGetPropertyKeyFromName
VariantCompare

gdi32

AddFontMemResourceEx
BeginPath
BitBlt
CancelDC
CloseEnhMetaFile
CloseFigure
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateEnhMetaFileW
CreateFontA
CreateFontIndirectA
CreateFontIndirectW
CreatePen
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
EndDoc
EndPage
EndPath
EnumEnhMetaFile
EnumFontFamiliesExA
EnumFontFamiliesExW
EqualRgn
ExtCreatePen
ExtEscape
ExtTextOutW
FillPath
GdiAlphaBlend
GdiComment
GdiFlush
GetCharABCWidthsW
GetCharWidthW
GetClipBox
GetClipRgn
GetCurrentObject
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileHeader
GetFontData
GetFontUnicodeRanges
GetGlyphIndicesW
GetGlyphOutlineW
GetICMProfileW
GetObjectType
GetObjectW
GetOutlineTextMetricsW
GetRegionData
GetRgnBox
GetStockObject
GetTextExtentPointI
GetTextFaceA
GetTextFaceW
GetTextMetricsW
GetWorldTransform
IntersectClipRect
LineTo
ModifyWorldTransform
MoveToEx
PlayEnhMetaFile
PlayEnhMetaFileRecord
PolyBezierTo
PtInRegion
RemoveFontMemResourceEx
RestoreDC
SaveDC
SelectClipPath
SelectClipRgn
SelectObject
SetAbortProc
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetDCBrushColor
SetDCPenColor
SetDIBits
SetDIBitsToDevice
SetEnhMetaFileBits
SetGraphicsMode
SetMiterLimit
SetPolyFillMode
SetROP2
SetRectRgn
SetStretchBltMode
SetTextAlign
SetTextColor
SetWorldTransform
StartDocW
StartPage
StretchBlt
StretchDIBits
StrokeAndFillPath
StrokePath
WidenPath

userenv

CreateAppContainerProfile
CreateEnvironmentBlock
DeriveAppContainerSidFromAppContainerName
DestroyEnvironmentBlock
GetAppContainerFolderPath
GetAppContainerRegistryLocation
RegisterGPNotification
UnregisterGPNotification

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetApiBufferFree
NetFreeAadJoinInformation
NetGetAadJoinInformation
NetGetJoinInformation
NetUserGetInfo

secur32

AcquireCredentialsHandleA
AcquireCredentialsHandleW
CompleteAuthToken
DeleteSecurityContext
FreeContextBuffer
FreeCredentialsHandle
GetUserNameExW
InitializeSecurityContextA
InitializeSecurityContextW
LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLogonUser
QueryContextAttributesW
QuerySecurityPackageInfoW

uiautomationcore

UiaGetReservedMixedAttributeValue
UiaGetReservedNotSupportedValue
UiaHostProviderFromHwnd
UiaRaiseAutomationEvent
UiaRaiseAutomationPropertyChangedEvent
UiaRaiseStructureChangedEvent
UiaReturnRawElementProvider

oleacc

AccessibleChildren
AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject
WindowFromAccessibleObject

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

hid

HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetScaledUsageValue
HidP_GetUsageValue
HidP_GetUsagesEx
HidP_GetValueCaps

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATCatalogInfoFromContext
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CertAddCertificateContextToStore
CertAddEncodedCertificateToStore
CertAddStoreToCollection
CertCloseStore
CertCompareCertificateName
CertControlStore
CertCreateCTLContext
CertCreateCertificateChainEngine
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindChainInStore
CertFindExtension
CertFreeCTLContext
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertGetIssuerCertificateFromStore
CertGetNameStringW
CertOpenStore
CertOpenSystemStoreW
CertSetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertVerifyTimeValidity
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CryptGetOIDFunctionAddress
CryptInitOIDFunctionSet
CryptInstallOIDFunctionAddress
CryptMsgClose
CryptMsgGetParam
CryptProtectData
CryptQueryObject
CryptUnprotectData
CryptVerifyCertificateSignatureEx

winhttp

WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpWriteData

chrome_elf

ClearReportsBetween_ExportThunk
CrashForException_ExportThunk
DumpHungProcessWithPtype_ExportThunk
GetCrashReports_ExportThunk
GetInstallDetailsPayload
GetUserDataDirectoryThunk
InjectDumpForHungInput_ExportThunk
IsExtensionPointDisableSet
IsThirdPartyInitialized
RequestSingleCrashUpload_ExportThunk
SetMetricsClientId
SetUploadConsent_ExportThunk
SignalChromeElf
SignalInitializeCrashReporting

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

AssocQueryStringW
ord437
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathMatchSpecW
PathRemoveExtensionW
ord12

dwrite

DWriteCreateFactory

dwmapi

DwmDefWindowProc
DwmExtendFrameIntoClientArea
DwmGetCompositionTimingInfo
DwmGetWindowAttribute
DwmIsCompositionEnabled
DwmSetWindowAttribute

uxtheme

CloseThemeData
DrawThemeBackground
ord47
GetThemeBackgroundContentRect
GetThemePartSize
OpenThemeData

winspool.drv

ClosePrinter
DeviceCapabilitiesW
DocumentPropertiesW
EnumPrintersW
ord203
GetPrinterDriverW
GetPrinterW
OpenPrinterW

ncrypt

NCryptCreatePersistedKey
NCryptExportKey
NCryptFinalizeKey
NCryptFreeObject
NCryptGetProperty
NCryptImportKey
NCryptIsAlgSupported
NCryptOpenStorageProvider
NCryptSignHash

usp10

ScriptFreeCache
ScriptItemize
ScriptShape

urlmon

CoInternetCreateSecurityManager

imm32

ImmAssociateContextEx
ImmGetCompositionStringW
ImmGetContext
ImmGetConversionStatus
ImmGetIMEFileNameW
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmSetOpenStatus

d3d9

Direct3DCreate9Ex

dxva2

DXVA2CreateDirect3DDeviceManager9
DXVA2CreateVideoService

comdlg32

PrintDlgExW

wevtapi

EvtClose
EvtCreateRenderContext
EvtNext
EvtQuery
EvtRender

cryptui

CryptUIDlgCertMgr
CryptUIDlgViewCertificateW

credui

CredUIPromptForWindowsCredentialsW

dhcpcsvc

DhcpCApiInitialize
DhcpRequestParams

wininet

GetUrlCacheEntryInfoExW

esent

JetAttachDatabase2W
JetBeginSessionW
JetCloseTable
JetCreateInstanceW
JetGetTableColumnInfoW
JetInit
JetMove
JetOpenDatabaseW
JetOpenTableW
JetRetrieveColumn
JetSetSystemParameterW
JetTerm

Exports

Exports

CrashForExceptionInNonABICompliantCodeRange
GetHandleVerifier
IsCrashReportingEnabledImpl
IsSandboxedProcess
RelaunchChromeBrowserWithNewCommandLineIfNeeded
SetCrashKeyValueImpl
TfLiteXNNPackDelegateCreate
TfLiteXNNPackDelegateDelete
TfLiteXNNPackDelegateGetThreadPool
TfLiteXNNPackDelegateOptionsDefault
TfLiteXNNPackDelegateWeightsCacheCreate
TfLiteXNNPackDelegateWeightsCacheCreateWithSize
TfLiteXNNPackDelegateWeightsCacheDelete
TfLiteXNNPackDelegateWeightsCacheFinalizeHard
TfLiteXNNPackDelegateWeightsCacheFinalizeSoft
cef_add_cross_origin_whitelist_entry
cef_api_hash
cef_base64decode
cef_base64encode
cef_basetime_now
cef_begin_tracing
cef_binary_value_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_get_global_manager
cef_crash_reporting_enabled
cef_create_context_shared
cef_create_directory
cef_create_new_temp_directory
cef_create_temp_directory_in_directory
cef_create_url
cef_currently_on
cef_delete_file
cef_dictionary_value_create
cef_directory_exists
cef_display_convert_screen_point_from_pixels
cef_display_convert_screen_point_to_pixels
cef_display_convert_screen_rect_from_pixels
cef_display_convert_screen_rect_to_pixels
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_java_script_with_user_gesture_for_tests
cef_execute_process
cef_format_url_for_security_display
cef_get_current_platform_thread_handle
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_temp_directory
cef_get_vlog_level
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_rtl
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_load_crlsets_file
cef_log
cef_media_router_get_global
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_json
cef_parse_json_buffer
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_preference_manager_get_global
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_register_extension
cef_register_scheme_handler_factory
cef_remove_cross_origin_whitelist_entry
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_resolve_url
cef_resource_bundle_get_global
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_server_create
cef_set_crash_key_value
cef_set_data_directory_for_tests
cef_set_osmodal_loop
cef_shared_process_message_builder_create
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_ascii_to_wide
cef_string_list_alloc
cef_string_list_append
cef_string_list_clear
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_clear
cef_string_map_find
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_clear
cef_string_multimap_enumerate
cef_string_multimap_find_count
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_alloc
cef_string_userfree_utf16_free
cef_string_userfree_utf8_alloc
cef_string_userfree_utf8_free
cef_string_userfree_wide_alloc
cef_string_userfree_wide_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_lower
cef_string_utf16_to_upper
cef_string_utf16_to_utf8
cef_string_utf16_to_wide
cef_string_utf8_clear
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_utf16
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_wide_cmp
cef_string_wide_set
cef_string_wide_to_utf16
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_test_server_create_and_start
cef_textfield_create
cef_thread_create
cef_time_delta
cef_time_from_basetime
cef_time_from_doublet
cef_time_from_timet
cef_time_now
cef_time_to_basetime
cef_time_to_doublet
cef_time_to_timet
cef_trace_counter
cef_trace_counter_id
cef_trace_event_async_begin
cef_trace_event_async_end
cef_trace_event_async_step_into
cef_trace_event_async_step_past
cef_trace_event_begin
cef_trace_event_end
cef_trace_event_instant
cef_translator_test_create
cef_translator_test_ref_ptr_library_child_child_create
cef_translator_test_ref_ptr_library_child_create
cef_translator_test_ref_ptr_library_create
cef_translator_test_scoped_library_child_child_create
cef_translator_test_scoped_library_child_create
cef_translator_test_scoped_library_create
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_array_buffer
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_promise
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_version_info
cef_waitable_event_create
cef_window_create_top_level
cef_write_json
cef_xml_reader_create
cef_zip_directory
cef_zip_reader_create

Sections

.text
Size: 157.0MB - Virtual size: 157.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22.1MB - Virtual size: 22.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 830KB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 200B

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 713B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 116B

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LZMADEC
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 234B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e92fd54d65284238a0e3b74b2715062

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 3KB - Virtual size: 64KB

.pdata Size: 8KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 204KB - Virtual size: 204KB

.reloc Size: 2KB - Virtual size: 1KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 419KB - Virtual size: 418KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dc71769f237c0a3ba38879380c54a4e6

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:dfCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

2d:f8:dd:06:41:e0:b2:af:59:69:78:fa:5a:2b:28:9b:e2:27:f3:64:44:dd:1d:c6:3e:05:f0:29:0b:70:4c:49Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 912KB - Virtual size: 911KB

.data Size: 64KB - Virtual size: 100KB

.pdata Size: 128KB - Virtual size: 127KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 34KB

71df4ec30fc1d0ae7f3a2987729d3acf

Code Sign

0b:4a:6d:c5:3e:1a:06:cf:60:42:1e:b4:fb:dc:74:aeCertificate

Extended Key Usages

Key Usages

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

01:0b:8e:98:1a:cc:87:76:72:1e:5e:2d:ca:6f:ad:35:67:f7:f1:49:84:66:6e:fb:2f:48:16:1d:a3:05:7f:07Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

msvcp140

winmm

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 204KB - Virtual size: 204KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 419KB - Virtual size: 418KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

2d:f8:dd:06:41:e0:b2:af:59:69:78:fa:5a:2b:28:9b:e2:27:f3:64:44:dd:1d:c6:3e:05:f0:29:0b:70:4c:49
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 912KB - Virtual size: 911KB

.data
Size: 64KB - Virtual size: 100KB

.pdata
Size: 128KB - Virtual size: 127KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 34KB

0b:4a:6d:c5:3e:1a:06:cf:60:42:1e:b4:fb:dc:74:ae
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

01:0b:8e:98:1a:cc:87:76:72:1e:5e:2d:ca:6f:ad:35:67:f7:f1:49:84:66:6e:fb:2f:48:16:1d:a3:05:7f:07
Signer

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 300B

61:20:4d:b4:00:00:00:00:00:27
Certificate

0b:4a:6d:c5:3e:1a:06:cf:60:42:1e:b4:fb:dc:74:ae
Certificate

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

33:00:00:00:1e:e1:1d:60:9e:7d:97:60:71:00:00:00:00:00:1e
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

50:f3:02:26:4f:7d:b6:0a:63:8b:53:18:60:2f:0f:ee:55:06:3b:6a:71:b6:69:63:3f:ac:a8:8e:79:5e:89:4b
Signer

50:f3:02:26:4f:7d:b6:0a:63:8b:53:18:60:2f:0f:ee:55:06:3b:6a:71:b6:69:63:3f:ac:a8:8e:79:5e:89:4b
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 4B

PAGE
Size: 10KB - Virtual size: 9KB

INIT
Size: 1024B - Virtual size: 1018B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 392B