FileSetupThere+[.]rar

Resubmissions

13-06-2023 13:21

230613-ql4w2agc84 3

13-06-2023 09:01

230613-kyvagafe94 10

Sharing

Copy URL

Twitter E-mail

General

Target

FileSetupThere+.rar
Size

15.0MB
MD5

b60ee47ca52121cfa03fc19213b18ab2
SHA1

6c8c8537547e5ab76bbf4451818d6eccb6311219
SHA256

e63738463dcbc69fd4a7e7df7702b2a9453cb315290ad577e662d804fa6a3d97
SHA512

fbbd98261888c21e036001dc64b9ef13ec4e957e31578433a515bcedfab87992f5fd1fc1c74fef62cb6ffb18cac0cc34c2b4eaa9321acedfdc5ab796dc4a883a
SSDEEP

393216:KanehXz9RZ9YMwjXj+WfGesT5bU2jmYhO1c:NnOJRz2SWfG5RKkZ

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
static1/unpack001/setup.exe	vmprotect

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/setup.exe

resource
unpack001/setup.exe

Files

FileSetupThere+.rar
.rar
app/LICENSE.txt
app/node_modules.asar.unpacked/keytar/build/Release/keytar.node
.dll windows x64

Password: 2023

bf14f2469c40007af7c17ad4c7284314

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:69:7a:e5:b9:77:06:99:2a:f6:6d:94:f2:f1:0a:9c:ab:60:1e:3e:04:a7:2b:32:2b:c0:1e:e5:2e:7e:7a:b2
Signer

Actual PE Digest

fd:69:7a:e5:b9:77:06:99:2a:f6:6d:94:f2:f1:0a:9c:ab:60:1e:3e:04:a7:2b:32:2b:c0:1e:e5:2e:7e:7a:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WideCharToMultiByte
LocalFree
GetLastError
FormatMessageW
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapFree
WriteFile
OutputDebugStringW
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
GetFileSizeEx
SetFilePointerEx
CloseHandle
CreateFileW
GetSystemInfo
VirtualProtect
VirtualQuery

advapi32

CredReadW
CredEnumerateW
CredFree
CredDeleteW
CredWriteW

Exports

Exports

node_register_module_v80

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/native-is-elevated/build/Release/iselevated.node
.dll windows x64

Password: 2023

754a422689d1a47a62c7eb63b981b887

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:10:63:5c:90:23:f6:36:66:22:10:9b:8e:30:79:bc:82:c4:2a:9b:c6:36:d9:21:29:ff:0f:a2:29:00:ef:00
Signer

Actual PE Digest

ab:10:63:5c:90:23:f6:36:66:22:10:9b:8e:30:79:bc:82:c4:2a:9b:c6:36:d9:21:29:ff:0f:a2:29:00:ef:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
CloseHandle
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

advapi32

OpenProcessToken
GetTokenInformation

Exports

Exports

_register_iselevated_

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/native-keymap/build/Release/keymapping.node
.dll windows x64

Password: 2023

a46194295e6c3287394ffae96481fa5e

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:8a:22:a8:fd:1b:1b:a0:26:ae:50:11:14:ea:75:94:7e:40:5d:b1:d4:0c:2c:a0:de:51:81:83:ec:43:1f:fb
Signer

Actual PE Digest

ca:8a:22:a8:fd:1b:1b:a0:26:ae:50:11:14:ea:75:94:7e:40:5d:b1:d4:0c:2c:a0:de:51:81:83:ec:43:1f:fb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemInfo
VirtualProtect
CreateFileW
VirtualQuery
LoadLibraryExA
WriteConsoleW
GetModuleHandleA
CloseHandle
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeW
GetFileSizeEx
SetFilePointerEx
HeapSize

user32

ActivateKeyboardLayout
GetWindowThreadProcessId
MapVirtualKeyW
GetKeyboardLayoutNameA
GetKeyboardLayout
GetForegroundWindow
ToUnicode

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

CoCreateInstance

Exports

Exports

_register_keymapping_

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/native-watchdog/build/Release/watchdog.node
.dll windows x64

Password: 2023

3c6ee28f041c401dc3022a0abf1c30e8

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:75:02:4c:2b:0e:af:b8:0c:54:41:4e:e3:af:35:9d:aa:03:f2:51:ec:19:66:0e:a2:da:cc:f1:84:c3:b1:42
Signer

Actual PE Digest

ec:75:02:4c:2b:0e:af:b8:0c:54:41:4e:e3:af:35:9d:aa:03:f2:51:ec:19:66:0e:a2:da:cc:f1:84:c3:b1:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WaitForSingleObject
OpenProcess
Sleep
CloseHandle
GetModuleHandleA
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

Exports

Exports

_register_watchdog_

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/node-pty/build/Release/conpty.node
.dll windows x64

Password: 2023

2d4ed304755782b0d5f9cd2d79e9be84

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:84:84:12:ff:b4:e7:22:b6:c1:13:d4:35:3f:66:c7:f1:b2:52:bc:ef:7e:a9:47:f3:aa:b7:cc:1f:5b:53:22
Signer

Actual PE Digest

f0:84:84:12:ff:b4:e7:22:b6:c1:13:d4:35:3f:66:c7:f1:b2:52:bc:ef:7e:a9:47:f3:aa:b7:cc:1f:5b:53:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetConsoleCtrlHandler
RegisterWaitForSingleObject
UnregisterWait
CreateNamedPipeW
InitializeProcThreadAttributeList
GetLastError
UpdateProcThreadAttribute
CloseHandle
GetProcAddress
CreateProcessW
LoadLibraryExW
ConnectNamedPipe
GetExitCodeProcess
GetEnvironmentVariableW
GetFileAttributesW
MultiByteToWideChar
GetModuleHandleA
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
FreeLibrary
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapAlloc
HeapFree
WriteFile
OutputDebugStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetFileSizeEx
SetFilePointerEx
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
CreateFileW

shlwapi

PathIsRelativeW
PathCombineW

Exports

Exports

_register_pty_

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/node-pty/build/Release/conpty_console_list.node
.dll windows x64

Password: 2023

e1dcec8ef580c1afeda0daaa3b833962

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:6f:84:16:1c:6a:87:05:d7:5a:e0:b7:b1:72:5d:6b:b3:92:22:15:2b:12:ff:da:79:02:f5:b9:24:5a:a1:93
Signer

Actual PE Digest

fd:6f:84:16:1c:6a:87:05:d7:5a:e0:b7:b1:72:5d:6b:b3:92:22:15:2b:12:ff:da:79:02:f5:b9:24:5a:a1:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AttachConsole
GetConsoleProcessList
FreeConsole
GetModuleHandleA
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

Exports

Exports

_register_pty_

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/node-pty/build/Release/pty.node
.dll windows x64

Password: 2023

178e9b3170fda91c760ee69a7ad5e281

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:7c:5b:3b:b0:ef:47:c3:13:17:f4:43:e5:2b:9f:ca:fa:09:b4:4b:92:85:91:4e:a6:66:2d:cc:76:a7:86:52
Signer

Actual PE Digest

85:7c:5b:3b:b0:ef:47:c3:13:17:f4:43:e5:2b:9f:ca:fa:09:b4:4b:92:85:91:4e:a6:66:2d:cc:76:a7:86:52

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetProcessId
CloseHandle
SetEnvironmentVariableA
GetExitCodeProcess
GetEnvironmentVariableW
GetFileAttributesW
MultiByteToWideChar
GetModuleHandleA
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
CreateFileW
HeapSize
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetLastError
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapFree
WriteFile
OutputDebugStringW
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP

shlwapi

PathIsRelativeW
PathCombineW

winpty

winpty_agent_process
winpty_get_console_process_list
winpty_error_msg
winpty_error_free
winpty_config_free
winpty_free
winpty_spawn_config_free
winpty_config_new
winpty_spawn
winpty_config_set_initial_size
winpty_conin_name
winpty_spawn_config_new
winpty_open
winpty_conout_name
winpty_set_size

Exports

Exports

_register_pty_

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/node-pty/build/Release/winpty-agent.exe
.exe windows x64

Password: 2023

dbf37556c4314c20e15aa10960f1c9b0

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:e4:1c:c0:6f:32:8f:2e:a7:10:66:2e:67:d1:a2:2d:d3:b7:29:4f:4e:e7:fb:45:f1:eb:fd:94:bb:1e:05:5c
Signer

Actual PE Digest

28:e4:1c:c0:6f:32:8f:2e:a7:10:66:2e:67:d1:a2:2d:d3:b7:29:4f:4e:e7:fb:45:f1:eb:fd:94:bb:1e:05:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryW
GetProcAddress
FreeLibrary
SetConsoleMode
GetConsoleMode
GetTickCount
GenerateConsoleCtrlEvent
ReadConsoleInputW
WaitForMultipleObjects
Sleep
ReadFile
CancelIo
WriteFile
CreateNamedPipeW
CreateFileW
CreateEventW
ResetEvent
GetOverlappedResult
ConnectNamedPipe
GetConsoleCursorInfo
GetConsoleTitleW
GetConsoleWindow
SetConsoleTitleW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleCP
SetConsoleWindowInfo
CreateConsoleScreenBuffer
FillConsoleOutputCharacterW
ReadConsoleOutputW
FillConsoleOutputAttribute
SetConsoleCursorPosition
WriteConsoleOutputW
GetCommandLineW
GetCurrentThreadId
GetModuleFileNameA
SetNamedPipeHandleState
SetLastError
GetEnvironmentVariableA
GetCurrentProcessId
TransactNamedPipe
GetSystemTimeAsFileTime
WaitNamedPipeW
WideCharToMultiByte
LocalAlloc
GetCurrentThread
LocalFree
GetVersionExW
GetSystemDirectoryW
GetModuleHandleW
WriteConsoleW
GetConsoleOutputCP
CreateProcessW
WriteConsoleInputW
CloseHandle
GetConsoleProcessList
GetLargestConsoleWindowSize
GetLastError
DuplicateHandle
WaitForSingleObject
GetStdHandle
GetCurrentProcess
SetConsoleScreenBufferSize
SetConsoleCtrlHandler
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCommandLineA
HeapFree
HeapAlloc
GetFileType
CompareStringW
LCMapStringW
FlushFileBuffers
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
OpenThreadToken
GetTokenInformation
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

shell32

CommandLineToArgvW

user32

CloseDesktop
CreateDesktopW
SetProcessWindowStation
PostMessageW
GetDoubleClickTime
CreateWindowStationW
MapVirtualKeyW
SendMessageW
VkKeyScanW
CloseWindowStation
GetUserObjectInformationW
GetProcessWindowStation

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/node-pty/build/Release/winpty.dll
.dll windows x64

91d1b11082ca93b0dbca7361c2dd40d0

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:df:22:55:43:ad:22:d1:0e:b6:20:8d:21:f3:6c:4c:0f:fe:d4:fa:09:5a:89:3c:73:e7:67:8a:7a:6b:4d:e7
Signer

Actual PE Digest

9f:df:22:55:43:ad:22:d1:0e:b6:20:8d:21:f3:6c:4c:0f:fe:d4:fa:09:5a:89:3c:73:e7:67:8a:7a:6b:4d:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DuplicateHandle
CreateEventW
GetLastError
CloseHandle
GetOverlappedResult
DeleteCriticalSection
CreateProcessW
ConnectNamedPipe
GetCurrentThreadId
GetModuleFileNameA
SetNamedPipeHandleState
SetLastError
CreateFileW
GetEnvironmentVariableA
TransactNamedPipe
GetSystemTimeAsFileTime
WaitNamedPipeW
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
LocalAlloc
GetCurrentThread
LocalFree
GetVersionExW
GetSystemDirectoryW
GetModuleHandleW
InitializeCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
CreateNamedPipeW
WriteFile
GetCurrentProcess
EnterCriticalSection
CancelIo
ReadFile
GetFileAttributesW
GetModuleFileNameW
GetCurrentProcessId
GetModuleHandleExW
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetStdHandle
GetFileType
WriteConsoleW
ExitProcess
OutputDebugStringW
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap

advapi32

SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
OpenThreadToken
GetTokenInformation
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

user32

CloseDesktop
CreateDesktopW
CloseWindowStation
GetUserObjectInformationW
GetProcessWindowStation
CreateWindowStationW
SetProcessWindowStation
GetThreadDesktop

Exports

Exports

winpty_agent_process
winpty_conerr_name
winpty_config_free
winpty_config_new
winpty_config_set_agent_timeout
winpty_config_set_initial_size
winpty_config_set_mouse_mode
winpty_conin_name
winpty_conout_name
winpty_error_code
winpty_error_free
winpty_error_msg
winpty_free
winpty_get_console_process_list
winpty_open
winpty_set_size
winpty_spawn
winpty_spawn_config_free
winpty_spawn_config_new

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/spdlog/build/Release/spdlog.node
.dll windows x64

d6342d617ce0bd898365e68bbf9e88e0

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:f6:25:4d:33:50:a0:3f:2f:bc:33:38:51:8f:4b:5e:89:e5:f2:a7:17:92:4f:38:54:cf:7c:b3:78:3b:32:aa
Signer

Actual PE Digest

64:f6:25:4d:33:50:a0:3f:2f:bc:33:38:51:8f:4b:5e:89:e5:f2:a7:17:92:4f:38:54:cf:7c:b3:78:3b:32:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetHandleInformation
GetDynamicTimeZoneInformation
GetFileAttributesW
GetCurrentThreadId
Sleep
GetCurrentProcessId
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
GetLastError
EncodePointer
DecodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
SetStdHandle
DeleteFileW
MoveFileExW
CreateFileW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
ExitProcess
GetFileSizeEx
SetFilePointerEx
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteFile
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FlushFileBuffers
GetCurrentDirectoryW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
ReadFile
ReadConsoleW
HeapSize
SetEndOfFile
GetSystemInfo
VirtualQuery
LoadLibraryExA

Exports

Exports

_register_spdlog_

Sections

.text
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/vscode-nsfw/build/Release/nsfw.node
.dll windows x64

c25630333facb5b939ba77d589db7832

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:6a:8c:31:e7:fa:52:0b:4a:f2:12:5c:f9:27:cc:e6:f8:bd:ad:be:b8:05:ba:c6:ac:da:50:ba:ac:97:a7:af
Signer

Actual PE Digest

b7:6a:8c:31:e7:fa:52:0b:4a:f2:12:5c:f9:27:cc:e6:f8:bd:ad:be:b8:05:ba:c6:ac:da:50:ba:ac:97:a7:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
CancelIo
CreateFileW
MultiByteToWideChar
CloseHandle
QueueUserAPC
ReadDirectoryChangesW
WideCharToMultiByte
SleepEx
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetLastError
GetStringTypeW
DuplicateHandle
WaitForSingleObjectEx
GetCurrentProcess
SwitchToThread
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitThread
ExitProcess
HeapFree
WriteFile
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
HeapSize
GetSystemInfo
VirtualQuery
LoadLibraryExA

Exports

Exports

_register_nsfw_

Sections

.text
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/vscode-oniguruma/release/onig.wasm
app/node_modules.asar.unpacked/vscode-ripgrep/bin/rg.exe
.exe windows x64

60df4b39c8186ec01f9d1b16b01a5498

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:20:f4:5d:b7:68:34:cf:34:7b:43:8f:82:54:d4:b8:c5:52:f5:4b:a6:d5:a1:2e:30:97:e5:d5:ef:05:5c:f4
Signer

Actual PE Digest

8f:20:f4:5d:b7:68:34:cf:34:7b:43:8f:82:54:d4:b8:c5:52:f5:4b:a6:d5:a1:2e:30:97:e5:d5:ef:05:5c:f4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
SystemFunction036

kernel32

GetSystemInfo
CreateFileMappingW
MapViewOfFile
CloseHandle
VirtualProtect
UnmapViewOfFile
ReleaseMutex
WaitForSingleObject
CreateMutexA
VirtualAlloc
VirtualFree
GetFileType
GetLastError
GetStdHandle
GetConsoleMode
GetFileInformationByHandleEx
GetFileInformationByHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
SetConsoleMode
FreeEnvironmentStringsW
LeaveCriticalSection
DeleteCriticalSection
FindClose
SwitchToThread
Sleep
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
WriteFile
FlushFileBuffers
DuplicateHandle
ReadFile
SetFilePointerEx
InitializeCriticalSection
EnterCriticalSection
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
HeapReAlloc
AddVectoredExceptionHandler
GetModuleHandleW
GetProcAddress
FindNextFileW
CreateFileW
DeviceIoControl
FindFirstFileW
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateProcessW
CreateNamedPipeW
CreateThread
QueryPerformanceFrequency
GetSystemTimeAsFileTime
WriteConsoleW
ReadConsoleW
WaitForSingleObjectEx
LoadLibraryA
RtlLookupFunctionEntry
GetConsoleCP
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
InitializeCriticalSectionAndSpinCount
EncodePointer
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/vscode-sqlite3/build/Release/sqlite.node
.dll windows x64

adf3b679c4e2a415936400ed6da20d0b

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:d1:70:45:ff:1f:4e:87:d2:3f:07:4c:50:00:2d:0e:83:ea:ab:a9:a9:23:5c:52:db:dc:dc:b5:a2:77:94:5c
Signer

Actual PE Digest

64:d1:70:45:ff:1f:4e:87:d2:3f:07:4c:50:00:2d:0e:83:ea:ab:a9:a9:23:5c:52:db:dc:dc:b5:a2:77:94:5c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetModuleHandleA
LoadLibraryExA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
CompareStringW
LCMapStringW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
VirtualProtect
VirtualQuery

Exports

Exports

_register_node_sqlite3_

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/vscode-windows-ca-certs/build/Release/crypt32.node
.dll windows x64

46b05782697f42343a4acb245f8d5557

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:e9:1a:e9:4a:26:91:c4:89:03:c1:e6:f8:5a:00:1f:c7:b8:dd:4e:3d:7c:85:c1:4f:a5:cb:1a:77:f2:28:47
Signer

Actual PE Digest

87:e9:1a:e9:4a:26:91:c4:89:03:c1:e6:f8:5a:00:1f:c7:b8:dd:4e:3d:7c:85:c1:4f:a5:cb:1a:77:f2:28:47

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

crypt32

CertCloseStore
CertOpenSystemStoreA
CertEnumCertificatesInStore

Exports

Exports

_register_crypt32_

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/vscode-windows-registry/build/Release/winregistry.node
.dll windows x64

29c20aa9578990d1ada20e092a6e4a57

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:84:63:d5:24:c5:14:89:a4:d1:63:50:38:35:89:8d:c6:32:63:3f:92:47:6d:67:fa:bc:fd:a1:ec:d1:e8:28
Signer

Actual PE Digest

b8:84:63:d5:24:c5:14:89:a4:d1:63:50:38:35:89:8d:c6:32:63:3f:92:47:6d:67:fa:bc:fd:a1:ec:d1:e8:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LoadLibraryExA
GetModuleHandleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo
VirtualProtect
VirtualQuery

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Exports

Exports

_register_winregistry_

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/windows-foreground-love/build/Release/foreground_love.node
.dll windows x64

387ee2955812e2fa2c995b5bf986c3b3

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:a1:93:a7:83:b1:a5:f6:4c:a9:a3:7f:b2:c7:91:97:dd:5d:62:a4:25:13:14:50:34:00:f0:ed:6a:fa:67:42
Signer

Actual PE Digest

00:a1:93:a7:83:b1:a5:f6:4c:a9:a3:7f:b2:c7:91:97:dd:5d:62:a4:25:13:14:50:34:00:f0:ed:6a:fa:67:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
LoadLibraryExA
VirtualQuery
VirtualProtect
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetSystemInfo

user32

AllowSetForegroundWindow

Exports

Exports

_register_foreground_love_

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/windows-mutex/build/Release/CreateMutex.node
.dll windows x64

d3741ae4d72ebe22b34eda26867a23cc

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:b4:30:b6:5c:ff:2b:42:1d:3c:6a:6a:e1:2f:15:33:4e:19:fd:da:7a:81:a3:cc:bd:cf:40:59:fc:5c:a2:e8
Signer

Actual PE Digest

7d:b4:30:b6:5c:ff:2b:42:1d:3c:6a:6a:e1:2f:15:33:4e:19:fd:da:7a:81:a3:cc:bd:cf:40:59:fc:5c:a2:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateMutexA
OpenMutexA
CloseHandle
GetModuleHandleA
LoadLibraryExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
ExitProcess
HeapFree
WriteFile
OutputDebugStringW
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
GetFileSizeEx
SetFilePointerEx
CreateFileW
GetSystemInfo
VirtualProtect
VirtualQuery

Exports

Exports

_register_CreateMutexA_

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/node_modules.asar.unpacked/windows-process-tree/build/Release/windows_process_tree.node
.dll windows x64

c84e057cdd8e85f71b94d9fcf907d881

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:d0:ba:e9:db:65:d3:2b:1b:42:68:dc:6e:a5:95:cb:a5:bd:9a:b2:fc:39:88:2a:8c:92:2c:9d:e9:e7:d0:19
Signer

Actual PE Digest

73:d0:ba:e9:db:65:d3:2b:1b:42:68:dc:6e:a5:95:cb:a5:bd:9a:b2:fc:39:88:2a:8c:92:2c:9d:e9:e7:d0:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

Sleep
Process32First
GetSystemTimes
OpenProcess
CreateToolhelp32Snapshot
Process32Next
CloseHandle
GetProcessTimes
HeapFree
GetModuleHandleA
HeapAlloc
GetProcAddress
ReadProcessMemory
GetProcessHeap
WideCharToMultiByte
LoadLibraryExA
VirtualQuery
VirtualProtect
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
GetSystemInfo

psapi

GetProcessMemoryInfo

Exports

Exports

_register_hello_

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/out/bootstrap-amd.js
.js
app/out/bootstrap-fork.js
.js
app/out/bootstrap-node.js
.js
app/out/bootstrap-window.js
.js
app/out/bootstrap.js
.js
app/out/cli.js
app/out/main.js
.js
app/out/nls.metadata.json
app/out/paths.js
app/out/sql/azdata.d.ts
app/out/sql/base/browser/ui/propertiesContainer/propertiesContainer.component.html
app/out/sql/base/browser/ui/table/media/sort-asc.gif
.gif
app/out/sql/base/browser/ui/table/media/sort-desc.gif
.gif
app/out/sql/base/browser/ui/taskbar/media/create_insight.svg
app/out/sql/base/browser/ui/taskbar/media/create_insight_inverse.svg
app/out/sql/media/icons/collapsed.svg
app/out/sql/media/icons/collapsed_inverse.svg
app/out/sql/media/icons/expanded.svg
app/out/sql/media/icons/expanded_inverse.svg
app/out/sql/media/icons/extensions.svg
app/out/sql/media/icons/run_history_inverse.svg
app/out/sql/media/icons/search_inverse.svg
app/out/sql/media/icons/sourcecontrol_inverse.svg
app/out/sql/media/icons/toolbar-code.svg
app/out/sql/media/microsoft-small-logo.png
.png
app/out/sql/media/microsoft_logo_gray.svg
.xml
app/out/sql/setup.js
app/out/sql/workbench/browser/modal/media/error_notification.svg
app/out/sql/workbench/browser/modelComponents/card.component.html
app/out/sql/workbench/browser/modelComponents/declarativeTable.component.html
.js
app/out/sql/workbench/browser/modelComponents/listView.component.html
app/out/sql/workbench/browser/modelComponents/radioCardGroup.component.html
app/out/sql/workbench/browser/modelComponents/tabbedPanel.component.html
app/out/sql/workbench/contrib/accounts/browser/media/accounts_statusbar_inverse.svg
app/out/sql/workbench/contrib/assessment/browser/asmtResultsView.component.html
app/out/sql/workbench/contrib/assessment/browser/asmtView.component.html
app/out/sql/workbench/contrib/backup/browser/backup.component.html
app/out/sql/workbench/contrib/charts/browser/media/images/invalidImage.png
.png
app/out/sql/workbench/contrib/dashboard/browser/containers/dashboardNavSection.component.html
app/out/sql/workbench/contrib/dashboard/browser/contents/controlHostContent.component.html
app/out/sql/workbench/contrib/dashboard/browser/contents/dashboardWidgetWrapper.component.html
app/out/sql/workbench/contrib/dashboard/browser/contents/widgetContent.component.html
app/out/sql/workbench/contrib/dashboard/browser/core/dashboardPage.component.html
app/out/sql/workbench/contrib/dashboard/browser/dashboard.component.html
app/out/sql/workbench/contrib/dashboard/browser/widgets/explorer/explorerWidget.component.html
app/out/sql/workbench/contrib/dataExplorer/browser/media/connected_active_server.svg
app/out/sql/workbench/contrib/dataExplorer/browser/media/connected_active_server_inverse.svg
app/out/sql/workbench/contrib/dataExplorer/browser/media/disconnected_server.svg
app/out/sql/workbench/contrib/dataExplorer/browser/media/disconnected_server_inverse.svg
app/out/sql/workbench/contrib/jobManagement/browser/agentView.component.html
.wsf
app/out/sql/workbench/contrib/jobManagement/browser/alertsView.component.html
app/out/sql/workbench/contrib/jobManagement/browser/jobHistory.component.html
.wsf
app/out/sql/workbench/contrib/jobManagement/browser/jobStepsView.component.html
app/out/sql/workbench/contrib/jobManagement/browser/jobsView.component.html
app/out/sql/workbench/contrib/jobManagement/browser/media/status_error.svg
app/out/sql/workbench/contrib/jobManagement/browser/media/status_success.svg
app/out/sql/workbench/contrib/jobManagement/browser/notebookHistory.component.html
.js
app/out/sql/workbench/contrib/jobManagement/browser/notebooksView.component.html
app/out/sql/workbench/contrib/jobManagement/browser/operatorsView.component.html
app/out/sql/workbench/contrib/jobManagement/browser/proxiesView.component.html
app/out/sql/workbench/contrib/notebook/browser/cellViews/code.component.html
app/out/sql/workbench/contrib/notebook/browser/cellViews/codeCell.component.html
app/out/sql/workbench/contrib/notebook/browser/cellViews/collapse.component.html
app/out/sql/workbench/contrib/notebook/browser/cellViews/markdownToolbar.component.html
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/dark/chevron_down_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/dark/chevron_up_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/dark/execute_cell_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/dark/stop_cell_solidanimation_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/light/chevron_down.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/light/chevron_up.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/light/execute_cell.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/light/execute_cell_error.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/light/execute_cell_grey.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/light/stop_cell_solidanimation.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-bold.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-code.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-highlight.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-image.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-italic.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-link.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-list.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-ordered-list.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-preview-toggle-off.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/media/toolbar-preview-toggle-on.svg
app/out/sql/workbench/contrib/notebook/browser/cellViews/output.component.html
app/out/sql/workbench/contrib/notebook/browser/cellViews/outputArea.component.html
app/out/sql/workbench/contrib/notebook/browser/cellViews/placeholderCell.component.html
app/out/sql/workbench/contrib/notebook/browser/cellViews/textCell.component.html
app/out/sql/workbench/contrib/notebook/browser/media/dark/add_blue_inverse.svg
.xml
app/out/sql/workbench/contrib/notebook/browser/media/dark/add_code_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/media/dark/add_text_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/media/dark/clear_results_blue_inverse.svg
.xml
app/out/sql/workbench/contrib/notebook/browser/media/dark/nottrusted_blue_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/media/dark/run_cells_blue_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/media/dark/stop_cell_inverse.svg
app/out/sql/workbench/contrib/notebook/browser/media/dark/trusted_blue_inverse.svg
.xml
app/out/sql/workbench/contrib/notebook/browser/media/light/add_blue.svg
.xml
app/out/sql/workbench/contrib/notebook/browser/media/light/add_code.svg
app/out/sql/workbench/contrib/notebook/browser/media/light/add_text.svg
app/out/sql/workbench/contrib/notebook/browser/media/light/clear_results_blue.svg
.xml
app/out/sql/workbench/contrib/notebook/browser/media/light/nottrusted_blue.svg
app/out/sql/workbench/contrib/notebook/browser/media/light/run_cells_blue.svg
app/out/sql/workbench/contrib/notebook/browser/media/light/stop_cell.svg
app/out/sql/workbench/contrib/notebook/browser/media/light/trusted_blue.svg
.xml
app/out/sql/workbench/contrib/notebook/browser/notebook.component.html
app/out/sql/workbench/contrib/notebook/browser/outputs/markdownOutput.component.html
app/out/sql/workbench/contrib/queryPlan/browser/media/qp_icons.png
.png
app/out/sql/workbench/contrib/welcome/gettingStarted/media/connections.png
.png
app/out/sql/workbench/contrib/welcome/gettingStarted/media/extensions.png
.png
app/out/sql/workbench/contrib/welcome/gettingStarted/media/notebooks.png
.png
app/out/sql/workbench/contrib/welcome/gettingStarted/media/serverIcon.svg
app/out/sql/workbench/contrib/welcome/gettingStarted/media/settings.png
.png
app/out/sql/workbench/contrib/welcome/gettingStarted/media/welcome.png
.png
app/out/sql/workbench/contrib/welcome/media/arrowRightIcon.svg
app/out/sql/workbench/contrib/welcome/media/closeIcon.svg
app/out/sql/workbench/contrib/welcome/media/createConnectionIcon.svg
app/out/sql/workbench/contrib/welcome/media/db_admin.png
.png
app/out/sql/workbench/contrib/welcome/media/defaultExtensionIcon.svg
app/out/sql/workbench/contrib/welcome/media/homeBanner_icon.svg
app/out/sql/workbench/contrib/welcome/media/homeBanner_icon_dark.svg
app/out/sql/workbench/contrib/welcome/media/icon_postgre_sql.png
.png
app/out/sql/workbench/contrib/welcome/media/icon_powershell.png
.png
app/out/sql/workbench/contrib/welcome/media/microsoftSqlServerIcon.svg
app/out/sql/workbench/contrib/welcome/media/video_introduction.png
.png
app/out/sql/workbench/contrib/welcome/media/video_overview.png
.png
app/out/sql/workbench/contrib/welcome/page/browser/media/connections.png
.png
app/out/vs/base/browser/ui/codicons/codicon/codicon-animations.css
app/out/vs/base/browser/ui/codicons/codicon/codicon-modifications.css
app/out/vs/base/browser/ui/codicons/codicon/codicon.css
app/out/vs/base/browser/ui/codicons/codicon/codicon.ttf
app/out/vs/base/common/performance.js
.js
app/out/vs/base/node/cpuUsage.sh
.sh .js linux
app/out/vs/base/node/languagePacks.js
.js
app/out/vs/base/node/ps.sh
.sh linux
app/out/vs/base/node/terminateProcess.sh
.sh linux
app/out/vs/base/parts/sandbox/electron-browser/preload.js
.js
app/out/vs/base/worker/workerMain.js
.js
app/out/vs/code/electron-browser/sharedProcess/sharedProcess.html
app/out/vs/code/electron-browser/sharedProcess/sharedProcess.js
app/out/vs/code/electron-browser/sharedProcess/sharedProcessMain.js
.js
app/out/vs/code/electron-browser/sharedProcess/sharedProcessMain.nls.js
app/out/vs/code/electron-browser/workbench/workbench.html
app/out/vs/code/electron-browser/workbench/workbench.js
.js
app/out/vs/code/electron-main/main.js
.js
app/out/vs/code/electron-main/main.nls.js
app/out/vs/code/electron-sandbox/issue/issueReporter.html
app/out/vs/code/electron-sandbox/issue/issueReporter.js
app/out/vs/code/electron-sandbox/issue/issueReporterMain.css
app/out/vs/code/electron-sandbox/issue/issueReporterMain.js
.js
app/out/vs/code/electron-sandbox/issue/issueReporterMain.nls.js
app/out/vs/code/electron-sandbox/processExplorer/processExplorer.html
app/out/vs/code/electron-sandbox/processExplorer/processExplorer.js
app/out/vs/code/electron-sandbox/processExplorer/processExplorerMain.css
app/out/vs/code/electron-sandbox/processExplorer/processExplorerMain.js
.js
app/out/vs/code/electron-sandbox/processExplorer/processExplorerMain.nls.js
app/out/vs/code/electron-sandbox/proxy/auth.html
app/out/vs/code/electron-sandbox/proxy/auth.js
app/out/vs/code/electron-sandbox/workbench/workbench.html
app/out/vs/code/node/cli.js
.js
app/out/vs/code/node/cli.nls.js
app/out/vs/code/node/cliProcessMain.js
.js
app/out/vs/code/node/cliProcessMain.nls.js
app/out/vs/loader.js
.js
app/out/vs/platform/driver/node/driver.js
.js
app/out/vs/platform/extensionManagement/common/media/defaultIcon.png
.png
app/out/vs/platform/files/node/watcher/nsfw/watcherApp.js
.js
app/out/vs/platform/files/node/watcher/nsfw/watcherApp.nls.js
app/out/vs/platform/files/node/watcher/unix/watcherApp.js
.js
app/out/vs/platform/files/node/watcher/unix/watcherApp.nls.js
app/out/vs/platform/files/node/watcher/win32/CodeHelper.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-03-2020 18:39

Not After

03-03-2021 18:39

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:e5:d6:a1:b9:6e:33:47:20:cd:f2:78:6d:46:f9:53:6f:e0:0e:10:38:30:96:00:92:9a:9a:09:fd:48:1e:6d
Signer

Actual PE Digest

32:e5:d6:a1:b9:6e:33:47:20:cd:f2:78:6d:46:f9:53:6f:e0:0e:10:38:30:96:00:92:9a:9a:09:fd:48:1e:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
app/out/vs/platform/files/node/watcher/win32/CodeHelper.md
app/out/vs/vscode.d.ts
.js
app/out/vs/workbench/browser/parts/editor/media/back-tb.png
.png
app/out/vs/workbench/browser/parts/editor/media/forward-tb.png
.png
app/out/vs/workbench/browser/parts/editor/media/letterpress-dark.svg
.xml
app/out/vs/workbench/browser/parts/editor/media/letterpress-hc.svg
.xml
app/out/vs/workbench/browser/parts/editor/media/letterpress.svg
.xml
app/out/vs/workbench/contrib/debug/browser/media/continue-tb.png
.png
app/out/vs/workbench/contrib/debug/browser/media/continue-without-debugging-tb.png
.png
app/out/vs/workbench/contrib/debug/browser/media/pause-tb.png
.png
app/out/vs/workbench/contrib/debug/browser/media/restart-tb.png
.png
app/out/vs/workbench/contrib/debug/browser/media/stepinto-tb.png
.png
app/out/vs/workbench/contrib/debug/browser/media/stepout-tb.png
.png
app/out/vs/workbench/contrib/debug/browser/media/stepover-tb.png
.png
app/out/vs/workbench/contrib/debug/browser/media/stop-tb.png
.png
app/out/vs/workbench/contrib/debug/node/telemetryApp.js
.js
app/out/vs/workbench/contrib/debug/node/telemetryApp.nls.js
app/out/vs/workbench/contrib/extensions/browser/media/language-icon.svg
app/out/vs/workbench/contrib/extensions/browser/media/theme-icon.png
.png
app/out/vs/workbench/contrib/externalTerminal/node/TerminalHelper.scpt
.scpt macos
app/out/vs/workbench/contrib/externalTerminal/node/iTermHelper.scpt
.scpt macos
app/out/vs/workbench/contrib/notebook/common/services/notebookSimpleWorker.js
.js
app/out/vs/workbench/contrib/output/common/outputLinkComputer.js
.js
app/out/vs/workbench/contrib/webview/browser/pre/fake.html
.html
app/out/vs/workbench/contrib/webview/browser/pre/host.js
.js
app/out/vs/workbench/contrib/webview/browser/pre/index.html
.html
app/out/vs/workbench/contrib/webview/browser/pre/main.js
.js
app/out/vs/workbench/contrib/webview/browser/pre/service-worker.js
.js
app/out/vs/workbench/contrib/webview/electron-browser/pre/electron-index.js
.js
app/out/vs/workbench/contrib/webview/electron-browser/pre/index.html
.html
app/out/vs/workbench/contrib/welcome/overlay/browser/media/commandpalette-dark.svg
app/out/vs/workbench/contrib/welcome/overlay/browser/media/commandpalette.svg
app/out/vs/workbench/services/extensions/node/extensionHostProcess.js
.js
app/out/vs/workbench/services/extensions/node/extensionHostProcess.nls.js
app/out/vs/workbench/services/extensions/worker/extensionHostWorker.js
.js
app/out/vs/workbench/services/extensions/worker/extensionHostWorker.nls.js
app/out/vs/workbench/services/extensions/worker/extensionHostWorkerMain.js
.js
app/out/vs/workbench/services/search/node/searchApp.js
.js
app/out/vs/workbench/services/search/node/searchApp.nls.js
app/out/vs/workbench/workbench.desktop.main.css
app/out/vs/workbench/workbench.desktop.main.js
.js
app/out/vs/workbench/workbench.desktop.main.nls.js
app/package.json
app/product.json
setup.exe
.exe windows x86

783daa55dd630463d067680f65acaae7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

GetFileSecurityA

ole32

CoInitialize

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: 2023

bf14f2469c40007af7c17ad4c7284314

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

fd:69:7a:e5:b9:77:06:99:2a:f6:6d:94:f2:f1:0a:9c:ab:60:1e:3e:04:a7:2b:32:2b:c0:1e:e5:2e:7e:7a:b2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: 2023

754a422689d1a47a62c7eb63b981b887

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ab:10:63:5c:90:23:f6:36:66:22:10:9b:8e:30:79:bc:82:c4:2a:9b:c6:36:d9:21:29:ff:0f:a2:29:00:ef:00Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 46KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: 2023

a46194295e6c3287394ffae96481fa5e

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ca:8a:22:a8:fd:1b:1b:a0:26:ae:50:11:14:ea:75:94:7e:40:5d:b1:d4:0c:2c:a0:de:51:81:83:ec:43:1f:fbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 78KB

.rdata Size: 51KB - Virtual size: 50KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 2KB

Password: 2023

3c6ee28f041c401dc3022a0abf1c30e8

Code Sign

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

fd:69:7a:e5:b9:77:06:99:2a:f6:6d:94:f2:f1:0a:9c:ab:60:1e:3e:04:a7:2b:32:2b:c0:1e:e5:2e:7e:7a:b2
Signer

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ab:10:63:5c:90:23:f6:36:66:22:10:9b:8e:30:79:bc:82:c4:2a:9b:c6:36:d9:21:29:ff:0f:a2:29:00:ef:00
Signer

.text
Size: 47KB - Virtual size: 46KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ca:8a:22:a8:fd:1b:1b:a0:26:ae:50:11:14:ea:75:94:7e:40:5d:b1:d4:0c:2c:a0:de:51:81:83:ec:43:1f:fb
Signer

.text
Size: 79KB - Virtual size: 78KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 2KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ec:75:02:4c:2b:0e:af:b8:0c:54:41:4e:e3:af:35:9d:aa:03:f2:51:ec:19:66:0e:a2:da:cc:f1:84:c3:b1:42
Signer

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

f0:84:84:12:ff:b4:e7:22:b6:c1:13:d4:35:3f:66:c7:f1:b2:52:bc:ef:7e:a9:47:f3:aa:b7:cc:1f:5b:53:22
Signer

.text
Size: 177KB - Virtual size: 176KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 4KB - Virtual size: 10KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

fd:6f:84:16:1c:6a:87:05:d7:5a:e0:b7:b1:72:5d:6b:b3:92:22:15:2b:12:ff:da:79:02:f5:b9:24:5a:a1:93
Signer

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate