GH_INJECTOR[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

GH_INJECTOR.rar
Size

10.3MB
MD5

5a73aac3e1ff46bb438ff4e2b3ce4e02
SHA1

d48c10b715d1be492230763f2537816982b6394e
SHA256

846f3999628486d8b92a0a3f7482647319c109aaafbcb2cd0eaddd90a2363ea8
SHA512

118bc43033035f9888ad8ff56f55feb6cdbb4428b3c06bc794a0cc838a8c219ab97d6125564e2312174453832138666be9a8e272310affc783b2128219d66705
SSDEEP

196608:NHam/BlnjOa2lLzAQoeD03hkCVSuXV59yKtxSFFOf411RIqz:gZawLzbY0ErwK/SbhFz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GH İNJECTOR/SUPORTE (1).dll

Files

GH_INJECTOR.rar
.rar
GH İNJECTOR/GH .NET Parser.exe
.exe windows x86

5f7bf97ec922bad10bc4de737ab257ee

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a3:c0:b3:56:d7:9b:93:8d:3f:18:eb:2e:c2:74:f2:4f:47:b9:5f:88
Signer

Actual PE Digest

a3:c0:b3:56:d7:9b:93:8d:3f:18:eb:2e:c2:74:f2:4f:47:b9:5f:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
_exit
exit
_initterm_e
_errno
_initterm
_get_initial_wide_environment
_c_exit
_configure_wide_argv
_controlfp_s
_set_app_type
_register_onexit_function
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
abort
_cexit
_initialize_wide_environment
terminate
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf_s
setvbuf
__stdio_common_vswprintf
__acrt_iob_func
fputwc
__p__commode
fputws
__stdio_common_vsnwprintf_s
_wfsopen
fflush
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper

api-ms-win-crt-convert-l1-1-0

wcstoul
_wtoi

api-ms-win-crt-locale-l1-1-0

__pctype_func
_unlock_locales
_lock_locales
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func
_configthreadlocale
setlocale
localeconv

api-ms-win-crt-math-l1-1-0

__setusermatherr
frexp

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector - x64.dll
.dll windows x64

02b4d3550379001560cf12ef55b9fc08

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:e4:22:ef:59:7e:2e:21:64:d3:13:12:8a:18:b2:0a:eb:58:64:82
Signer

Actual PE Digest

51:e4:22:ef:59:7e:2e:21:64:d3:13:12:8a:18:b2:0a:eb:58:64:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFullPathNameW
OpenProcess
GetHandleInformation
CloseHandle
QueryFullProcessImageNameW
DeleteFileW
GetTickCount64
ReadProcessMemory
GetCurrentProcess
DuplicateHandle
GetProcessId
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
VirtualProtectEx
Sleep
GetCurrentProcessId
CreateEventExW
CreateProcessW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
TerminateProcess
GetExitCodeProcess
WaitForMultipleObjects
CreateEventW
GetLastError
GetThreadId
Wow64GetThreadContext
TerminateThread
Wow64SetThreadContext
ResumeThread
GetExitCodeThread
GetThreadContext
SetThreadContext
LoadLibraryW
FreeLibrary
lstrcmpiW
IsWow64Process
OpenThread
GetCurrentThreadId
QueueUserAPC
VirtualAlloc
VirtualFree
CreateDirectoryW
GetFileAttributesExW
CopyFileW
CreateFileW
SuspendThread
GetFileAttributesW
GetModuleFileNameW
GetTempPathW
QueryPerformanceCounter
InitOnceComplete
InitializeSListHead
GetSystemTimeAsFileTime
ResetEvent
SetEvent
lstrlenW
GetTickCount
WaitForSingleObject
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitOnceBeginInitialize

user32

PostThreadMessageW

advapi32

CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken

ole32

StringFromGUID2

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?tellp@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Query_perf_counter
_Query_perf_frequency
_Cnd_timedwait
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Xtime_get_ticks
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Cnd_wait
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QEBA_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
_Thrd_sleep
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?in_avail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

dbghelp

SymCleanup
SymFromName
SymLoadModuleExW
SymInitializeW
SymUnloadModule64
SymSetOptions

shlwapi

PathIsRelativeW

urlmon

URLDownloadToCacheFileW

wininet

InternetCheckConnectionW

wtsapi32

WTSQueryUserToken

vcruntime140_1

__CxxFrameHandler4

vcruntime140

wcsrchr
__std_exception_copy
__std_exception_destroy
_purecall
__std_terminate
memset
_CxxThrowException
__std_type_info_destroy_list
memcpy
memmove
__C_specific_handler
memchr
memcmp

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_crt_atexit
_set_thread_local_invalid_parameter_handler
_execute_onexit_table
terminate
abort
_register_onexit_function
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_cexit

api-ms-win-crt-stdio-l1-1-0

fflush
__stdio_common_vsprintf_s
puts
fclose
_get_stream_buffer_pointers
__stdio_common_vfprintf
__acrt_iob_func
fread
fgetpos
fputwc
ungetwc
_fseeki64
fgetwc
fputc
setvbuf
fsetpos
fgetc
ungetc
fwrite

api-ms-win-crt-convert-l1-1-0

_ultow_s
atoi
wcstoll
wcstol

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wrename

api-ms-win-crt-string-l1-1-0

toupper
_wcsicmp

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc

api-ms-win-crt-time-l1-1-0

wcsftime
_localtime64_s
_time64

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-math-l1-1-0

_dsign
_ldsign
_fdclass
_fdsign
_dclass
_ldclass

Exports

Exports

DotNet_InjectA
DotNet_InjectW
DotNet_Inject_Internal
GetDownloadProgress
GetDownloadProgressEx
GetImportState
GetSymbolState
GetVersionA
GetVersionW
InjectA
InjectW
Inject_Internal
InterruptDownload
InterruptDownloadEx
InterruptInjection
InterruptInjectionEx
Memory_Inject
RestoreInjectionFunctions
SetRawPrintCallback
StartDownload
ValidateInjectionFunctions
g_LibraryState

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.inj_sec
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mmap_se
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.veh_sec
Size: 512B - Virtual size: 246B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

wow64_se
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector - x64.exe
.exe windows x64

26dbbe2ede9b2484c6d9bc16ad4153ba

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

65:10:ee:71:0c:e5:af:6b:98:c0:51:5f:56:87:e0:30:d8:b6:59:72
Signer

Actual PE Digest

65:10:ee:71:0c:e5:af:6b:98:c0:51:5f:56:87:e0:30:d8:b6:59:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVolumePathNamesForVolumeNameW
DeviceIoControl
SystemTimeToFileTime
FindFirstFileW
GetModuleFileNameW
QueryPerformanceCounter
QueryPerformanceFrequency
FindClose
GetFullPathNameW
GetFileInformationByHandle
GetFileInformationByHandleEx
SetFileTime
SetErrorMode
GetLogicalDrives
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
TzSpecificLocalTimeToSystemTime
GetFileAttributesExW
ResetEvent
GetUserPreferredUILanguages
GetTimeFormatW
GetDateFormatW
GetCurrencyFormatW
GetUserDefaultLCID
TerminateThread
ResumeThread
SetThreadPriority
GetThreadPriority
lstrcmpiW
Sleep
MoveFileW
GetTickCount64
CreateProcessW
GetCurrentDirectoryW
GetSystemInfo
WaitForMultipleObjects
CreateThread
GetCurrentThread
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetSystemDirectoryW
WaitForSingleObjectEx
IsProcessorFeaturePresent
OutputDebugStringW
GetSystemTime
GetLocalTime
CompareStringEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
UnmapViewOfFile
WriteFile
ReadFile
GetUserDefaultLangID
GlobalSize
ExpandEnvironmentStringsW
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoW
LoadLibraryA
CheckRemoteDebuggerPresent
WTSGetActiveConsoleSessionId
LocalFree
FormatMessageW
GetCurrentThreadId
lstrcmpW
CopyFileW
MoveFileExW
FileTimeToSystemTime
FlushFileBuffers
SetFilePointerEx
GetFileType
SetEndOfFile
RegisterWaitForSingleObject
UnregisterWaitEx
CompareStringW
MultiByteToWideChar
FindFirstChangeNotificationW
AllocConsole
CreateFileW
GetFinalPathNameByHandleW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
GetModuleHandleExW
GetTimeZoneInformation
GetUserGeoID
GetGeoInfoW
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSectionAndSpinCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
LoadLibraryW
FreeLibrary
ProcessIdToSessionId
TerminateProcess
CreateNamedPipeW
PeekNamedPipe
DisconnectNamedPipe
lstrlenA
CreateEventW
SetEvent
DeleteFileW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
GetProcAddress
GetModuleHandleW
IsWow64Process
OpenProcess
GetExitCodeProcess
GetCurrentProcessId
GetFileAttributesW
GetLastError
GetCurrentProcess
WaitForSingleObject
DuplicateHandle
CloseHandle
ConnectNamedPipe

user32

GetKeyboardLayout
IsWindowEnabled
DestroyCaret
ShowCaret
RegisterWindowMessageW
FindWindowA
SetClipboardViewer
IsHungAppWindow
ChangeClipboardChain
GetFocus
ChildWindowFromPointEx
WindowFromPoint
GetClassInfoW
GetWindowLongPtrW
GetKeyboardLayoutList
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetSysColorBrush
GetCursorPos
GetWindowLongW
GetWindowThreadProcessId
GetSystemMenu
AdjustWindowRectEx
IsTouchWindow
PostMessageW
MonitorFromPoint
GetWindow
GetWindowRect
GetMenu
IsWindowVisible
SetWindowRgn
ScreenToClient
SendMessageW
SetWindowTextW
GetWindowPlacement
DestroyCursor
ShowWindow
GetCapture
RegisterTouchWindow
ClientToScreen
IsChild
SetWindowPlacement
AttachThreadInput
GetForegroundWindow
MoveWindow
UnregisterTouchWindow
SetLayeredWindowAttributes
SetFocus
GetUpdateRect
SetParent
SetCapture
SetCursor
FlashWindowEx
SetWindowLongW
GetClientRect
UpdateLayeredWindow
EnableMenuItem
GetParent
ReleaseCapture
SetForegroundWindow
InvalidateRect
GetAncestor
IsIconic
BeginPaint
EndPaint
MessageBeep
HideCaret
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
ToAscii
IsZoomed
TrackPopupMenuEx
ToUnicode
PeekMessageW
SetMenuItemInfoW
GetKeyboardState
MapVirtualKeyW
GetKeyState
CreateMenu
AppendMenuW
RemoveMenu
InsertMenuW
DrawMenuBar
DestroyMenu
SetMenu
TrackPopupMenu
CreatePopupMenu
ModifyMenuW
GetMenuItemInfoW
RegisterClipboardFormatW
EnumDisplayDevicesW
RegisterClassW
GetClipboardFormatNameW
SetCursorPos
CreateCursor
CreateIconIndirect
GetCursorInfo
GetCursor
GetIconInfo
TrackMouseEvent
GetAsyncKeyState
GetMessageExtraInfo
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
KillTimer
GetQueueStatus
SetTimer
CallNextHookEx
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
CharNextExA
UnregisterDeviceNotification
RegisterDeviceNotificationW
ReleaseDC
GetDC
CloseWindow
DestroyWindow
CreateWindowExW
SetWindowLongPtrW
LoadCursorW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
DefWindowProcW
DestroyIcon
LoadIconW
LoadImageW
DrawIconEx
ChangeWindowMessageFilterEx
MessageBoxW
SetProcessDPIAware
MessageBoxA
SetWindowPos
SystemParametersInfoW
CreateCaret
GetSystemMetrics
GetDesktopWindow
GetSysColor
UpdateLayeredWindowIndirect
GetCaretBlinkTime
GetDoubleClickTime
SetCaretPos
IsWindow

advapi32

RegFlushKey
RegCreateKeyExW
GetEffectiveRightsFromAclW
AccessCheck
MapGenericMask
LookupAccountSidW
GetNamedSecurityInfoW
AllocateAndInitializeSid
DuplicateToken
BuildTrusteeWithSidW
CopySid
GetLengthSid
FreeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
SystemFunction036
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetMalloc
SHGetPathFromIDListW
ord6
DragQueryFileW
ShellExecuteW
Shell_NotifyIconW
SHCreateItemFromIDList
SHGetKnownFolderIDList
SHBrowseForFolderW
SHCreateItemFromParsingName
SHGetFileInfoW
SHGetStockIconInfo
Shell_NotifyIconGetRect
ord727

ole32

RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleUninitialize
CoCreateInstance
CoUninitialize
OleSetClipboard
OleIsCurrentClipboard
OleGetClipboard
OleFlushClipboard
CoInitializeEx
DoDragDrop
ReleaseStgMedium
CoTaskMemFree
CoGetMalloc
CoCreateGuid
StringFromGUID2
OleInitialize
CoInitialize

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetThemePartSize
GetThemeEnumValue
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeBool
ord47
GetThemeColor
IsThemeBackgroundPartiallyTransparent
OpenThemeData
IsAppThemed
SetWindowTheme
GetThemeBackgroundRegion
GetCurrentThemeName
IsThemeActive
GetThemeMargins
GetThemeInt
CloseThemeData

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmGetWindowAttribute

imm32

ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext
ImmGetOpenStatus
ImmSetCandidateWindow
ImmAssociateContextEx
ImmNotifyIME

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetShareEnum
NetApiBufferFree

ws2_32

WSAAsyncSelect

winmm

timeKillEvent
timeSetEvent
PlaySoundW

msvcp140

?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?__ExceptionPtrRethrow@@YAXPEBX@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_unregister_at_thread_exit
_Cnd_register_at_thread_exit
_Cnd_broadcast
_Cnd_timedwait
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Mtx_current_owns

msvcp140_1

_Aligned_get_default_resource

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wininet

InternetCheckConnectionW

vcruntime140

__C_specific_handler
__current_exception_context
__current_exception
memchr
strrchr
strchr
longjmp
strstr
memcmp
wcsrchr
_purecall
__RTDynamicCast
memset
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__intrinsic_setjmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
strerror
_set_thread_local_invalid_parameter_handler
_configure_wide_argv
_crt_atexit
__p___argc
_register_onexit_function
__p___argv
_initialize_onexit_table
abort
terminate
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
_seh_filter_exe
_exit
_wsystem
exit
_initterm_e
_set_app_type
_cexit
_initterm
_endthreadex
_initialize_wide_environment
_get_initial_wide_environment

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__acrt_iob_func
_close
feof
_read
fgets
_write
__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vsprintf
__stdio_common_vsscanf
_get_stream_buffer_pointers
freopen_s
_get_osfhandle
_fileno
_open_osfhandle
_set_fmode
fclose
_lseeki64
ungetwc
fputwc
fgetwc
_ftelli64
__p__commode
fflush
fgetc
fgetpos
fputc
fread
ungetc
setvbuf
fwrite
_fseeki64
fsetpos

api-ms-win-crt-string-l1-1-0

toupper
isdigit
strcpy
strncpy
towlower
strcmp
strlen
strncmp
wcscmp
isxdigit
strcpy_s
isspace
wcsncmp

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
malloc
_callnewh
realloc

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wchmod
_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

pow
_fdsign
hypot
tan
sqrt
_ldsign
round
_dclass
ceil
fabs
cos
floor
log
atan2
exp
log10
floorf
ceilf
sinf
sin
lround
atan
_ldclass
_fdclass
_dsign
asin
trunc
acos
_dtest
__setusermatherr
acosf

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale
localeconv

api-ms-win-crt-convert-l1-1-0

wcstoul
atoi

api-ms-win-crt-utility-l1-1-0

rand_s
bsearch
_rotl
rand
_byteswap_uint64
abs
_byteswap_ulong
srand
qsort
_byteswap_ushort
_rotl64

api-ms-win-crt-environment-l1-1-0

getenv
_wgetenv_s
getenv_s

api-ms-win-crt-time-l1-1-0

_get_timezone
_get_tzname
_localtime64_s
_mktime64
_tzset

gdi32

ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetTextFaceW
GetStockObject
RemoveFontResourceExW
AddFontResourceExW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
EnumFontFamiliesExW
GetFontData
CreateFontIndirectW
GetBitmapBits
GetObjectW
CreateCompatibleBitmap
CreateDCW
CreateBitmap
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
SetPixelFormat
GetDeviceCaps
GetDIBits
SetLayout
OffsetRgn
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GdiFlush
CreateRectRgn
DeleteDC
GetRegionData
SelectClipRgn
DeleteObject
CombineRgn

oleaut32

SafeArrayCreateVector
SysFreeString
SysAllocString
SafeArrayPutElement

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector - x86.dll
.dll windows x86

ad28c6ec29b7b6b2b193c2fcdcd86f98

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ed:4d:cd:23:3d:fc:56:30:6e:1f:29:f1:85:70:da:22:b6:61:4a:4c
Signer

Actual PE Digest

ed:4d:cd:23:3d:fc:56:30:6e:1f:29:f1:85:70:da:22:b6:61:4a:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
OpenProcess
GetHandleInformation
CloseHandle
QueryFullProcessImageNameW
DeleteFileW
GetTickCount64
ReadProcessMemory
GetCurrentProcess
DuplicateHandle
GetProcessId
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
VirtualProtectEx
Sleep
GetCurrentProcessId
GetModuleHandleW
GetProcAddress
LoadLibraryExW
CreateProcessW
WaitForMultipleObjects
TerminateProcess
GetExitCodeProcess
CreateEventW
GetTickCount
GetLastError
GetThreadContext
TerminateThread
SetThreadContext
ResumeThread
GetExitCodeThread
LoadLibraryW
FreeLibrary
lstrcmpiW
IsWow64Process
OpenThread
GetCurrentThreadId
QueueUserAPC
VirtualAlloc
VirtualFree
CreateDirectoryW
GetFileAttributesExW
CopyFileW
CreateFileW
SuspendThread
GetFileAttributesW
GetModuleFileNameW
GetTempPathW
QueryPerformanceCounter
InitOnceComplete
InitializeSListHead
GetSystemTimeAsFileTime
ResetEvent
SetEvent
lstrlenW
GetThreadId
WaitForSingleObject
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
InitOnceBeginInitialize

user32

PostThreadMessageW

advapi32

CreateProcessAsUserW
GetTokenInformation
DuplicateTokenEx
OpenProcessToken

ole32

StringFromGUID2

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exceptions@std@@YAHXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXPA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?tellp@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Syserror_map@std@@YAPBDH@Z
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Query_perf_counter
_Query_perf_frequency
_Cnd_timedwait
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_current_owns
_Xtime_get_ticks
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_Cnd_wait
_Mtx_destroy_in_situ
_Cnd_destroy_in_situ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
??0task_continuation_context@Concurrency@@AAE@XZ
_Mtx_init_in_situ
_Cnd_init_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?widen@?$ctype@_W@std@@QBE_WD@Z
_Thrd_sleep
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Getlconv@_Locinfo@std@@QBEPBUlconv@@XZ
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?in_avail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?good@ios_base@std@@QBE_NXZ
?_Xlength_error@std@@YAXPBD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ

dbghelp

SymUnloadModule64
SymSetOptions
SymFromName
SymInitializeW
SymLoadModuleExW
SymCleanup

shlwapi

PathIsRelativeW

urlmon

URLDownloadToCacheFileW

wininet

InternetCheckConnectionW

wtsapi32

WTSQueryUserToken

vcruntime140

memmove
__CxxFrameHandler3
__std_terminate
wcsrchr
__std_exception_copy
__std_exception_destroy
_purecall
memset
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
memcpy

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_set_thread_local_invalid_parameter_handler
abort
_errno
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate

api-ms-win-crt-stdio-l1-1-0

ungetwc
__stdio_common_vsprintf_s
fputwc
_get_stream_buffer_pointers
fgetwc
__acrt_iob_func
ungetc
fgetc
__stdio_common_vfprintf
fflush
fclose
fputc
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
puts

api-ms-win-crt-convert-l1-1-0

wcstol
wcstoll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_wrename

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_callnewh

api-ms-win-crt-time-l1-1-0

wcsftime
_localtime64_s
_time64

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-string-l1-1-0

toupper

api-ms-win-crt-math-l1-1-0

_dclass
_fdclass
_fdsign
_dsign
_ldclass
_ldsign

Exports

Exports

DotNet_InjectA
DotNet_InjectW
DotNet_Inject_Internal
GetDownloadProgress
GetDownloadProgressEx
GetImportState
GetSymbolState
GetVersionA
GetVersionW
InjectA
InjectW
Inject_Internal
InterruptDownload
InterruptDownloadEx
InterruptInjection
InterruptInjectionEx
Memory_Inject
RestoreInjectionFunctions
SetRawPrintCallback
StartDownload
ValidateInjectionFunctions
g_LibraryState

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.inj_sec
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mmap_se
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.veh_sec
Size: 1024B - Virtual size: 778B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector - x86.exe
.exe windows x86

2cf5601062d8afd7989d4ab19d8d52b0

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f0:56:1f:3e:f8:4a:82:5d:3a:63:64:d4:1c:89:0c:0b:d3:91:9a:1e
Signer

Actual PE Digest

f0:56:1f:3e:f8:4a:82:5d:3a:63:64:d4:1c:89:0c:0b:d3:91:9a:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TzSpecificLocalTimeToSystemTime
GetModuleFileNameW
SystemTimeToFileTime
QueryPerformanceFrequency
GetFileAttributesExW
ResetEvent
GetUserPreferredUILanguages
DeviceIoControl
GetVolumePathNamesForVolumeNameW
FindFirstFileW
FindClose
GetFullPathNameW
GetFileInformationByHandle
GetFileInformationByHandleEx
SetFileTime
SetErrorMode
GetLogicalDrives
QueryPerformanceCounter
CreateDirectoryW
GetTimeFormatW
GetDateFormatW
GetCurrencyFormatW
GetUserDefaultLCID
TerminateThread
ResumeThread
SetThreadPriority
GetThreadPriority
GetSystemInfo
WaitForMultipleObjects
lstrcmpiW
Sleep
MoveFileW
GetTickCount64
RemoveDirectoryW
CreateEventW
SetEvent
GetCurrentThread
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetSystemDirectoryW
WaitForSingleObjectEx
IsProcessorFeaturePresent
OutputDebugStringW
GetSystemTime
GetLocalTime
CompareStringEx
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetConsoleWindow
GetDriveTypeW
GetLongPathNameW
GetVolumeInformationW
MapViewOfFile
CreateFileMappingW
WideCharToMultiByte
UnmapViewOfFile
WriteFile
ReadFile
GetUserDefaultLangID
GlobalSize
ExpandEnvironmentStringsW
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocaleInfoW
LoadLibraryA
CheckRemoteDebuggerPresent
WTSGetActiveConsoleSessionId
LocalFree
FormatMessageW
GetCurrentThreadId
lstrcmpW
GetTempPathW
GetCurrentDirectoryW
CopyFileW
MoveFileExW
FileTimeToSystemTime
FlushFileBuffers
SetFilePointerEx
GetFileType
SetEndOfFile
RegisterWaitForSingleObject
UnregisterWaitEx
CompareStringW
AllocConsole
CreateFileW
GetFinalPathNameByHandleW
MultiByteToWideChar
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstFileExW
FindNextFileW
GetModuleHandleExW
GetTimeZoneInformation
GetUserGeoID
GetGeoInfoW
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
LoadLibraryW
FreeLibrary
ProcessIdToSessionId
TerminateProcess
CreateNamedPipeW
PeekNamedPipe
DisconnectNamedPipe
CreateProcessW
ConnectNamedPipe
DeleteFileW
lstrlenA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
GetProcAddress
GetModuleHandleW
IsWow64Process
OpenProcess
GetExitCodeProcess
GetCurrentProcessId
GetFileAttributesW
GetLastError
GetCurrentProcess
WaitForSingleObject
DuplicateHandle
CloseHandle
CreateThread

user32

GetMonitorInfoW
HideCaret
SetCaretPos
CreateCaret
GetKeyboardLayout
IsWindowEnabled
DestroyCaret
ShowCaret
UnregisterClassW
RegisterWindowMessageW
FindWindowA
SetClipboardViewer
IsHungAppWindow
ChangeClipboardChain
GetFocus
ChildWindowFromPointEx
WindowFromPoint
GetClassInfoW
GetKeyboardLayoutList
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
GetSysColorBrush
GetCursorPos
GetWindowThreadProcessId
GetSystemMenu
AdjustWindowRectEx
IsTouchWindow
PostMessageW
MonitorFromPoint
GetWindow
GetWindowRect
GetMenu
IsWindowVisible
SetWindowRgn
ScreenToClient
SendMessageW
SetWindowTextW
GetWindowPlacement
DestroyCursor
ShowWindow
GetCapture
RegisterTouchWindow
ClientToScreen
IsChild
SetWindowPlacement
AttachThreadInput
GetForegroundWindow
MoveWindow
UnregisterTouchWindow
SetLayeredWindowAttributes
SetFocus
GetUpdateRect
SetParent
SetCapture
SetCursor
FlashWindowEx
GetClientRect
UpdateLayeredWindow
EnableMenuItem
CreatePopupMenu
ModifyMenuW
MonitorFromWindow
RegisterClipboardFormatW
EnumDisplayDevicesW
RegisterClassW
GetClipboardFormatNameW
SetCursorPos
CreateCursor
CreateIconIndirect
GetCursorInfo
GetCursor
GetIconInfo
TrackMouseEvent
GetAsyncKeyState
GetMessageExtraInfo
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
KillTimer
GetQueueStatus
SetTimer
CallNextHookEx
SetWindowsHookExW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
UnhookWindowsHookEx
CharNextExA
UnregisterDeviceNotification
RegisterDeviceNotificationW
DefWindowProcW
DestroyIcon
MessageBoxA
SetWindowPos
SystemParametersInfoW
GetSystemMetrics
GetDesktopWindow
GetSysColor
UpdateLayeredWindowIndirect
GetCaretBlinkTime
GetDoubleClickTime
IsWindow
MessageBeep
TrackPopupMenu
IsZoomed
TrackPopupMenuEx
EndPaint
BeginPaint
IsIconic
ToUnicode
PeekMessageW
SetMenuItemInfoW
GetKeyboardState
RegisterClassExW
GetClassInfoExW
MapVirtualKeyW
GetKeyState
CreateMenu
AppendMenuW
RemoveMenu
CreateWindowExW
DestroyWindow
CloseWindow
GetDC
ReleaseDC
GetWindowLongW
SetWindowLongW
LoadCursorW
LoadIconW
LoadImageW
DrawIconEx
ChangeWindowMessageFilterEx
MessageBoxW
SetProcessDPIAware
InsertMenuW
DrawMenuBar
DestroyMenu
EnumDisplayMonitors
GetMenuItemInfoW
SetMenu
GetAncestor
InvalidateRect
SetForegroundWindow
ReleaseCapture
ToAscii
GetParent

advapi32

RegCloseKey
RegCreateKeyExW
GetEffectiveRightsFromAclW
AccessCheck
MapGenericMask
LookupAccountSidW
GetNamedSecurityInfoW
AllocateAndInitializeSid
DuplicateToken
BuildTrusteeWithSidW
CopySid
GetLengthSid
FreeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
SystemFunction036
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegFlushKey
RegQueryInfoKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteW
DragQueryFileW
ord6
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromIDList
SHGetPathFromIDListW
SHGetKnownFolderIDList
SHBrowseForFolderW
SHCreateItemFromParsingName
SHGetMalloc
SHGetStockIconInfo
SHGetFileInfoW
ord727

ole32

CoCreateInstance
CoUninitialize
CoLockObjectExternal
RevokeDragDrop
OleUninitialize
OleInitialize
OleSetClipboard
OleIsCurrentClipboard
OleGetClipboard
OleFlushClipboard
CoInitializeEx
DoDragDrop
ReleaseStgMedium
CoTaskMemFree
CoGetMalloc
CoCreateGuid
StringFromGUID2
RegisterDragDrop
CoInitialize

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetThemeColor
GetThemePartSize
GetThemeEnumValue
GetThemeTransitionDuration
GetThemePropertyOrigin
GetThemeBool
OpenThemeData
CloseThemeData
IsThemeBackgroundPartiallyTransparent
IsAppThemed
SetWindowTheme
GetThemeBackgroundRegion
GetCurrentThemeName
IsThemeActive
GetThemeMargins
GetThemeInt
ord47

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmGetWindowAttribute

imm32

ImmGetVirtualKey
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow
ImmGetCompositionStringW
ImmAssociateContext
ImmGetOpenStatus
ImmSetCandidateWindow
ImmAssociateContextEx
ImmNotifyIME

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetShareEnum
NetApiBufferFree

ws2_32

WSAAsyncSelect

winmm

timeKillEvent
timeSetEvent
PlaySoundW

msvcp140

?__ExceptionPtrCurrentException@@YAXPAX@Z
?classic@locale@std@@SAABV12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Xlength_error@std@@YAXPBD@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
_Thrd_sleep
?_Xbad_function_call@std@@YAXXZ
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
??0task_continuation_context@Concurrency@@AAE@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_unregister_at_thread_exit
_Cnd_register_at_thread_exit
_Cnd_broadcast
_Cnd_timedwait
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_current_owns
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?__ExceptionPtrRethrow@@YAXPBX@Z

msvcp140_1

_Aligned_get_default_resource

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wininet

InternetCheckConnectionW

vcruntime140

_setjmp3
_except_handler4_common
__current_exception_context
__current_exception
memchr
strrchr
strchr
longjmp
strstr
wcsrchr
memcmp
_purecall
__RTDynamicCast
memset
memmove
memcpy
__CxxFrameHandler3
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_register_onexit_function
strerror
_initialize_onexit_table
abort
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_c_exit
_invalid_parameter_noinfo_noreturn
__p___wargv
_errno
_set_thread_local_invalid_parameter_handler
terminate
_exit
_crt_atexit
_initterm_e
_cexit
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_seh_filter_exe
_wsystem
exit
_configure_wide_argv
_endthreadex
_set_app_type

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
fflush
_close
feof
_read
_write
_get_osfhandle
_fileno
fgetc
fgetpos
fputc
fread
__stdio_common_vsprintf
freopen_s
_open_osfhandle
__stdio_common_vsscanf
fgets
__stdio_common_vsprintf_s
__stdio_common_vfprintf
_set_fmode
ungetwc
fputwc
fgetwc
__acrt_iob_func
_lseeki64
_ftelli64
__p__commode
fsetpos
fclose
ungetc
setvbuf
fwrite
_fseeki64

api-ms-win-crt-string-l1-1-0

toupper
strcmp
strlen
wcscmp
wcsncmp
strncmp
strcpy
towlower
strncpy
isspace
isdigit
isxdigit
strcpy_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
malloc
realloc
free
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wchmod
_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

tan
round
lround
pow
__setusermatherr
_fdsign
hypot
_ldclass
ceil
_fdclass
fabs
floor
log
atan2
exp
log10
trunc
acos
_dclass
_dtest
asin
cos
sin
_dsign
atan
_ldsign
sqrt

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale
setlocale

api-ms-win-crt-convert-l1-1-0

atoi
wcstoul

api-ms-win-crt-utility-l1-1-0

_rotl
qsort
srand
abs
_byteswap_ulong
rand_s
bsearch
_byteswap_ushort
_byteswap_uint64
rand

api-ms-win-crt-environment-l1-1-0

_wgetenv_s
getenv_s
getenv

api-ms-win-crt-time-l1-1-0

_localtime64_s
_get_tzname
_get_timezone
_mktime64
_tzset

gdi32

ExtTextOutW
SetTextAlign
SetBkMode
SetTextColor
GetCharABCWidthsW
GetCharABCWidthsI
GetCharABCWidthsFloatW
GetGlyphOutlineW
SetWorldTransform
SetGraphicsMode
GetTextExtentPoint32W
GetOutlineTextMetricsW
GetTextFaceW
GetStockObject
RemoveFontResourceExW
AddFontResourceExW
GetTextMetricsW
RemoveFontMemResourceEx
AddFontMemResourceEx
EnumFontFamiliesExW
GetFontData
CreateFontIndirectW
GetBitmapBits
GetObjectW
CreateCompatibleBitmap
CreateDCW
CreateBitmap
DescribePixelFormat
ChoosePixelFormat
SwapBuffers
GetPixelFormat
SetPixelFormat
GetDeviceCaps
GetDIBits
SetLayout
OffsetRgn
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GdiFlush
CreateRectRgn
DeleteDC
GetRegionData
SelectClipRgn
DeleteObject
CombineRgn

oleaut32

SafeArrayPutElement
SafeArrayCreateVector
SysFreeString
SysAllocString

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 299KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector DNP - x64.dll
.dll windows x64

c5bd654a30aa4e93caaa7c63625d1bc4

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

de:b0:77:ee:92:81:14:f3:fe:23:1c:84:ea:64:fa:a0:d5:cc:f9:fe
Signer

Actual PE Digest

de:b0:77:ee:92:81:14:f3:fe:23:1c:84:ea:64:fa:a0:d5:cc:f9:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameW
GetLastError
DeleteFileW
GetCurrentProcess
VirtualQuery
K32GetMappedFileNameW
AllocConsole
CreateThread
GetExitCodeThread
TerminateThread
CloseHandle
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

msvcp140

?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ

mscoree

CLRCreateInstance

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memset
memcpy
__std_terminate
__std_exception_copy
__std_exception_destroy
__C_specific_handler
_CxxThrowException
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

ungetc
freopen_s
fflush
setvbuf
__acrt_iob_func
fclose
fwrite
fputwc
ungetwc
__stdio_common_vfprintf
fgetc
fgetwc
fgetpos
_fseeki64
fsetpos

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

towlower

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector DNP - x86.dll
.dll windows x86

f0660d1d18c9484fd4eae368608fbd16

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b5:a2:bf:4e:d2:1c:47:f5:ef:ee:8f:06:ea:41:25:76:55:21:4f:1b
Signer

Actual PE Digest

b5:a2:bf:4e:d2:1c:47:f5:ef:ee:8f:06:ea:41:25:76:55:21:4f:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
DeleteFileW
GetCurrentProcess
VirtualQuery
K32GetMappedFileNameW
AllocConsole
CreateThread
GetExitCodeThread
TerminateThread
CloseHandle
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

msvcp140

??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Xout_of_range@std@@YAXPBD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A

mscoree

CLRCreateInstance

vcruntime140

memcpy
_except_handler4_common
__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
memset
memmove

api-ms-win-crt-stdio-l1-1-0

fputwc
__acrt_iob_func
freopen_s
ungetc
fclose
__stdio_common_vfprintf
fgetc
fgetwc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fwrite
ungetwc

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

towlower

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector SM - x64.exe
.exe windows x64

6eb757006a58677354186ba01d2bb7f5

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:1e:f2:1d:97:ad:42:62:c9:5d:7e:55:04:40:70:e4:c6:07:70:0c
Signer

Actual PE Digest

3b:1e:f2:1d:97:ad:42:62:c9:5d:7e:55:04:40:70:e4:c6:07:70:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleW
GetModuleFileNameW
GetLastError
DeleteFileW
LoadLibraryW
Sleep
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

user32

GetWindowThreadProcessId
IsWindowVisible
GetWindowTextW
EnumWindows
SendMessageW
GetClassNameW
SetWindowsHookExW
SetForegroundWindow
UnhookWindowsHookEx

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Xout_of_range@std@@YAXPEBD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Xlength_error@std@@YAXPEBD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__std_terminate
__std_exception_copy
memchr
memset
__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
__std_exception_destroy
memmove

api-ms-win-crt-runtime-l1-1-0

_c_exit
_set_app_type
_cexit
__p___wargv
_exit
_seh_filter_exe
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_invalid_parameter_noinfo_noreturn
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
__p___argc
_configure_wide_argv
_register_thread_local_exe_atexit_callback

api-ms-win-crt-convert-l1-1-0

strtoll
strtol

api-ms-win-crt-stdio-l1-1-0

ungetc
fgetc
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fclose
fputc
__p__commode
_set_fmode
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector SM - x86.exe
.exe windows x86

ef92a1ddb518489c468fa9326dc13d52

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

80:15:1d:0c:0d:37:5e:43:05:b3:ff:24:8a:b5:38:72:f7:f6:9c:1f
Signer

Actual PE Digest

80:15:1d:0c:0d:37:5e:43:05:b3:ff:24:8a:b5:38:72:f7:f6:9c:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
GetModuleFileNameW
GetLastError
DeleteFileW
LoadLibraryW
SignalObjectAndWait
CloseHandle
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter

user32

GetWindowThreadProcessId
IsWindowVisible
GetWindowTextW
EnumWindows
SendMessageW
GetClassNameW
SetWindowsHookExW
SetForegroundWindow
UnhookWindowsHookEx

msvcp140

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Xout_of_range@std@@YAXPBD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

vcruntime140

memchr
memcpy
_except_handler4_common
memset
__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__CxxFrameHandler3
memmove

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
__p___argc
__p___wargv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_exit
_get_initial_wide_environment
exit
_configure_wide_argv
_register_onexit_function
_crt_atexit
_controlfp_s
terminate
_initterm_e
_initialize_wide_environment
_initterm
_set_app_type
_seh_filter_exe
_initialize_onexit_table

api-ms-win-crt-convert-l1-1-0

wcstol
strtol

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputc
ungetc
fgetc
fread
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fclose
_set_fmode
_get_stream_buffer_pointers

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH Injector.exe
.exe windows x86

c760e1a5ad91758d43a98d62ed6cd6a6

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

Issuer

CN=Guided Hacking

Not Before

23/02/2023, 15:16

Not After

31/12/2039, 23:59

Subject

CN=Guided Hacking

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

72:f6:26:f6:ba:75:8f:87:d2:89:7d:f8:df:81:76:12:d6:e2:2b:b2
Signer

Actual PE Digest

72:f6:26:f6:ba:75:8f:87:d2:89:7d:f8:df:81:76:12:d6:e2:2b:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFullPathNameW
GetCurrentProcess
GetFileAttributesW
Sleep
GetLastError
DeleteFileW
CloseHandle
CreateProcessW
IsWow64Process
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleHandleW

user32

MessageBoxA

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

memcpy
__std_exception_destroy
__CxxFrameHandler3
_except_handler4_common
memset
__current_exception
__std_exception_copy
__current_exception_context
_CxxThrowException
memmove

api-ms-win-crt-convert-l1-1-0

_ultoa_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
__p___argv
terminate
_initterm_e
_invalid_parameter_noinfo_noreturn
_c_exit
__p___argc
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_exit
_controlfp_s
exit

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_set_new_mode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/GH_Inj_Log.txt
GH İNJECTOR/SUPORTE (1).dll
.dll windows x86

5da6b031617f6ee9d662f24bc6d4c6f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsBadReadPtr
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
FreeLibrary
QueryPerformanceCounter
HeapReAlloc
HeapSize
CreateFileW
SetStdHandle
DecodePointer
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
CreateThread
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileSizeEx
GetConsoleOutputCP
WriteFile
FlushFileBuffers
LCMapStringW
K32GetModuleInformation
Sleep
GetModuleHandleA
TerminateProcess
HeapFree
HeapAlloc
ReadConsoleW
GetConsoleMode
SetFilePointerEx
WriteConsoleW
GetModuleFileNameW
GetFileType
GetStdHandle
VirtualProtect
ReadProcessMemory
GetACP
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ReadFile
SetEndOfFile

user32

CallWindowProcA
GetAsyncKeyState
FindWindowA
SetWindowLongW
SetForegroundWindow
MessageBeep
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData

shell32

ShellExecuteA

d3dx9_42

D3DXMatrixInverse

imm32

ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

Sections

.text
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 445KB - Virtual size: 445KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GH İNJECTOR/Settings.ini
GH İNJECTOR/x64/ntdll.pdb
GH İNJECTOR/x86/wntdll.pdb

Sharing

General

Malware Config

Signatures

Files

5f7bf97ec922bad10bc4de737ab257ee

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

a3:c0:b3:56:d7:9b:93:8d:3f:18:eb:2e:c2:74:f2:4f:47:b9:5f:88Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

02b4d3550379001560cf12ef55b9fc08

Code Sign

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

51:e4:22:ef:59:7e:2e:21:64:d3:13:12:8a:18:b2:0a:eb:58:64:82Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcp140

dbghelp

shlwapi

urlmon

wininet

wtsapi32

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

a3:c0:b3:56:d7:9b:93:8d:3f:18:eb:2e:c2:74:f2:4f:47:b9:5f:88
Signer

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

51:e4:22:ef:59:7e:2e:21:64:d3:13:12:8a:18:b2:0a:eb:58:64:82
Signer

.text
Size: 264KB - Virtual size: 263KB

.inj_sec
Size: 2KB - Virtual size: 1KB

.mmap_se
Size: 9KB - Virtual size: 9KB

.veh_sec
Size: 512B - Virtual size: 246B

.rdata
Size: 207KB - Virtual size: 207KB

.data
Size: 10KB - Virtual size: 13KB

.pdata
Size: 9KB - Virtual size: 8KB

wow64_se
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 800B

0b:65:73:03:45:57:a5:a4:46:d7:bd:8c:53:b6:d5:68
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

65:10:ee:71:0c:e5:af:6b:98:c0:51:5f:56:87:e0:30:d8:b6:59:72
Signer

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 100KB - Virtual size: 166KB

.pdata
Size: 229KB - Virtual size: 228KB

.qtmetad
Size: 1KB - Virtual size: 1KB

.qtmimed
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 23KB - Virtual size: 23KB

.reloc
Size: 47KB - Virtual size: 46KB