DISCORD TOOL[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

DISCORD TOOL.rar
Size

23.9MB
MD5

1ee2e53a3b69461745b704f428f74c88
SHA1

6c03b5337cdb4c648cf4956810e14f0c96f4f9d5
SHA256

c7f83b92fe483c090b7705bcd4db8670bf8ad57da824a90a96e5c16d295ef37b
SHA512

ef9c39c6f0ab48d3297edebad9994307553c68b74a52ff1fd2cb3944f2bfeb5b4c8c2b97a831106c4953a353e65006c8182c2e599e3493deb96888766a670151
SSDEEP

393216:ZEFWIk9f7VtrPSnuzBMXY8QCfxs4k/QakPhjICIpr0frgb8gpmDlx1kyKB:KWl9f3Gn6FOe4k/1kiCGrMI8ymDdnKB

Score

3^/10

pyinstaller

Malware Config

Signatures

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/DISCORD TOOL/boost.exe	pyinstaller

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DISCORD TOOL/Discord.dll
unpack001/DISCORD TOOL/boost.exe

Files

DISCORD TOOL.rar
.rar
DISCORD TOOL/Data/api-ms-win-core-debug-l1-1-0.dll
.dll windows x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:fd:8f:76:f9:3e:00:28:6f:24:e2:b0:aa:29:1f:a7:f9:9c:ed:f6:fa:81:44:34:38:e3:4c:18:d1:0e:a3:72
Signer

Actual PE Digest

17:fd:8f:76:f9:3e:00:28:6f:24:e2:b0:aa:29:1f:a7:f9:9c:ed:f6:fa:81:44:34:38:e3:4c:18:d1:0e:a3:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

Sections

.rdata
Size: 4KB - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DISCORD TOOL/Data/api-ms-win-core-errorhandling-l1-1-0.dll
.dll windows x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:36:15:f9:31:6d:da:b6:3a:b1:89:e2:8f:aa:cb:c9:fa:e2:23:60:8c:56:e5:07:66:b1:63:a3:79:e9:21:dd
Signer

Actual PE Digest

1f:36:15:f9:31:6d:da:b6:3a:b1:89:e2:8f:aa:cb:c9:fa:e2:23:60:8c:56:e5:07:66:b1:63:a3:79:e9:21:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

GetErrorMode
GetLastError
RaiseException
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Sections

.rdata
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DISCORD TOOL/Data/api-ms-win-core-fibers-l1-1-0.dll
.dll windows x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:dc:67:0c:42:15:cc:38:1a:7e:ee:28:d6:06:1e:4f:0a:90:6e:9b:81:ba:ec:6c:e2:a5:59:d9:a7:21:44:5e
Signer

Actual PE Digest

06:dc:67:0c:42:15:cc:38:1a:7e:ee:28:d6:06:1e:4f:0a:90:6e:9b:81:ba:ec:6c:e2:a5:59:d9:a7:21:44:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

FlsAlloc
FlsFree
FlsGetValue
FlsSetValue

Sections

.rdata
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DISCORD TOOL/Data/api-ms-win-core-file-l1-1-0.dll
.dll windows x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:50:38:cb:c4:dd:ed:0a:e4:90:77:33:7d:0f:7f:1c:5d:9d:bc:17:8b:63:01:ab:29:b4:18:fb:de:bd:86:67
Signer

Actual PE Digest

45:50:38:cb:c4:dd:ed:0a:e4:90:77:33:7d:0f:7f:1c:5d:9d:bc:17:8b:63:01:ab:29:b4:18:fb:de:bd:86:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

CompareFileTime
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DefineDosDeviceW
DeleteFileA
DeleteFileW
DeleteVolumeMountPointW
FileTimeToLocalFileTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameA
GetLongPathNameW
GetShortPathNameW
GetTempFileNameW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumePathNameW
LocalFileTimeToFileTime
LockFile
LockFileEx
QueryDosDeviceW
ReadFile
ReadFileEx
ReadFileScatter
RemoveDirectoryA
RemoveDirectoryW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetFileValidData
UnlockFile
UnlockFileEx
WriteFile
WriteFileEx
WriteFileGather

Sections

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DISCORD TOOL/Discord.dll
.dll windows x64

0c4039bc49e7eb7cebbb386b702736e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
DisableThreadLibraryCalls
GetCurrentThread
VirtualQuery
GetModuleFileNameA
Sleep
GlobalLock
GlobalUnlock
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
FreeResource
MultiByteToWideChar
WideCharToMultiByte
DeleteFileA
DebugBreak
SetConsoleTextAttribute
ExitProcess
K32EnumProcessModules
K32GetModuleBaseNameA
GetCurrentProcess
WriteProcessMemory
ReadProcessMemory
K32GetModuleInformation
FreeLibraryAndExitThread
CreateThread
FreeConsole
SetConsoleOutputCP
SetConsoleTitleA
GetStdHandle
AllocConsole
GetCurrentProcessId
AttachConsole
GetProcAddress
GetModuleHandleW
GetModuleHandleExA
CreateFiber
DeleteFiber
SwitchToFiber
ConvertThreadToFiber
RtlCaptureContext
LCMapStringW
DecodePointer
GetTickCount64
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
SetLastError
AreFileApisANSI
RemoveDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
FormatMessageW
GetModuleFileNameW
SuspendThread
RaiseException
RtlPcToFileHeader
ResumeThread
GetVersionExA
LoadLibraryW
EncodePointer
GetTickCount
IsDebuggerPresent
ResetEvent
GetThreadContext
IsProcessorFeaturePresent
FreeLibrary
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapCreate
VirtualProtect
HeapFree
Thread32Next
UnregisterWaitEx
QueryDepthSList
Thread32First
InterlockedFlushSList
CreateToolhelp32Snapshot
HeapReAlloc
HeapAlloc
OutputDebugStringA
HeapDestroy
InterlockedPushEntrySList
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
InterlockedPopEntrySList
InitializeSListHead
VirtualAlloc
ReleaseSemaphore
GetSystemInfo
LoadLibraryExW
CreateTimerQueue
GetVersionExW
GetThreadTimes
SetEvent
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
UnregisterWait
RegisterWaitForSingleObject
GetLogicalProcessorInformation
CreateTimerQueueTimer
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer

user32

GetWindowRect
GetAsyncKeyState
MapVirtualKeyA
MessageBoxA
CallWindowProcW
SetWindowLongPtrW
GetClientRect
SendInput
GetKeyNameTextA
FindWindowA
GetForegroundWindow
CloseClipboard
GetClipboardData
OpenClipboard
keybd_event

shell32

ShellExecuteA

winmm

timeGetTime

wininet

HttpOpenRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA

vcruntime140

memmove
memset
__uncaught_exception
memchr
memcmp
__RTDynamicCast
__std_type_info_destroy_list
_CxxThrowException
__processing_throw
strstr
__C_specific_handler
_purecall
__std_exception_destroy
__std_exception_copy
__std_terminate
__AdjustPointer
memcpy
__CxxFrameHandler3
__current_exception

api-ms-win-crt-runtime-l1-1-0

terminate
_errno
abort
_initterm_e
_initterm
_cexit
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_crt_atexit

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

_wcsdup
strncpy
islower
_strdup
isspace
tolower
__strncnt
strcspn
isalnum
strncpy_s
isupper

api-ms-win-crt-stdio-l1-1-0

fwrite
setvbuf
fsetpos
fgetpos
_fseeki64
fread
ungetc
fgetc
__stdio_common_vsprintf_s
__stdio_common_vsprintf
_getcwd
fclose
fputc
_get_stream_buffer_pointers
fseek
_fsopen
_wfsopen
__stdio_common_vsnprintf_s
getchar
__acrt_iob_func
fflush

api-ms-win-crt-filesystem-l1-1-0

rename
_findfirst64i32
_findnext64i32
_findclose
_stat64i32
_lock_file
_unlock_file

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr

api-ms-win-crt-convert-l1-1-0

atoi
strtof
strtod
atof

api-ms-win-crt-time-l1-1-0

_time64
strftime
_localtime64
clock
_localtime64_s

api-ms-win-crt-locale-l1-1-0

setlocale
_unlock_locales
___lc_locale_name_func
__pctype_func
___lc_codepage_func
localeconv
_lock_locales
___mb_cur_max_func

api-ms-win-crt-math-l1-1-0

sinf
sin
cosf
cos
frexp
_dtest
modf
sqrt
exp
_finite
ldexp
_ldtest
_ldsign
_dsign
sqrtf
powf
pow
_isnan

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 659KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DISCORD TOOL/api-ms-win-core-console-l1-2-0.dll
.dll windows x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:09:a0:ba:f4:e9:69:a3:95:c8:11:df:b5:b6:b4:26:a1:a7:bf:66:08:17:1b:00:f3:54:69:41:b3:bc:d9:1a
Signer

Actual PE Digest

00:09:a0:ba:f4:e9:69:a3:95:c8:11:df:b5:b6:b4:26:a1:a7:bf:66:08:17:1b:00:f3:54:69:41:b3:bc:d9:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

AllocConsole
AttachConsole
FreeConsole
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
PeekConsoleInputA
PeekConsoleInputW
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleA
WriteConsoleW

Sections

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DISCORD TOOL/api-ms-win-core-datetime-l1-1-0.dll
.dll windows x64

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-09-2021 18:25

Not After

01-09-2022 18:25

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:bd:26:84:c0:1d:fb:8a:b9:60:2e:1a:82:85:ef:35:b1:a8:3f:14:16:79:67:73:95:24:db:83:0c:96:f6:d6
Signer

Actual PE Digest

e8:bd:26:84:c0:1d:fb:8a:b9:60:2e:1a:82:85:ef:35:b1:a8:3f:14:16:79:67:73:95:24:db:83:0c:96:f6:d6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW

Sections

.rdata
Size: 4KB - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DISCORD TOOL/boost.exe
.exe windows x64

1e92fd54d65284238a0e3b74b2715062

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetCPInfo
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
GetEnvironmentVariableW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DISCORD TOOL/x64/LMIGuardianDll.dll
.dll windows x64

2affc18c1d1b2fcd0047a0cb67552627

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09-09-2015 00:00

Not After

07-11-2018 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:8b:69:86:dd:d6:00:26:ce:35:93:8a:39:c4:a4:ca:df:eb:c4:9f
Signer

Actual PE Digest

00:8b:69:86:dd:d6:00:26:ce:35:93:8a:39:c4:a4:ca:df:eb:c4:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

socket
closesocket
WSACleanup
WSAStartup

kernel32

WriteFile
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
CreateProcessW
GetExitCodeProcess
CreateMutexW
OpenMutexW
ReleaseMutex
OpenProcess
TerminateProcess
SetEvent
DuplicateHandle
GetLocalTime
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
FlushInstructionCache
GetCurrentThread
ResumeThread
GetVersionExA
SuspendThread
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetEnvironmentVariableA
GetCurrentDirectoryA
GetWindowsDirectoryA
GetSystemDirectoryA
ReadProcessMemory
GetThreadContext
CreateEventW
OpenEventW
WaitForMultipleObjects
ResetEvent
GetCommandLineW
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToDosDateTime
ReadFile
CreateFileA
SetFilePointer
GetStdHandle
GetUserDefaultLangID
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
HeapFree
LoadLibraryExW
CreateThread
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
ExitProcess
lstrcmpiA
FlushFileBuffers
SetEndOfFile
SetErrorMode
GetVersion
GetModuleHandleA
CreateFileW
GetSystemTimeAsFileTime
GetTimeZoneInformation
FileTimeToSystemTime
QueryPerformanceCounter
EncodePointer
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
ExitThread
IsProcessorFeaturePresent
DeleteFileW
GetCPInfo
GetModuleHandleExW
AreFileApisANSI
MoveFileExW
GetCommandLineA
RtlPcToFileHeader
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
FormatMessageW
HeapAlloc
WaitForSingleObject
GetCurrentThreadId
IsDebuggerPresent
GetTickCount
LoadLibraryA
SetLastError
GetCurrentProcess
FreeLibrary
DecodePointer
CloseHandle
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LocalFree
LocalAlloc
GetOEMCP
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
ReadConsoleW
GetCurrentProcessId
InitializeCriticalSection
IsBadReadPtr
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetCurrentDirectoryW
SetEnvironmentVariableA
lstrcmpiW
GetStringTypeW

user32

GetClassInfoExW
EnableWindow
MoveWindow
SetScrollInfo
GetScrollInfo
SystemParametersInfoW
SetScrollPos
ScrollWindowEx
UpdateWindow
ShowWindow
CreateDialogParamW
DialogBoxParamW
CallWindowProcW
DrawTextW
SetCursor
DestroyCursor
GetParent
InvalidateRect
EndPaint
BeginPaint
SetWindowLongPtrW
GetWindowLongPtrW
DrawTextExW
OffsetRect
GetDlgItem
LoadStringW
GetDlgItemTextW
SetActiveWindow
MapWindowPoints
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
SetDlgItemTextW
CharNextW
CharUpperW
SetWindowTextW
ReleaseDC
SendMessageW
GetDC
PostThreadMessageW
DefWindowProcW
PostQuitMessage
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
EndDialog
IsWindow
IsDialogMessageW
PostMessageW
DestroyWindow
TranslateMessage
DispatchMessageW
GetMessageW
UnregisterClassW
PeekMessageW
MessageBoxW
CharNextExA
GetWindow
GetDesktopWindow

gdi32

CreateFontIndirectW
SetTextColor
SetBkMode
BitBlt
DeleteObject
GetTextMetricsW
DeleteDC
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
SetViewportOrgEx

advapi32

CreateServiceW
GetSecurityDescriptorLength
SetNamedSecurityInfoA
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
SetNamedSecurityInfoW
FreeSid
ChangeServiceConfig2W
QueryServiceObjectSecurity
SetServiceObjectSecurity
QueryServiceStatusEx
StartServiceW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegQueryValueExW
RegDeleteValueW
StartServiceCtrlDispatcherW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
DeleteService
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CLSIDFromString
OleRun
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject
CoResumeClassObjects
CoAddRefServerProcess
CoReleaseServerProcess
CLSIDFromProgID

oleaut32

SysAllocString
VarUI4FromStr
SysStringLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
GetErrorInfo
SysFreeString

comctl32

InitCommonControlsEx

wininet

InternetErrorDlg
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

ComMain
CrashMain
Escort2
EscortIE11
EscortStop
HttpMain
Init
IsSamePath
Manifest
OffLoad
SetLogLabelLow

Sections

.text
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DISCORD TOOL/x64/LMIGuardianEvt.Dll
.dll windows x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:68:3f:7b:8f:fb:cd:ac:e1:92:7d:58:8d:49:06:cf
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

09-09-2015 00:00

Not After

07-11-2018 23:59

Subject

CN=LogMeIn\, Inc.,O=LogMeIn\, Inc.,L=Boston,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c2:5f:be:f5:ca:73:8c:11:9d:8c:2a:7b:bf:78:35:83:c4:cb:66:91
Signer

Actual PE Digest

c2:5f:be:f5:ca:73:8c:11:9d:8c:2a:7b:bf:78:35:83:c4:cb:66:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rdata
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DISCORD TOOL/x64/hamachi.cat
DISCORD TOOL/x64/hamachi.inf
DISCORD TOOL/x64/hamachi.sys
.exe windows x64

f1f7577d30cb682bf3712323ce1b1ee7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:c5:0c:01:52:ab:6d:16:2b:83:2a:c3:52:8b:10:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-10-2006 00:00

Not After

11-10-2009 23:59

Subject

CN=LogMeIn\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=LogMeIn\, Inc.,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

de:42:09:3d:a9:72:1d:3f:9b:56:bd:85:77:c6:e3:ed:53:70:6f:ea
Signer

Actual PE Digest

de:42:09:3d:a9:72:1d:3f:9b:56:bd:85:77:c6:e3:ed:53:70:6f:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
RtlCreateSecurityDescriptor
ZwOpenFile
ZwSetSecurityObject
IoAcquireCancelSpinLock
IoReleaseCancelSpinLock
IofCompleteRequest
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ZwSetValueKey
RtlInitUnicodeString
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
RtlEqualUnicodeString
ZwClose
MmMapLockedPagesSpecifyCache
MmMapLockedPages
IoFreeMdl
sprintf

ndis.sys

NdisFreePacketPool
NdisInitializeWrapper
NdisMRegisterMiniport
NdisTerminateWrapper
NdisMRegisterUnloadHandler
NdisMRegisterDevice
NdisMSleep
NdisMDeregisterDevice
NdisMSetAttributesEx
NdisReadNetworkAddress
NdisScheduleWorkItem
NdisOpenConfiguration
NdisReadConfiguration
NdisCloseConfiguration
NdisAllocatePacketPool
NdisAllocateBufferPool
NdisUnchainBufferAtFront
NdisFreePacket
NdisAllocateBuffer
NdisAllocatePacket
NdisAllocateMemoryWithTag
NdisFreeMemory
NdisFreeBufferPool

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 772B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DISCORD TOOL/x64/hamdrv.cat
DISCORD TOOL/x64/hamdrv.inf
DISCORD TOOL/x64/hamdrv.sys
.exe windows x64

16a1e3c89e358352ae6234af19172929

Code Sign

33:00:00:00:0c:d4:84:0c:29:fd:17:12:a0:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14-01-2015 21:31

Not After

14-04-2016 21:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:2e:2f:0d:7f:67:48:5d:f2:08:c5:37:1b:82:68:2c:36:b3:95:38:06:22:01:15:54:98:50:81:5c:6c:d8:95
Signer

Actual PE Digest

59:2e:2f:0d:7f:67:48:5d:f2:08:c5:37:1b:82:68:2c:36:b3:95:38:06:22:01:15:54:98:50:81:5c:6c:d8:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
ExpInterlockedPushEntrySList
ExQueryDepthSList
KeQueryDpcWatchdogInformation
KeFlushQueuedDpcs
KeRemoveQueueDpc
KeInsertQueueDpc
IoReleaseRemoveLockAndWaitEx
IoReleaseRemoveLockEx
IoAcquireRemoveLockEx
IoInitializeRemoveLockEx
IoReleaseCancelSpinLock
IofCompleteRequest
IoAcquireCancelSpinLock
MmMapLockedPagesSpecifyCache
ExpInterlockedPopEntrySList
ExInterlockedRemoveHeadList
ExInterlockedInsertTailList
ExFreePoolWithTag
ExAllocatePoolWithQuotaTag
KeSetTargetProcessorDpc
KeSetImportanceDpc
KeInitializeDpc
DbgPrintEx
IoWMIRegistrationControl
MmGetSystemRoutineAddress
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
RtlCompareMemory
RtlInitUnicodeString
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc

ndis.sys

NdisAllocateMemoryWithTagPriority
NdisFreeMdl
NdisAllocateMdl
NdisWriteConfiguration
NdisQueueIoWorkItem
NdisMIndicateReceiveNetBufferLists
NdisMSendNetBufferListsComplete
NdisCancelTimerObject
NdisMResetComplete
NdisFreeIoWorkItem
NdisAllocateIoWorkItem
NdisMPauseComplete
NdisMGetDeviceProperty
NdisMSleep
NdisMSetMiniportAttributes
NdisAllocateNetBufferAndNetBufferList
NdisFreeNetBufferList
NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisDeregisterDeviceEx
NdisRegisterDeviceEx
NdisFreeTimerObject
NdisSetTimerObject
NdisAllocateTimerObject
NdisOpenConfigurationEx
NdisGetSharedDataAlignment
NdisReadNetworkAddress
NdisCloseConfiguration
NdisReadConfiguration
NdisMDeregisterMiniportDriver
NdisMRegisterMiniportDriver
NdisReleaseReadWriteLock
NdisAcquireReadWriteLock
NdisInitializeReadWriteLock
NdisFreeMemory
NdisMIndicateStatusEx

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3aCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

17:fd:8f:76:f9:3e:00:28:6f:24:e2:b0:aa:29:1f:a7:f9:9c:ed:f6:fa:81:44:34:38:e3:4c:18:d1:0e:a3:72Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.rdata Size: 4KB - Virtual size: 660B

.data Size: - Virtual size: 128B

.rsrc Size: 4KB - Virtual size: 1008B

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3aCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

1f:36:15:f9:31:6d:da:b6:3a:b1:89:e2:8f:aa:cb:c9:fa:e2:23:60:8c:56:e5:07:66:b1:63:a3:79:e9:21:ddSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.rdata Size: 4KB - Virtual size: 840B

.data Size: - Virtual size: 128B

.rsrc Size: 4KB - Virtual size: 1008B

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3aCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

06:dc:67:0c:42:15:cc:38:1a:7e:ee:28:d6:06:1e:4f:0a:90:6e:9b:81:ba:ec:6c:e2:a5:59:d9:a7:21:44:5eSigner

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.rdata Size: 4KB - Virtual size: 608B

.data Size: - Virtual size: 128B

.rsrc Size: 4KB - Virtual size: 1008B

Code Sign

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3aCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

45:50:38:cb:c4:dd:ed:0a:e4:90:77:33:7d:0f:7f:1c:5d:9d:bc:17:8b:63:01:ab:29:b4:18:fb:de:bd:86:67Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.rdata Size: 8KB - Virtual size: 4KB

.data Size: - Virtual size: 128B

.rsrc Size: 4KB - Virtual size: 1008B

0c4039bc49e7eb7cebbb386b702736e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

winmm

wininet

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

17:fd:8f:76:f9:3e:00:28:6f:24:e2:b0:aa:29:1f:a7:f9:9c:ed:f6:fa:81:44:34:38:e3:4c:18:d1:0e:a3:72
Signer

.rdata
Size: 4KB - Virtual size: 660B

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

1f:36:15:f9:31:6d:da:b6:3a:b1:89:e2:8f:aa:cb:c9:fa:e2:23:60:8c:56:e5:07:66:b1:63:a3:79:e9:21:dd
Signer

.rdata
Size: 4KB - Virtual size: 840B

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

06:dc:67:0c:42:15:cc:38:1a:7e:ee:28:d6:06:1e:4f:0a:90:6e:9b:81:ba:ec:6c:e2:a5:59:d9:a7:21:44:5e
Signer

.rdata
Size: 4KB - Virtual size: 608B

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

45:50:38:cb:c4:dd:ed:0a:e4:90:77:33:7d:0f:7f:1c:5d:9d:bc:17:8b:63:01:ab:29:b4:18:fb:de:bd:86:67
Signer

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 41KB - Virtual size: 659KB

.pdata
Size: 168KB - Virtual size: 167KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

.reloc
Size: 99KB - Virtual size: 98KB

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

00:09:a0:ba:f4:e9:69:a3:95:c8:11:df:b5:b6:b4:26:a1:a7:bf:66:08:17:1b:00:f3:54:69:41:b3:bc:d9:1a
Signer

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B

33:00:00:04:3a:75:e5:2f:9e:0b:29:98:1e:00:00:00:00:04:3a
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

e8:bd:26:84:c0:1d:fb:8a:b9:60:2e:1a:82:85:ef:35:b1:a8:3f:14:16:79:67:73:95:24:db:83:0c:96:f6:d6
Signer

.rdata
Size: 4KB - Virtual size: 648B

.data
Size: - Virtual size: 128B

.rsrc
Size: 4KB - Virtual size: 1008B

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 64KB

.pdata
Size: 8KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB