Static task
static1
Behavioral task
behavioral1
Sample
aa0739a3f450aa5326b10103bf3c88958846760023ace5699fcd21554de15dd6.dll
Resource
win7-20230621-en
windows7-x64
Behavioral task
behavioral2
Sample
aa0739a3f450aa5326b10103bf3c88958846760023ace5699fcd21554de15dd6.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Target
aa0739a3f450aa5326b10103bf3c88958846760023ace5699fcd21554de15dd6
Size
2.1MB
MD5
abf4f71f2d1e81af9d258855ca4ee6b0
SHA1
fee8729d6a03fb0c4f497e911257c73add4cdb50
SHA256
aa0739a3f450aa5326b10103bf3c88958846760023ace5699fcd21554de15dd6
SHA512
4a676cb1ec1f23f4654ab35993d23c59b8205ced5a97a589a67d75ea8ce4fffcb9c8683cc8e26dba43289c1b5877783cfc8ecb55cd338a5050dd7ce1f3a3da4c
SSDEEP
49152:1APjV8aHO9RHBpGe/aUMpsuJDNIrPoTIbHSN3PObSt+eKWOVaM:++iOPHB0bauHIrk3c
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
PathIsRelativeW
??0RCInferenceTask@DM@RC@@QAE@ABV012@@Z
?RemoveObserver@RCDMEventCenter@DM@RC@@QAEXABVAbstractObserver@Poco@@@Z
?AddObserver@RCDMEventCenter@DM@RC@@QAEXABVAbstractObserver@Poco@@@Z
?GetInstance@RCDMEventCenter@DM@RC@@SAAAV123@XZ
?SetHandled@RCDMEvent@DM@RC@@QAEX_N@Z
?AddTrustProcess@RCInstallInterceptMessageSender@DM@RC@@SA?AVRCReturnValue@23@PB_W@Z
?DoInterceptAction@RCInstallInterceptMessageSender@DM@RC@@SA?AVRCReturnValue@23@_KW4RCInterceptAction@23@@Z
?ResetTimeout@RCInstallInterceptMessageSender@DM@RC@@SA?AVRCReturnValue@23@_K@Z
?GetProcessInfo@RCDMProcessEvent@DM@RC@@QBEABVRCProcessInfo@23@XZ
?GetInterceptEventId@RCDMProcessCreateInterceptEvent@DM@RC@@QBE_KXZ
?StartDefence@RCInstallInterceptMessageSender@DM@RC@@SA?AVRCReturnValue@23@XZ
??1RCDMEvent@DM@RC@@UAE@XZ
??0RCInferenceTask@DM@RC@@QAE@XZ
??1RCInferenceTask@DM@RC@@QAE@XZ
?SetBusinessId@RCInferenceTask@DM@RC@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetBusinessId@RCInferenceTask@DM@RC@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetTaskId@RCInferenceTask@DM@RC@@QBEIXZ
?GetClock@RCInferenceTask@DM@RC@@QBE?AVClock@Poco@@XZ
?GetCompleteClock@RCInferenceTask@DM@RC@@QBE?AVClock@Poco@@XZ
?SetTimeout@RCInferenceTask@DM@RC@@QAEX_J@Z
?SetPriority@RCInferenceTask@DM@RC@@QAEXW4RCPriority@123@@Z
?GetErrorCode@RCInferenceTask@DM@RC@@QBE_KXZ
?SetBusinessObject@RCInferenceTask@DM@RC@@QAEXABVObject@JSON@Poco@@@Z
??0RCDMProcessEvent@DM@RC@@QAE@XZ
?Serialization@RCDMProcessCreateInterceptEvent@DM@RC@@UBEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Deserialization@RCDMProcessCreateInterceptEvent@DM@RC@@UAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Downgrade@RCDMProcessCreateInterceptEvent@DM@RC@@UBEXXZ
?GetInstance@RCListMgrSystem@DM@RC@@SAAAV123@XZ
?AddObserver@RCListMgrSystem@DM@RC@@QAEXABVAbstractObserver@Poco@@@Z
?RemoveObserver@RCListMgrSystem@DM@RC@@QAEXABVAbstractObserver@Poco@@@Z
?InferenceAsync@RCListMgrSystem@DM@RC@@QAE?AVRCReturnValue@23@ABVRCInferenceTask@23@@Z
?StopDefence@RCInstallInterceptMessageSender@DM@RC@@SA?AVRCReturnValue@23@XZ
?GetBusinessObject@RCInferenceTask@DM@RC@@QBE?AVObject@JSON@Poco@@XZ
??0RCCloudDataUser@DM@RC@@QAE@W4RCConfigCenterCategory@12@@Z
??0RCConfigUser@DM@RC@@QAE@W4RCConfigCenterCategory@12@@Z
?RegisterCloudData@RCCloudDataUser@DM@RC@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?UnInitilize@RCCloudDataUser@DM@RC@@QAEXXZ
?Initialize@RCCloudDataUser@DM@RC@@QAE_NPAVIConfigDataNotify@23@@Z
??1RCCloudDataUser@DM@RC@@QAE@XZ
?GetBoolValue@RCConfigUser@DM@RC@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0AA_N@Z
?RegisterNotify@RCConfigUser@DM@RC@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?UnInitilize@RCConfigUser@DM@RC@@QAEXXZ
?Initialize@RCConfigUser@DM@RC@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@P6AXABURCNotifytHeadData@23@PB_WPAX@Z3@Z
??1RCConfigUser@DM@RC@@QAE@XZ
?LoadDB@RCSQLiteConnection@RC@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1RCSQLiteConnection@RC@@QAE@XZ
?GetErrorCode@RCSQLiteUpdateNotification@RC@@QBEIXZ
??0RCSQLiteConnection@RC@@QAE@XZ
?GetUpdateStep@RCSQLiteUpdateNotification@RC@@QBE?AW4RCSQLiteUpdateStep@2@XZ
?RemoveObserver@RCSQLiteUpdateDMgr@RC@@SAXABVAbstractObserver@Poco@@@Z
?AddObserver@RCSQLiteUpdateDMgr@RC@@SAXABVAbstractObserver@Poco@@@Z
?GetDBVersion@RCSQLiteConnection@RC@@QAE_JXZ
VirtualAllocEx
MoveFileExW
CreateProcessW
GetTempFileNameW
OpenMutexW
MoveFileW
Sleep
SetLastError
GetVersionExW
ReadFile
SetFilePointer
SetEndOfFile
GetFileSize
SetEvent
InterlockedExchange
InterlockedExchangeAdd
lstrlenW
GlobalMemoryStatusEx
GetModuleHandleW
ExpandEnvironmentStringsW
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
LocalFree
GetFileAttributesW
GetCurrentDirectoryW
SetFileAttributesW
TerminateProcess
WriteProcessMemory
GetStartupInfoW
LoadLibraryExW
FindResourceW
LoadResource
LockResource
EnumResourceNamesW
SizeofResource
GetProcessHeap
HeapFree
CreateFileW
GetFullPathNameW
CreateDirectoryW
QueueUserAPC
WriteFile
SetErrorMode
GetFileTime
SetFileTime
OpenThread
TerminateThread
GetExitCodeThread
SuspendThread
GetCurrentThreadId
CreateFileMappingW
OpenFileMappingW
ResumeThread
GetLongPathNameW
GetACP
SearchPathW
InitializeCriticalSection
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
GetPrivateProfileStringW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetModuleHandleExW
VirtualQuery
GetLogicalDriveStringsW
GetEnvironmentVariableW
GetModuleFileNameW
QueryDosDeviceW
GetCurrentProcessId
GetTickCount
GetLastError
UnhandledExceptionFilter
FreeLibrary
LoadLibraryW
GetFileSizeEx
DeviceIoControl
FormatMessageW
GetLocalTime
InitializeSListHead
GetTempPathW
lstrcmpiW
GetNativeSystemInfo
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
GetFileAttributesExW
TlsFree
TlsAlloc
MapViewOfFile
UnmapViewOfFile
GetProcessTimes
SystemTimeToTzSpecificLocalTime
ReadProcessMemory
HeapAlloc
GetSystemInfo
Process32FirstW
FileTimeToSystemTime
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
DuplicateHandle
SetPriorityClass
GetTimeZoneInformation
CreateEventW
ResetEvent
QueryPerformanceCounter
GetSystemTimeAsFileTime
DeleteCriticalSection
WaitForMultipleObjects
InterlockedIncrement
GetProcAddress
LoadLibraryA
GetModuleHandleA
LeaveCriticalSection
InterlockedDecrement
EnterCriticalSection
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
OutputDebugStringW
GetParent
GetDesktopWindow
GetClassNameW
GetForegroundWindow
WindowFromPoint
GetShellWindow
GetWindowRect
EnumWindows
GetWindowThreadProcessId
GetSystemMetrics
wsprintfW
GetWindowTextW
LookupPrivilegeValueW
GetTokenInformation
LookupAccountSidW
DuplicateTokenEx
CreateProcessAsUserW
OpenProcessToken
LookupPrivilegeNameW
AdjustTokenPrivileges
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
SHGetFolderPathW
SHGetSpecialFolderPathW
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@O@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?classic@locale@std@@SAABV12@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
DestroyEnvironmentBlock
CreateEnvironmentBlock
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
_purecall
__std_type_info_compare
__std_type_info_name
wcsrchr
memcpy
memmove
memset
__RTtypeid
_CxxThrowException
memchr
strchr
__std_terminate
wcschr
strstr
__std_type_info_destroy_list
_except_handler4_common
wcsstr
__RTDynamicCast
calloc
malloc
realloc
_callnewh
free
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_crt_atexit
_cexit
_initterm
_errno
_invalid_parameter_noinfo
_execute_onexit_table
strerror_s
terminate
_invalid_parameter_noinfo_noreturn
_beginthreadex
_initterm_e
_time64
_localtime64
_mktime64
isalnum
_wcsnicmp
isspace
_stricmp
tolower
toupper
_memicmp
wcsncpy
towlower
towupper
_wcsicmp
fwrite
fseek
fclose
_wfopen_s
ftell
fread
__stdio_common_vswscanf
rewind
__stdio_common_vswprintf
__stdio_common_vsprintf_s
__stdio_common_vsprintf
atoi
wcstoul
_wtoi
atoll
srand
rand
_isnan
_except1
floor
_finite
modf
ceil
_dtest
_splitpath_s
GetProcessMemoryInfo
GetProcessImageFileNameW
CertGetNameStringW
CryptMsgClose
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CertFindCertificateInStore
CryptMsgGetParam
NtOpenProcess
NtQueryInformationProcess
??0IConfigDataNotify@DM@RC@@QAE@$$QAV012@@Z
??0IConfigDataNotify@DM@RC@@QAE@ABV012@@Z
??0IConfigDataNotify@DM@RC@@QAE@XZ
??0RCDMProcessCreateInterceptEvent@DM@RC@@QAE@XZ
??1RCDMProcessCreateInterceptEvent@DM@RC@@UAE@XZ
??1RCDMProcessEvent@DM@RC@@UAE@XZ
??1RCSQLiteUpdateNotification@RC@@UAE@XZ
??4IConfigDataNotify@DM@RC@@QAEAAV012@$$QAV012@@Z
??4IConfigDataNotify@DM@RC@@QAEAAV012@ABV012@@Z
??4RCCloudDataUser@DM@RC@@QAEAAV012@ABV012@@Z
??4RCConfigUser@DM@RC@@QAEAAV012@ABV012@@Z
??4RCInstallInterceptMessageSender@DM@RC@@QAEAAV012@ABV012@@Z
??4RCListMgrSystem@DM@RC@@QAEAAV012@$$QAV012@@Z
??4RCListMgrSystem@DM@RC@@QAEAAV012@ABV012@@Z
??4RCSQLiteUpdateDMgr@RC@@QAEAAV01@$$QAV01@@Z
??4RCSQLiteUpdateDMgr@RC@@QAEAAV01@ABV01@@Z
??_7IConfigDataNotify@DM@RC@@6B@
??_7RCDMProcessCreateInterceptEvent@DM@RC@@6BISerialization@12@@
??_7RCDMProcessCreateInterceptEvent@DM@RC@@6BNotification@Poco@@@
??_FRCCloudDataUser@DM@RC@@QAEXXZ
??_FRCConfigUser@DM@RC@@QAEXXZ
?NotifyCloudValue@IConfigDataNotify@DM@RC@@UAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0@Z
?__autoclassinit2@RCCloudDataUser@DM@RC@@QAEXI@Z
?__autoclassinit2@RCConfigUser@DM@RC@@QAEXI@Z
?__autoclassinit2@RCDMEventCenter@DM@RC@@QAEXI@Z
?__autoclassinit2@RCDMProcessCreateInterceptEvent@DM@RC@@QAEXI@Z
?__autoclassinit2@RCDMProcessEvent@DM@RC@@QAEXI@Z
?__autoclassinit2@RCInferenceTask@DM@RC@@QAEXI@Z
?__autoclassinit2@RCSQLiteConnection@RC@@QAEXI@Z
?__autoclassinit2@RCSQLiteRecordSet@RC@@QAEXI@Z
RCVBusGetModuleCount
RCVBusQueryModule
RCVBusReleaseModule
RespondProcessEvent
StartProcessEventNotify
StopProcessEventNotify
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ