LGS[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

LGS.exe
Size

3.0MB
MD5

4ef4a76d6319216aaeeb3bbb8294b3f7
SHA1

728246ac50f60873bfb44a373ee6b67d5341a99b
SHA256

06ddc8056fbd05227abcb44004faec6f2a870138d9780c05e799da5fc70e39a5
SHA512

2b706a0529e226a1327dc6684ad1c8a5544e0f2d33b7f2e5100d558d24a541178c7a544a81a0caa1a94d43ba8c35ead363410097bf7ceb504eae1947cfc14842
SSDEEP

49152:ku8ghrc90J7ckEg6zFmJrmKEiKpguLeYGYJRTa:dRhJJ7cX6bYGYm

Score

1^/10

Malware Config

Signatures

Files

LGS.exe
.exe windows x86

cbb56e8e1589c64a69cf7abe2e75a029

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f0:dc:78:27:6f:ca:56:4c:e7:d3:23:b3:e4:14:9d:2b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/03/2018, 00:00

Not After

07/03/2021, 23:59

Subject

CN=Leica Geosystems AG,O=Leica Geosystems AG,POSTALCODE=9435,STREET=Heinrich-Wild-Strasse 201,L=Heerbrugg,ST=St. Gallen,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:a4:c4:b3:65:be:14:3b:65:f1:96:63:92:a0:d3:c5:43:9b:f3:e9:53:7a:88:78:a7:c4:fc:1b:46:65:8f:d4
Signer

Actual PE Digest

59:a4:c4:b3:65:be:14:3b:65:f1:96:63:92:a0:d3:c5:43:9b:f3:e9:53:7a:88:78:a7:c4:fc:1b:46:65:8f:d4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
htons
WSACleanup
WSAStartup
getsockname
getpeername
inet_ntop
getsockopt
gethostbyname
getaddrinfo
getprotobyname
WSAGetLastError
socket
setsockopt
send
select
recv
ioctlsocket
connect
closesocket
__WSAFDIsSet
getnameinfo
inet_ntoa
inet_addr
freeaddrinfo
htonl

shlwapi

PathRemoveBackslashW

userenv

GetProfilesDirectoryA

comctl32

ord17

netapi32

Netbios

dhcpcsvc

DhcpRequestParams

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSendRequest

vcruntime140

__RTDynamicCast
_CxxThrowException
__CxxFrameHandler3
wcsstr
strstr
wcsrchr
strrchr
__vcrt_InitializeCriticalSectionEx
__std_terminate
memchr
_purecall
__std_exception_copy
__std_exception_destroy
memset
memmove
memcpy
memcmp
strchr
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
fwrite
ftell
_wopen
fseek
_setmode
__p__commode
_fileno
_wfreopen
_wfopen
fflush
freopen
clearerr
ferror
__stdio_common_vsprintf_s
fread
_fsopen
fgetc
fopen
getchar
fclose
__acrt_iob_func
_open
fgetpos
_pclose
_popen
setvbuf
_getcwd
__stdio_common_vfwprintf
__stdio_common_vfwprintf_s
_set_fmode
ungetc
fsetpos
__stdio_common_vfprintf_s
_fseeki64
__stdio_common_vfwprintf_p
__stdio_common_vfwscanf
_get_stream_buffer_pointers
__stdio_common_vswprintf
fgets
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_p
__stdio_common_vswscanf
__stdio_common_vfprintf_p
fputs
__stdio_common_vfscanf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_p
_close
_locking
__stdio_common_vsscanf
fputc
feof

api-ms-win-crt-filesystem-l1-1-0

_wunlink
_unlock_file
_lock_file
_access
_waccess
_splitpath_s
remove
_findnext64i32
_wremove
rename
_umask
_stat64i32
_wstat64i32
_wmkdir
_unlink
_findclose
_findfirst64i32
_wrename

api-ms-win-crt-heap-l1-1-0

realloc
_recalloc
_callnewh
calloc
free
_set_new_mode
malloc

api-ms-win-crt-environment-l1-1-0

getenv_s
getenv
_putenv

api-ms-win-crt-string-l1-1-0

iscntrl
_strnicmp
strncat
strcat
isspace
wcsncpy
wcstok_s
wcslen
toupper
strncmp
_strdup
strcspn
strpbrk
strspn
strcat_s
strtok
wcspbrk
strncpy_s
_stricmp
tolower
isalpha
isupper
strcpy_s
islower
isdigit
isxdigit
strcmp
ispunct
isalnum
isprint
isgraph
_wcsicmp
strcpy
strlen
strncpy

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_localtime64_s
_ftime64_s
strftime
_gmtime64
_mktime64
_utime64
_localtime64
_time64
asctime

api-ms-win-crt-runtime-l1-1-0

_set_app_type
strerror
raise
_get_initial_narrow_environment
__sys_nerr
_beginthreadex
_seh_filter_exe
__sys_errlist
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_initterm_e
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
__p___argc
_configure_narrow_argv
_errno
__p___argv
_c_exit
perror
_register_thread_local_exe_atexit_callback
_exit
_invalid_parameter_noinfo
_seh_filter_dll
_getpid
exit
terminate
_endthread
signal
_controlfp_s
_beginthread

api-ms-win-crt-convert-l1-1-0

strtol
_strtoi64
strtod
atof
atol
atoi
_atoi64
strtoul
_strtoui64

api-ms-win-crt-utility-l1-1-0

bsearch
rand_s
rand
srand
qsort

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

SetFilePointer
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
LoadLibraryExA
DeviceIoControl
GetProcessTimes
FindNextFileW
FindFirstFileW
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetVolumeInformationA
GetDriveTypeA
VirtualFree
VirtualAlloc
GetTickCount
GetSystemWindowsDirectoryA
FindNextFileA
WaitNamedPipeA
SleepEx
SetNamedPipeHandleState
WriteFile
ReadFile
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
GetWindowsDirectoryA
ResetEvent
VerifyVersionInfoW
VerSetConditionMask
Sleep
SetErrorMode
SetHandleInformation
lstrlenA
GetVersionExA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetTimeZoneInformation
GetLocalTime
FormatMessageA
GetVersionExW
GetFullPathNameA
CreateMutexA
CreateSemaphoreA
GetVersion
ReleaseSemaphore
GetLastError
FindFirstFileA
FindClose
MapViewOfFile
CreateEventA
GetSystemTime
GetComputerNameExA
GetSystemTimeAsFileTime
CreateFileMappingA
SetFileAttributesA
CreateThread
CloseHandle
DeleteFileA
TerminateThread
SetEvent
CreateFileA
GetFileAttributesA
GetModuleHandleA
UnmapViewOfFile
WaitForSingleObject
WaitForMultipleObjects
TerminateProcess
GetCurrentProcess
SetConsoleCtrlHandler
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
FlushConsoleInputBuffer
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetComputerNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SetEndOfFile
UnlockFileEx
GetFileAttributesW
GetTempPathW
SetConsoleTitleA
CreateFileW
GetTempPathA
GetDiskFreeSpaceA
GetFileType
GetFileAttributesExW
DeleteFileW
LoadLibraryW
UnlockFile
OutputDebugStringW
LocalFree
LockFileEx
FormatMessageW
GetFileSize
CreateFileMappingW
QueryPerformanceCounter
FlushFileBuffers
GetNativeSystemInfo
CreateDirectoryA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GlobalMemoryStatus
GetComputerNameA
GetStdHandle
OpenProcess
ReleaseMutex

user32

DialogBoxIndirectParamA
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetTimer
ScreenToClient
CreateDialogIndirectParamA
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
GetSystemMetrics
GetParent
GetWindowLongA
MessageBeep
GetDC
GetWindowRect
GetClientRect
SetWindowTextA
EnableWindow
GetFocus
SetFocus
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
EndDialog
MoveWindow
ShowWindow
SendMessageA
MessageBoxA
GetActiveWindow
KillTimer
wsprintfA

gdi32

GetDIBits
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
GetObjectA

comdlg32

GetOpenFileNameA

shell32

ord680

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantClear
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayDestroy

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

psapi

GetProcessMemoryInfo

advapi32

SetSecurityDescriptorDacl
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegQueryValueExA
GetUserNameA
GetUserNameW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
RegEnumKeyExA
RegQueryInfoKeyA
LookupAccountNameW
RegOpenKeyExW
ConvertSidToStringSidW
RegCreateKeyExW
InitializeSecurityDescriptor
RegCloseKey

msvcp140

??1_Lockit@std@@QAE@XZ
?_Xbad_function_call@std@@YAXXZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??0_Lockit@std@@QAE@H@Z
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mbrtowc
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?fail@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
_Xtime_get_ticks
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 751KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbb56e8e1589c64a69cf7abe2e75a029

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

f0:dc:78:27:6f:ca:56:4c:e7:d3:23:b3:e4:14:9d:2bCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

59:a4:c4:b3:65:be:14:3b:65:f1:96:63:92:a0:d3:c5:43:9b:f3:e9:53:7a:88:78:a7:c4:fc:1b:46:65:8f:d4Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

userenv

comctl32

netapi32

dhcpcsvc

winhttp

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

user32

gdi32

comdlg32

shell32

version

oleaut32

ole32

psapi

advapi32

msvcp140

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.textidx Size: 751KB - Virtual size: 751KB

.rdata Size: 401KB - Virtual size: 401KB

.data Size: 42KB - Virtual size: 123KB

.fnp_dir Size: 512B - Virtual size: 100B

.fnp_mar Size: 512B - Virtual size: 1B

.gfids Size: 1024B - Virtual size: 824B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 102KB - Virtual size: 101KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

f0:dc:78:27:6f:ca:56:4c:e7:d3:23:b3:e4:14:9d:2b
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

59:a4:c4:b3:65:be:14:3b:65:f1:96:63:92:a0:d3:c5:43:9b:f3:e9:53:7a:88:78:a7:c4:fc:1b:46:65:8f:d4
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.textidx
Size: 751KB - Virtual size: 751KB

.rdata
Size: 401KB - Virtual size: 401KB

.data
Size: 42KB - Virtual size: 123KB

.fnp_dir
Size: 512B - Virtual size: 100B

.fnp_mar
Size: 512B - Virtual size: 1B

.gfids
Size: 1024B - Virtual size: 824B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 102KB - Virtual size: 101KB