Crack (2)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Crack (2).zip
Size

694.7MB
MD5

1ac35fd5d77b0c015fc9c029c3238a41
SHA1

ac919e03d1e8d94b6b76444cb3e61bfb5ec2361a
SHA256

bb27ebc0cfe2c631d3bc68e6d86cf133ff0231d669e78f8b360053bcbd660f44
SHA512

6363f36f3b7613eccc7ed0a66ba10206819a51d868660071b205eab0e1ee6f9cf68fb09f8eb4dbd8a23856b87293aef8e296f43c41bb168870ee60ad1c24f544
SSDEEP

12582912:adLjCbRFKGQe0Y0207tTw1GkD3SPPnen3xbnxQU7Qxy2o/udh1vJ7Gvldda86gCJ:aMRFKv7V2071xESPPen3xt+y2Be0tT

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Crack/RshClr.dll
unpack001/Crack/RshModelerExchange.dll

Files

Crack (2).zip
.zip
Crack/LGS.exe
.exe windows x86

cbb56e8e1589c64a69cf7abe2e75a029

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f0:dc:78:27:6f:ca:56:4c:e7:d3:23:b3:e4:14:9d:2b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/03/2018, 00:00

Not After

07/03/2021, 23:59

Subject

CN=Leica Geosystems AG,O=Leica Geosystems AG,POSTALCODE=9435,STREET=Heinrich-Wild-Strasse 201,L=Heerbrugg,ST=St. Gallen,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:a4:c4:b3:65:be:14:3b:65:f1:96:63:92:a0:d3:c5:43:9b:f3:e9:53:7a:88:78:a7:c4:fc:1b:46:65:8f:d4
Signer

Actual PE Digest

59:a4:c4:b3:65:be:14:3b:65:f1:96:63:92:a0:d3:c5:43:9b:f3:e9:53:7a:88:78:a7:c4:fc:1b:46:65:8f:d4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAIoctl
htons
WSACleanup
WSAStartup
getsockname
getpeername
inet_ntop
getsockopt
gethostbyname
getaddrinfo
getprotobyname
WSAGetLastError
socket
setsockopt
send
select
recv
ioctlsocket
connect
closesocket
__WSAFDIsSet
getnameinfo
inet_ntoa
inet_addr
freeaddrinfo
htonl

shlwapi

PathRemoveBackslashW

userenv

GetProfilesDirectoryA

comctl32

ord17

netapi32

Netbios

dhcpcsvc

DhcpRequestParams

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpSendRequest

vcruntime140

__RTDynamicCast
_CxxThrowException
__CxxFrameHandler3
wcsstr
strstr
wcsrchr
strrchr
__vcrt_InitializeCriticalSectionEx
__std_terminate
memchr
_purecall
__std_exception_copy
__std_exception_destroy
memset
memmove
memcpy
memcmp
strchr
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf
fwrite
ftell
_wopen
fseek
_setmode
__p__commode
_fileno
_wfreopen
_wfopen
fflush
freopen
clearerr
ferror
__stdio_common_vsprintf_s
fread
_fsopen
fgetc
fopen
getchar
fclose
__acrt_iob_func
_open
fgetpos
_pclose
_popen
setvbuf
_getcwd
__stdio_common_vfwprintf
__stdio_common_vfwprintf_s
_set_fmode
ungetc
fsetpos
__stdio_common_vfprintf_s
_fseeki64
__stdio_common_vfwprintf_p
__stdio_common_vfwscanf
_get_stream_buffer_pointers
__stdio_common_vswprintf
fgets
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_p
__stdio_common_vswscanf
__stdio_common_vfprintf_p
fputs
__stdio_common_vfscanf
__stdio_common_vsnprintf_s
__stdio_common_vsprintf_p
_close
_locking
__stdio_common_vsscanf
fputc
feof

api-ms-win-crt-filesystem-l1-1-0

_wunlink
_unlock_file
_lock_file
_access
_waccess
_splitpath_s
remove
_findnext64i32
_wremove
rename
_umask
_stat64i32
_wstat64i32
_wmkdir
_unlink
_findclose
_findfirst64i32
_wrename

api-ms-win-crt-heap-l1-1-0

realloc
_recalloc
_callnewh
calloc
free
_set_new_mode
malloc

api-ms-win-crt-environment-l1-1-0

getenv_s
getenv
_putenv

api-ms-win-crt-string-l1-1-0

iscntrl
_strnicmp
strncat
strcat
isspace
wcsncpy
wcstok_s
wcslen
toupper
strncmp
_strdup
strcspn
strpbrk
strspn
strcat_s
strtok
wcspbrk
strncpy_s
_stricmp
tolower
isalpha
isupper
strcpy_s
islower
isdigit
isxdigit
strcmp
ispunct
isalnum
isprint
isgraph
_wcsicmp
strcpy
strlen
strncpy

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_localtime64_s
_ftime64_s
strftime
_gmtime64
_mktime64
_utime64
_localtime64
_time64
asctime

api-ms-win-crt-runtime-l1-1-0

_set_app_type
strerror
raise
_get_initial_narrow_environment
__sys_nerr
_beginthreadex
_seh_filter_exe
__sys_errlist
_initterm
_cexit
_crt_at_quick_exit
_crt_atexit
_initterm_e
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
__p___argc
_configure_narrow_argv
_errno
__p___argv
_c_exit
perror
_register_thread_local_exe_atexit_callback
_exit
_invalid_parameter_noinfo
_seh_filter_dll
_getpid
exit
terminate
_endthread
signal
_controlfp_s
_beginthread

api-ms-win-crt-convert-l1-1-0

strtol
_strtoi64
strtod
atof
atol
atoi
_atoi64
strtoul
_strtoui64

api-ms-win-crt-utility-l1-1-0

bsearch
rand_s
rand
srand
qsort

api-ms-win-crt-conio-l1-1-0

_getch

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

kernel32

SetFilePointer
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
LoadLibraryExA
DeviceIoControl
GetProcessTimes
FindNextFileW
FindFirstFileW
GetCurrentProcessId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetVolumeInformationA
GetDriveTypeA
VirtualFree
VirtualAlloc
GetTickCount
GetSystemWindowsDirectoryA
FindNextFileA
WaitNamedPipeA
SleepEx
SetNamedPipeHandleState
WriteFile
ReadFile
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
GetWindowsDirectoryA
ResetEvent
VerifyVersionInfoW
VerSetConditionMask
Sleep
SetErrorMode
SetHandleInformation
lstrlenA
GetVersionExA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetTimeZoneInformation
GetLocalTime
FormatMessageA
GetVersionExW
GetFullPathNameA
CreateMutexA
CreateSemaphoreA
GetVersion
ReleaseSemaphore
GetLastError
FindFirstFileA
FindClose
MapViewOfFile
CreateEventA
GetSystemTime
GetComputerNameExA
GetSystemTimeAsFileTime
CreateFileMappingA
SetFileAttributesA
CreateThread
CloseHandle
DeleteFileA
TerminateThread
SetEvent
CreateFileA
GetFileAttributesA
GetModuleHandleA
UnmapViewOfFile
WaitForSingleObject
WaitForMultipleObjects
TerminateProcess
GetCurrentProcess
SetConsoleCtrlHandler
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
FlushConsoleInputBuffer
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetComputerNameW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
SetEndOfFile
UnlockFileEx
GetFileAttributesW
GetTempPathW
SetConsoleTitleA
CreateFileW
GetTempPathA
GetDiskFreeSpaceA
GetFileType
GetFileAttributesExW
DeleteFileW
LoadLibraryW
UnlockFile
OutputDebugStringW
LocalFree
LockFileEx
FormatMessageW
GetFileSize
CreateFileMappingW
QueryPerformanceCounter
FlushFileBuffers
GetNativeSystemInfo
CreateDirectoryA
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GlobalMemoryStatus
GetComputerNameA
GetStdHandle
OpenProcess
ReleaseMutex

user32

DialogBoxIndirectParamA
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
SetTimer
ScreenToClient
CreateDialogIndirectParamA
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
GetSystemMetrics
GetParent
GetWindowLongA
MessageBeep
GetDC
GetWindowRect
GetClientRect
SetWindowTextA
EnableWindow
GetFocus
SetFocus
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextA
GetDlgItem
EndDialog
MoveWindow
ShowWindow
SendMessageA
MessageBoxA
GetActiveWindow
KillTimer
wsprintfA

gdi32

GetDIBits
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
GetObjectA

comdlg32

GetOpenFileNameA

shell32

ord680

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
VariantClear
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysAllocStringLen
SysAllocString
SafeArrayUnaccessData
SafeArrayDestroy

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoInitializeEx
CoUninitialize

psapi

GetProcessMemoryInfo

advapi32

SetSecurityDescriptorDacl
RegDeleteValueA
RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegQueryValueExA
GetUserNameA
GetUserNameW
RegQueryValueExW
RegSetValueExA
RegSetValueExW
CloseServiceHandle
OpenSCManagerA
OpenServiceA
QueryServiceStatus
StartServiceA
RegEnumKeyExA
RegQueryInfoKeyA
LookupAccountNameW
RegOpenKeyExW
ConvertSidToStringSidW
RegCreateKeyExW
InitializeSecurityDescriptor
RegCloseKey

msvcp140

??1_Lockit@std@@QAE@XZ
?_Xbad_function_call@std@@YAXXZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??0_Lockit@std@@QAE@H@Z
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
_Mbrtowc
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?fail@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
_Xtime_get_ticks
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 751KB - Virtual size: 751KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Crack/RshClr.dll
.dll windows x64

ade96438f59125802db11a93427cd93f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
GetNativeSystemInfo
GetComputerNameExA
SetLocalTime
GetProcAddress
GetShortPathNameW
GetModuleHandleA
GetModuleFileNameW
CreateThread
WaitForSingleObject
TerminateProcess
CloseHandle
WaitNamedPipeA
SleepEx
SetNamedPipeHandleState
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalReAlloc
GlobalAlloc
ReadFile
DeviceIoControl
FindNextFileW
FindFirstFileW
GetDriveTypeA
GetTickCount
GetProcessTimes
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentVariableW
GetEnvironmentVariableA
GetTimeZoneInformation
GetVersionExA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetWindowsDirectoryA
GetVersion
SetErrorMode
GetComputerNameA
GetVolumeInformationA
GetSystemTime
WaitForMultipleObjects
PulseEvent
GetUserDefaultLCID
GetLocaleInfoA
OpenProcess
CreateProcessA
FindNextFileA
OpenFileMappingA
CreateFileMappingA
UnmapViewOfFile
MapViewOfFile
OpenEventA
CreateEventA
VerifyVersionInfoW
IsBadWritePtr
LoadLibraryA
lstrlenA
lstrcmpiA
VirtualQuery
VirtualProtect
VerSetConditionMask
FormatMessageA
LocalFree
LoadLibraryExA
FreeLibrary
SystemTimeToFileTime
FileTimeToSystemTime
OpenMutexA
GetThreadTimes
OpenThread
GetCurrentProcess
CreateMutexA
ReleaseMutex
FileTimeToLocalFileTime
OutputDebugStringA
SetLastError
CreateDirectoryA
GetFileAttributesA
MoveFileExA
GetFileSizeEx
WriteFile
GetLocalTime
TerminateThread
FindClose
FindFirstFileA
FlushFileBuffers
SetFilePointer
Sleep
CreateFileA
WakeAllConditionVariable
SleepConditionVariableCS
InitializeConditionVariable
GetLastError
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection

msvcp140

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?flags@ios_base@std@@QEBAHXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exception@std@@YA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
??Bios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAG@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?fail@ios_base@std@@QEBA_NXZ
?_Xbad_alloc@std@@YAXXZ
?id@?$ctype@_W@std@@2V0locale@2@A
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEAPEA_W0PEAH001@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??Bid@locale@std@@QEAA_KXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?eof@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

ws2_32

recv
closesocket
setsockopt
connect
htons
send
WSAGetLastError
htonl
WSACleanup
ioctlsocket
inet_addr
inet_ntoa
select
socket
gethostbyname
WSAStartup
WSAIoctl
getaddrinfo
__WSAFDIsSet
getnameinfo
getsockopt
freeaddrinfo

vcruntime140

strstr
strrchr
__CxxQueryExceptionSize
__CxxExceptionFilter
wcsstr
strchr
__CxxFrameHandler3
__CxxDetectRethrow
__std_type_info_destroy_list
_CxxThrowException
__CxxRegisterExceptionObject
memcmp
__current_exception_context
__current_exception
__C_specific_handler
memset
__CxxUnregisterExceptionObject
memmove
memcpy
__std_exception_destroy
__FrameUnwindFilter
_purecall
__std_exception_copy
memchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-stdio-l1-1-0

fgetwc
fputwc
__stdio_common_vsprintf
_get_stream_buffer_pointers
fflush
fgetc
fgetpos
fsetpos
_fseeki64
fwrite
setvbuf
ungetc
_wfopen
__stdio_common_vfprintf
__acrt_iob_func
clearerr
__stdio_common_vsscanf
__stdio_common_vsprintf_s
fgets
_getcwd
fseek
fopen
ftell
fputs
fopen_s
ungetwc
_filelength
fread
_fileno
fclose
__stdio_common_vsnprintf_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_configure_narrow_argv
_crt_atexit
_initialize_narrow_environment
_execute_onexit_table
terminate
_exit
_register_onexit_function
_seh_filter_dll
_initialize_onexit_table
_endthread
_invalid_parameter_noinfo_noreturn
_errno
_beginthreadex
_invalid_parameter_noinfo
_getpid
__sys_nerr
abort
_beginthread
__sys_errlist

api-ms-win-crt-string-l1-1-0

strcat
strcat_s
tolower
strtok
strcpy
wcslen
strncpy
_strdup
_strlwr_s
_stricmp
isalnum
isdigit
_strnicmp
isxdigit
islower
isupper
strspn
strcspn
strcmp
strncpy_s
isalpha
strlen
strcpy_s
toupper
strncmp
isspace

api-ms-win-crt-math-l1-1-0

sin

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
calloc
free
realloc

api-ms-win-crt-utility-l1-1-0

srand
rand
rand_s
bsearch
qsort

api-ms-win-crt-time-l1-1-0

clock
_localtime64_s
_localtime64
_mktime64
_time64
_strftime_l
_difftime64

api-ms-win-crt-locale-l1-1-0

_create_locale

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s
_wstat64i32
_unlock_file
_lock_file
_stat64i32
_findnext64i32
_findfirst64i32
_findclose

api-ms-win-crt-convert-l1-1-0

atol
atof
strtol
strtoul
strtod
_itoa_s
atoi

api-ms-win-crt-environment-l1-1-0

getenv_s
_putenv_s
getenv

wininet

InternetSetOptionA
InternetCloseHandle
InternetQueryOptionA
InternetQueryOptionW
InternetSetOptionW
InternetOpenA

psapi

GetModuleFileNameExA
GetModuleBaseNameW
GetModuleBaseNameA
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

shell32

ord680

user32

wsprintfA
DialogBoxIndirectParamA
CreateDialogIndirectParamA
GetSystemMetrics
GetParent
GetWindowLongA
ScreenToClient
MessageBeep
GetWindowRect
GetClientRect
SetWindowTextA
EnableWindow
GetFocus
SetFocus
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextA
EndDialog
MoveWindow
ShowWindow
SendMessageA
MessageBoxA
GetActiveWindow
GetDlgItem

comdlg32

GetOpenFileNameA

advapi32

RegDeleteValueA
CryptAcquireContextW
CryptReleaseContext
CryptDeriveKey
CryptDestroyKey
CryptGetHashParam
CryptGenRandom
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
GetUserNameW
GetUserNameA
RegQueryInfoKeyA
RegOpenKeyExA
SetEntriesInAclA
RegCreateKeyA
RegSetValueExA
RegEnumValueA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
RegCreateKeyExA
AllocateAndInitializeSid

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CreateILockBytesOnHGlobal
GetHGlobalFromILockBytes
StgOpenStorageEx
StgCreateStorageEx
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoSetProxyBlanket
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy

comctl32

ord17

netapi32

Netbios

rpcrt4

UuidToStringA
UuidCreateSequential
RpcStringFreeA

shlwapi

PathRemoveBackslashW

dhcpcsvc

DhcpRequestParams

mscoree

_CorDllMain

Exports

Exports

CloseFile
ExportedTraceDebug2
ExportedTraceDebug3
Function1
Function10
Function11
Function2
Function3
Function4
Function5
Function6
Function9
OpenFile
Reset

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 654KB - Virtual size: 653KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 655KB - Virtual size: 654KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fnp_dir
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Crack/RshModelerExchange.dll
.dll windows x64

baa93d47220682c04d92f7797d9224ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

lstrcpy

comctl32

InitCommonControls

Exports

Exports

??0AssemblyLoader@ModelerExchange@rsh@@QEAA@$$QEAVAssemblyTree@12@$$QEAVDocumentContext@DatakitInterface@12@@Z
??0BIMImportModel@BIM@ModelerExchange@rsh@@QEAA@$$QEAV0123@@Z
??0BIMImportModel@BIM@ModelerExchange@rsh@@QEAA@AEAUReadWrite@IO@3@PEAVThermometer@General@3@@Z
??0BIMImportModel@BIM@ModelerExchange@rsh@@QEAA@VAssembly@123@VQString@@@Z
??0DocumentContext@DatakitInterface@ModelerExchange@rsh@@QEAA@XZ
??0GeometricComponent@ModelerExchange@rsh@@QEAA@$$QEAV012@@Z
??0GeometricComponent@ModelerExchange@rsh@@QEAA@V?$unique_ptr@VGCloud@Cloud@Data@rsh@@U?$default_delete@VGCloud@Cloud@Data@rsh@@@eastl@@@eastl@@@Z
??0GeometricComponent@ModelerExchange@rsh@@QEAA@V?$unique_ptr@VGMultiLine@Line@Data@rsh@@U?$default_delete@VGMultiLine@Line@Data@rsh@@@eastl@@@eastl@@@Z
??0GeometricComponent@ModelerExchange@rsh@@QEAA@V?$unique_ptr@VGPolyhedron@Surface@Data@rsh@@U?$default_delete@VGPolyhedron@Surface@Data@rsh@@@eastl@@@eastl@@@Z
??0GeometricComponent@ModelerExchange@rsh@@QEAA@VShape@Topology@Modeler@2@@Z
??0GeometricComponent@ModelerExchange@rsh@@QEAA@VShape@Topology@Modeler@2@V?$unique_ptr@VGPolyhedron@Surface@Data@rsh@@U?$default_delete@VGPolyhedron@Surface@Data@rsh@@@eastl@@@eastl@@V?$unique_ptr@VGCloud@Cloud@Data@rsh@@U?$default_delete@VGCloud@Cloud@Data@rsh@@@eastl@@@7@V?$TableSimpleDOf@VGMultiLine@Line@Data@rsh@@@Collection@2@@Z
??0GeometricComponent@ModelerExchange@rsh@@QEAA@XZ
??1AssemblyLoader@ModelerExchange@rsh@@QEAA@XZ
??1BIMImportModel@BIM@ModelerExchange@rsh@@UEAA@XZ
??1ComponentContext@DatakitInterface@ModelerExchange@rsh@@QEAA@XZ
??1DocumentContext@DatakitInterface@ModelerExchange@rsh@@QEAA@XZ
??1GeometricComponent@ModelerExchange@rsh@@QEAA@XZ
??4BIMImportModel@BIM@ModelerExchange@rsh@@QEAAAEAV0123@$$QEAV0123@@Z
??4DocumentContext@DatakitInterface@ModelerExchange@rsh@@QEAAAEAV0123@$$QEAV0123@@Z
??4GeometricComponent@ModelerExchange@rsh@@QEAAAEAV012@$$QEAV012@@Z
??_FStandard_OutOfMemory@@QEAAXXZ
?AddInstance@Assembly@BIM@ModelerExchange@rsh@@QEAA?AU?$TagID@Uinstance_tag@BIM@ModelerExchange@rsh@@@234@U?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@V?$unique_ptr@VIInstance@BIM@ModelerExchange@rsh@@U?$default_delete@VIInstance@BIM@ModelerExchange@rsh@@@eastl@@@eastl@@@Z
?AddInstance@AssemblyHierarchy@BIM@ModelerExchange@rsh@@QEAA?AU?$TagID@Uinstance_tag@BIM@ModelerExchange@rsh@@@234@U?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@@Z
?AddPrototype@Assembly@BIM@ModelerExchange@rsh@@QEAA?AU?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@V?$unique_ptr@VIPrototype@BIM@ModelerExchange@rsh@@U?$default_delete@VIPrototype@BIM@ModelerExchange@rsh@@@eastl@@@eastl@@@Z
?AddPrototype@AssemblyHierarchy@BIM@ModelerExchange@rsh@@QEAA?AU?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@XZ
?BinRead@Assembly@BIM@ModelerExchange@rsh@@SA?AV1234@AEAUReadWrite@IO@4@PEAVThermometer@General@4@@Z
?BinRead@AssemblyHierarchy@BIM@ModelerExchange@rsh@@SA?AV1234@AEAUReadWrite@IO@4@PEAVThermometer@General@4@@Z
?BinRead@GeometricComponent@ModelerExchange@rsh@@SA?AV123@AEAUReadWrite@IO@3@PEAVThermometer@General@3@@Z
?BinRead@ISerializable@BIM@ModelerExchange@rsh@@SA?AV?$unique_ptr@VISerializable@BIM@ModelerExchange@rsh@@U?$default_delete@VISerializable@BIM@ModelerExchange@rsh@@@eastl@@@eastl@@AEAUReadWrite@IO@4@PEAVThermometer@General@4@@Z
?BinWrite@Assembly@BIM@ModelerExchange@rsh@@QEBAXAEAUReadWrite@IO@4@PEAVThermometer@General@4@@Z
?BinWrite@AssemblyHierarchy@BIM@ModelerExchange@rsh@@QEBAXAEAUReadWrite@IO@4@PEAVThermometer@General@4@@Z
?BinWrite@GeometricComponent@ModelerExchange@rsh@@QEBAXAEAUReadWrite@IO@3@PEAVThermometer@General@3@@Z
?BinWrite@ISerializable@BIM@ModelerExchange@rsh@@QEBAXAEAUReadWrite@IO@4@PEAVThermometer@General@4@@Z
?BuildAssemblyTree@DocumentContext@DatakitInterface@ModelerExchange@rsh@@QEBA?AV?$optional@VAssemblyTree@ModelerExchange@rsh@@@std@@PEAVThermometer@General@4@@Z
?Clear@GeometricComponentsReducer@ModelerExchange@rsh@@QEAAXXZ
?Compact@DisjointSubtrees@ModelerExchange@rsh@@QEAAAEAV123@XZ
?CreateImportExchange@BIM@ModelerExchange@rsh@@YA?AV?$unique_ptr@VIImportExchange@ModelerExchange@rsh@@U?$default_delete@VIImportExchange@ModelerExchange@rsh@@@eastl@@@eastl@@AEBVQString@@PEAVThermometer@General@3@@Z
?CreateImportModel@BIM@ModelerExchange@rsh@@YA?AV?$unique_ptr@VIImportModel@BIM@ModelerExchange@rsh@@U?$default_delete@VIImportModel@BIM@ModelerExchange@rsh@@@eastl@@@eastl@@$$QEAVAssembly@123@VQString@@@Z
?DifferenceWith@DisjointSubtrees@ModelerExchange@rsh@@QEAAAEAV123@AEBV123@@Z
?ForceUnloadModelerDll@RshModelerExchange@@YA_NXZ
?GetChildrenInstances@AssemblyHierarchy@BIM@ModelerExchange@rsh@@QEBAAEBV?$vector@U?$TagID@Uinstance_tag@BIM@ModelerExchange@rsh@@@BIM@ModelerExchange@rsh@@V?$allocator@U?$TagID@Uinstance_tag@BIM@ModelerExchange@rsh@@@BIM@ModelerExchange@rsh@@@std@@@std@@U?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@@Z
?GetCloud@GeometricComponent@ModelerExchange@rsh@@QEBA?AV?$RawPtr@VGCloud@Cloud@Data@rsh@@@3@XZ
?GetComponentContext@DocumentContext@DatakitInterface@ModelerExchange@rsh@@QEBA?AVComponentContext@234@AEBI@Z
?GetComponentContext@DocumentContext@DatakitInterface@ModelerExchange@rsh@@QEBA?AVComponentContext@234@AEBV?$Dtk_SmartPtr@VDtk_Component@@@@@Z
?GetDocumentContext@APIContext@DatakitInterface@ModelerExchange@rsh@@QEAA?AVDocumentContext@234@AEBVpath@filesystem@std@@@Z
?GetErrorName@StatusContext@DatakitInterface@ModelerExchange@rsh@@QEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetGeometry@BIMImportModel@BIM@ModelerExchange@rsh@@QEBAAEBVGeometricComponent@34@U?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@@Z
?GetIFCGlobalIDFromUUID@DatakitConversion@ModelerExchange@rsh@@YA?AVQString@@AEBVQUuid@@@Z
?GetLogger@ModelerExchange@rsh@@YAAEAVIContextLogger@12@XZ
?GetMesh@GeometricComponent@ModelerExchange@rsh@@QEBA?AV?$RawPtr@VGPolyhedron@Surface@Data@rsh@@@3@XZ
?GetMultiTbl@GeometricComponent@ModelerExchange@rsh@@QEBA?AV?$TableSimpleOf@VGMultiLine@Line@Data@rsh@@@Collection@3@XZ
?GetOrCreateContext@APIContext@DatakitInterface@ModelerExchange@rsh@@SA?AV?$shared_ptr@VAPIContext@DatakitInterface@ModelerExchange@rsh@@@eastl@@XZ
?GetShape@GeometricComponent@ModelerExchange@rsh@@QEBAAEBVShape@Topology@Modeler@3@XZ
?GetUUIDFromIFCGlobalId@DatakitConversion@ModelerExchange@rsh@@YA?AVQUuid@@AEBVQString@@@Z
?HasGeometry@GeometricComponent@ModelerExchange@rsh@@QEBA_NXZ
?InsertChildInstance@AssemblyHierarchy@BIM@ModelerExchange@rsh@@QEAA_NU?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@U?$TagID@Uinstance_tag@BIM@ModelerExchange@rsh@@@234@@Z
?LoadComponent@AssemblyLoader@ModelerExchange@rsh@@QEAAAEBVGeometricComponent@23@IPEAVThermometer@General@3@@Z
?LoadFromFile@BIM@ModelerExchange@rsh@@YA?AV?$optional@VAssembly@BIM@ModelerExchange@rsh@@@std@@AEBVQString@@PEAVThermometer@General@3@@Z
?LoadFromFile@ModelerExchange@rsh@@YA?AV?$optional@VAssemblyTree@ModelerExchange@rsh@@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@PEAVThermometer@General@2@@Z
?LoadRootComponent@AssemblyLoader@ModelerExchange@rsh@@QEAAAEBVGeometricComponent@23@PEAVThermometer@General@3@@Z
?MoveGeometry@BIMImportModel@BIM@ModelerExchange@rsh@@QEAA?AVGeometricComponent@34@U?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@@Z
?OdReplayPopEnabled@@YAXXZ
?OdReplayPushEnabled@@YAXXZ
?ReduceComponents@GeometricComponentsReducer@ModelerExchange@rsh@@QEAA?AVGeometricComponent@23@XZ
?RegisterSerializableCreateFn@BIM@ModelerExchange@rsh@@YA_NVQString@@$$QEAV?$function@$$A6A?AV?$unique_ptr@VISerializable@BIM@ModelerExchange@rsh@@U?$default_delete@VISerializable@BIM@ModelerExchange@rsh@@@eastl@@@eastl@@AEAUReadWrite@IO@rsh@@PEAVThermometer@General@5@@Z@std@@@Z
?Reset@DisjointSubtrees@ModelerExchange@rsh@@QEAAXAEBV123@@Z
?Reset@DisjointSubtrees@ModelerExchange@rsh@@QEAAXAEBV?$Span@$$CBI$0?0@Collection@3@@Z
?Reset@DisjointSubtrees@ModelerExchange@rsh@@QEAAXI@Z
?SetGeometry@BIMImportModel@BIM@ModelerExchange@rsh@@QEAAXU?$TagID@Uinstance_tag@BIM@ModelerExchange@rsh@@@234@$$QEAVGeometricComponent@34@@Z
?SetGeometry@BIMImportModel@BIM@ModelerExchange@rsh@@QEAAXU?$TagID@Uprototype_tag@BIM@ModelerExchange@rsh@@@234@$$QEAVGeometricComponent@34@@Z
?Traverse@AssemblyHierarchy@BIM@ModelerExchange@rsh@@QEBAXAEBUInstanceVisitor@1234@AEBUPrototypeVisitor@1234@U?$TagID@Uinstance_tag@BIM@ModelerExchange@rsh@@@234@@Z
?TraverseConstructionTree@ModelerExchange@rsh@@YAXAEBVComponentContext@DatakitInterface@12@AEBUConstructionNodeVisitor@12@PEAVThermometer@General@2@@Z
?UnionWith@DisjointSubtrees@ModelerExchange@rsh@@QEAAAEAV123@AEBV123@@Z
RshCreatePlugin

Sections

Size: 14.9MB - Virtual size: 39.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 7.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rmaolbqf
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

madbbwvg
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 957KB - Virtual size: 960KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Crack/svr_lgs.lic
install/Cyclone_3DR_2021_0_2_37682.exe
.exe windows x86

eb5bc6ff6263b364dfbfb78bdb48ed59

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:8f:96:b5:66:6d:5b:31:04:18:2a:09:8a:37:fb:aa
Certificate

Issuer

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

26/06/2020, 00:00

Not After

26/06/2023, 23:59

Subject

SERIALNUMBER=CHE-105.959.465,CN=Leica Geosystems AG,O=Leica Geosystems AG,POSTALCODE=9435,STREET=Heinrich-Wild-Strasse 201,L=Heerbrugg,ST=Sankt Gallen,C=CH,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024348

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/12/2014, 00:00

Not After

02/12/2029, 23:59

Subject

CN=COMODO RSA Extended Validation Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

63:92:38:1f:52:45:ee:f6:4a:f5:72:aa:c2:e3:e3:5c:ad:76:7b:04:66:df:58:89:77:b0:e9:ea:92:37:58:71
Signer

Actual PE Digest

63:92:38:1f:52:45:ee:f6:4a:f5:72:aa:c2:e3:e3:5c:ad:76:7b:04:66:df:58:89:77:b0:e9:ea:92:37:58:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 660KB - Virtual size: 660KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
install/clm_package_1.8.1000.6.exe
.exe windows x86

f71c71e4b409d2cc3e7e8b0ac4b8385a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f0:dc:78:27:6f:ca:56:4c:e7:d3:23:b3:e4:14:9d:2b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

08/03/2018, 00:00

Not After

07/03/2021, 23:59

Subject

CN=Leica Geosystems AG,O=Leica Geosystems AG,POSTALCODE=9435,STREET=Heinrich-Wild-Strasse 201,L=Heerbrugg,ST=St. Gallen,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:99:5c:55:40:10:6c:d5:c2:09:3c:b7:21:f8:94:36:9c:7f:71:68:11:30:6b:60:fc:33:7d:09:a9:97:c7:dd
Signer

Actual PE Digest

e1:99:5c:55:40:10:6c:d5:c2:09:3c:b7:21:f8:94:36:9c:7f:71:68:11:30:6b:60:fc:33:7d:09:a9:97:c7:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
SystemFunction036
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
SetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
TlsAlloc
GetCommandLineA
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
TlsGetValue
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
GetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
SetLastError
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 295KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cbb56e8e1589c64a69cf7abe2e75a029

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

f0:dc:78:27:6f:ca:56:4c:e7:d3:23:b3:e4:14:9d:2bCertificate

Extended Key Usages

Key Usages

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9dCertificate

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

59:a4:c4:b3:65:be:14:3b:65:f1:96:63:92:a0:d3:c5:43:9b:f3:e9:53:7a:88:78:a7:c4:fc:1b:46:65:8f:d4Signer

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

shlwapi

userenv

comctl32

netapi32

dhcpcsvc

winhttp

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

user32

gdi32

comdlg32

shell32

version

oleaut32

ole32

psapi

advapi32

msvcp140

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.textidx Size: 751KB - Virtual size: 751KB

.rdata Size: 401KB - Virtual size: 401KB

.data Size: 42KB - Virtual size: 123KB

.fnp_dir Size: 512B - Virtual size: 100B

.fnp_mar Size: 512B - Virtual size: 1B

.gfids Size: 1024B - Virtual size: 824B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 102KB - Virtual size: 101KB

ade96438f59125802db11a93427cd93f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcp140

ws2_32

vcruntime140

vcruntime140_1

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

f0:dc:78:27:6f:ca:56:4c:e7:d3:23:b3:e4:14:9d:2b
Certificate

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

59:a4:c4:b3:65:be:14:3b:65:f1:96:63:92:a0:d3:c5:43:9b:f3:e9:53:7a:88:78:a7:c4:fc:1b:46:65:8f:d4
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.textidx
Size: 751KB - Virtual size: 751KB

.rdata
Size: 401KB - Virtual size: 401KB

.data
Size: 42KB - Virtual size: 123KB

.fnp_dir
Size: 512B - Virtual size: 100B

.fnp_mar
Size: 512B - Virtual size: 1B

.gfids
Size: 1024B - Virtual size: 824B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 102KB - Virtual size: 101KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.nep
Size: 1KB - Virtual size: 1KB

.textidx
Size: 654KB - Virtual size: 653KB

.rdata
Size: 655KB - Virtual size: 654KB

.data
Size: 45KB - Virtual size: 79KB

.pdata
Size: 104KB - Virtual size: 103KB

.fnp_dir
Size: 512B - Virtual size: 120B

.fnp_mar
Size: 512B - Virtual size: 1B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1KB

.idata
Size: 512B - Virtual size: 4KB

rmaolbqf
Size: 3.5MB - Virtual size: 3.5MB

madbbwvg
Size: 512B - Virtual size: 4KB

.pdata
Size: 957KB - Virtual size: 960KB

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

6e:8f:96:b5:66:6d:5b:31:04:18:2a:09:8a:37:fb:aa
Certificate

6d:d4:72:eb:02:ae:04:06:e3:dd:84:3f:5f:e1:45:e1
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

63:92:38:1f:52:45:ee:f6:4a:f5:72:aa:c2:e3:e3:5c:ad:76:7b:04:66:df:58:89:77:b0:e9:ea:92:37:58:71
Signer