FreePluginDll
LoadPluginDll
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
License.txt
Resource
win10-20230703-en
windows10-1703-x64
1 signatures
600 seconds
Behavioral task
behavioral2
Sample
VPNGate.dat
Resource
win10-20230703-en
windows10-1703-x64
3 signatures
600 seconds
Behavioral task
behavioral3
Sample
VPNGate.db
Resource
win10-20230703-en
windows10-1703-x64
1 signatures
600 seconds
Behavioral task
behavioral4
Sample
VpnGatePlugin_x64.dll
Resource
win10-20230703-en
windows10-1703-x64
1 signatures
600 seconds
Behavioral task
behavioral5
Sample
VpnGatePlugin_x86.dll
Resource
win10-20230703-en
windows10-1703-x64
2 signatures
600 seconds
Behavioral task
behavioral6
Sample
vpngate-client-v4.41-9782-beta-2022.11.17.exe
Resource
win10-20230703-en
windows10-1703-x64
19 signatures
600 seconds
Behavioral task
behavioral7
Sample
xmlrpc.config
Resource
win10-20230703-en
windows10-1703-x64
3 signatures
600 seconds
General
-
Target
vpngate-client-2023.01.03-build-9782.154884.zip
-
Size
65.3MB
-
MD5
0e199d90de43d2fbbc2770d9633aee6e
-
SHA1
67550b13afc4635b30e44ffcfebf32c3da72ff65
-
SHA256
c2ad78587e2732d6967f21cd2a413b114742dc778223ba68902bfebf93c8d278
-
SHA512
09b0b41457d46e7905a5975a495c40ecfea8318a85b3ce53f94ec6028927d7339f9b54996d95063decfa3ff5bf7316e865fdf6a2ca2a0357e311c18134b48851
-
SSDEEP
1572864:mmyY9a++m3TczMqJx8TCA+bC3f8r0sjWNqeaFYR+Izatr:HyW+mgzMqJx8TCI30glqrE+0gr
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/VpnGatePlugin_x64.dll unpack001/VpnGatePlugin_x86.dll
Files
-
vpngate-client-2023.01.03-build-9782.154884.zip.zip
-
License.txt
-
VPNGate.dat
-
VPNGate.db
-
VpnGatePlugin_x64.dll.dll windows x64
4350c2f29417448b46692d99ff1668a0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
kernel32
SetEvent
GetSystemDirectoryA
lstrlenA
GetExitCodeProcess
GetUserDefaultLCID
GetSystemDefaultLCID
GetComputerNameW
PulseEvent
ReleaseMutex
SetErrorMode
QueryPerformanceFrequency
QueryPerformanceCounter
GetDriveTypeA
CreateFileW
CreateDirectoryW
CreateDirectoryA
RemoveDirectoryW
RemoveDirectoryA
DeleteFileW
DeleteFileA
GetFileAttributesW
GetFileAttributesA
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryExW
SetFileAttributesA
SetFileAttributesW
GetComputerNameA
LocalFree
GetCurrentProcess
GetThreadLocale
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetStdHandle
LoadLibraryW
GetShortPathNameA
GetShortPathNameW
TerminateProcess
OpenProcess
SetThreadAffinityMask
GetCurrentThread
lstrcmpiA
GetCurrentProcessId
SetThreadPriority
FindClose
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
GetTempPathW
GetTempPathA
SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineW
GetCommandLineA
FlushFileBuffers
SystemTimeToFileTime
GetSystemTime
RaiseException
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
FileTimeToSystemTime
GetCurrentDirectoryW
GetCurrentDirectoryA
Sleep
GlobalMemoryStatus
SetPriorityClass
GetSystemInfo
CreateProcessW
CreateProcessA
MoveFileA
SetFilePointer
GetFileSize
GetFileInformationByHandle
SetFileTime
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
GetProcessHeap
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ReadConsoleA
ReadConsoleW
WriteConsoleA
WriteConsoleW
SetLastError
RtlVirtualUnwind
InitializeCriticalSectionAndSpinCount
TlsFree
GetModuleHandleW
GetVersion
MultiByteToWideChar
GetFileType
FormatMessageA
VirtualFree
WideCharToMultiByte
GetACP
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetConsoleMode
SetConsoleMode
HeapFree
GetTimeZoneInformation
GetLocalTime
WaitForMultipleObjects
GetLastError
MoveFileW
TlsAlloc
GetVersionExA
GetCurrentThreadId
MulDiv
EnumResourceNamesA
WaitForSingleObject
OpenMutexA
CreateMutexA
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
CreateFileA
ReadConsoleInputA
SetEndOfFile
GetConsoleOutputCP
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
LCMapStringW
LCMapStringA
PeekNamedPipe
GetFullPathNameA
SetStdHandle
HeapSize
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetCPInfo
RtlPcToFileHeader
GetTickCount
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
FlsAlloc
FlsFree
FlsGetValue
DecodePointer
EncodePointer
RtlCaptureContext
IsDebuggerPresent
UnhandledExceptionFilter
FileTimeToLocalFileTime
SetConsoleCtrlHandler
CreateThread
ExitThread
RtlUnwindEx
RtlLookupFunctionEntry
ExitProcess
FlsSetValue
LocalAlloc
OpenEventA
GetModuleHandleA
GetProcAddress
CreateEventA
CloseHandle
ReadFile
WriteFile
DeviceIoControl
HeapDestroy
gdi32
CreateFontA
GetDeviceCaps
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
BitBlt
GdiFlush
DeleteObject
GetObjectA
CreateCompatibleDC
DeleteDC
GetStockObject
CreateDIBSection
comdlg32
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
Shell_NotifyIconA
Shell_NotifyIconW
ShellExecuteW
ShellExecuteA
ShellExecuteExW
ShellExecuteExA
SHBrowseForFolderW
SHChangeNotify
ole32
PropVariantClear
CoUninitialize
CoInitialize
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
ws2_32
listen
accept
send
recv
htonl
shutdown
htons
setsockopt
sendto
recvfrom
ntohs
socket
closesocket
WSACleanup
WSAStartup
WSAEventSelect
WSAIoctl
WSAAccept
WSAGetLastError
connect
getsockopt
getsockname
select
ioctlsocket
getservbyport
gethostbyaddr
getpeername
gethostname
WSASetLastError
inet_ntoa
getservbyname
inet_addr
gethostbyname
bind
winmm
PlaySoundA
timeGetTime
comctl32
ImageList_ReplaceIcon
CreatePropertySheetPageW
PropertySheetW
ImageList_SetBkColor
ImageList_Create
ImageList_Destroy
CreateStatusWindowW
InitCommonControlsEx
netapi32
Netbios
shlwapi
SHStrDupW
urlmon
CreateURLMoniker
version
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
Exports
Exports
Sections
.text Size: 5.1MB - Virtual size: 5.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 170KB - Virtual size: 255KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 208KB - Virtual size: 208KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
VpnGatePlugin_x86.dll.dll windows x86
db53271663c93a088b5f01d7691f5474
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetEvent
GetSystemDirectoryA
lstrlenA
GetExitCodeProcess
GetUserDefaultLCID
GetSystemDefaultLCID
GetComputerNameW
PulseEvent
ReleaseMutex
SetErrorMode
QueryPerformanceFrequency
QueryPerformanceCounter
GetDriveTypeA
CreateFileW
CreateDirectoryW
CreateDirectoryA
RemoveDirectoryW
RemoveDirectoryA
DeleteFileW
DeleteFileA
GetFileAttributesW
GetFileAttributesA
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryExW
SetFileAttributesA
SetFileAttributesW
GetComputerNameA
LocalFree
GetCurrentProcess
GetThreadLocale
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetStdHandle
LoadLibraryW
GetShortPathNameA
GetShortPathNameW
TerminateProcess
OpenProcess
SetThreadAffinityMask
GetCurrentThread
lstrcmpiA
GetCurrentProcessId
SetThreadPriority
FindClose
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
GetTempPathW
GetTempPathA
SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineW
GetCommandLineA
FlushFileBuffers
SystemTimeToFileTime
GetSystemTime
RaiseException
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
FileTimeToSystemTime
GetCurrentDirectoryW
GetCurrentDirectoryA
Sleep
GlobalMemoryStatus
SetPriorityClass
GetSystemInfo
CreateProcessW
CreateProcessA
MoveFileA
SetFilePointer
GetFileSize
GetFileInformationByHandle
SetFileTime
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ReadConsoleA
ReadConsoleW
WriteConsoleA
WriteConsoleW
SetLastError
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
TlsFree
InterlockedExchangeAdd
GetModuleHandleW
GetVersion
MultiByteToWideChar
GetFileType
FormatMessageA
VirtualFree
VirtualAlloc
WideCharToMultiByte
GetACP
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetConsoleMode
SetConsoleMode
GetVersionExA
HeapFree
GetTimeZoneInformation
GetLocalTime
WaitForMultipleObjects
GetLastError
MoveFileW
TlsAlloc
GetCurrentThreadId
MulDiv
EnumResourceNamesA
WaitForSingleObject
OpenMutexA
CreateMutexA
TlsSetValue
TlsGetValue
FreeLibrary
LoadLibraryA
CreateFileA
ReadConsoleInputA
SetEndOfFile
GetConsoleOutputCP
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetFullPathNameA
SetStdHandle
HeapSize
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetCPInfo
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
IsDebuggerPresent
UnhandledExceptionFilter
FileTimeToLocalFileTime
SetConsoleCtrlHandler
CreateThread
ExitThread
RtlUnwind
ExitProcess
InterlockedExchange
LocalAlloc
OpenEventA
GetModuleHandleA
GetProcAddress
CreateEventA
CloseHandle
ReadFile
WriteFile
DeviceIoControl
HeapCreate
gdi32
CreateFontA
GetDeviceCaps
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
CreateDIBSection
BitBlt
GdiFlush
DeleteObject
GetObjectA
CreateCompatibleDC
DeleteDC
GetStockObject
comdlg32
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
shell32
SHChangeNotify
SHGetSpecialFolderLocation
ShellExecuteW
SHGetMalloc
SHBrowseForFolderA
Shell_NotifyIconA
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteExA
ShellExecuteExW
SHGetPathFromIDListW
SHGetPathFromIDListA
ShellExecuteA
ole32
CoUninitialize
CoInitialize
PropVariantClear
CoCreateInstance
oleaut32
SysFreeString
SysAllocString
ws2_32
listen
getsockname
send
recv
htonl
bind
htons
setsockopt
sendto
shutdown
ntohs
socket
closesocket
WSACleanup
WSAStartup
WSAEventSelect
WSAIoctl
WSAAccept
WSAGetLastError
getpeername
gethostname
WSASetLastError
inet_ntoa
getservbyname
inet_addr
gethostbyname
gethostbyaddr
connect
getsockopt
recvfrom
select
ioctlsocket
accept
getservbyport
winmm
PlaySoundA
timeGetTime
comctl32
PropertySheetW
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Create
ImageList_Destroy
CreateStatusWindowW
InitCommonControlsEx
netapi32
Netbios
shlwapi
SHStrDupW
urlmon
CreateURLMoniker
version
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
Exports
Exports
FreePluginDll
LoadPluginDll
Sections
.text Size: 4.1MB - Virtual size: 4.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 740KB - Virtual size: 739KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 152KB - Virtual size: 221KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 167KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
vpngate-client-v4.41-9782-beta-2022.11.17.exe.exe windows x86
2d615cd325a45ae405142561b25eb749
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
24:e1:29:01:90:2d:e8:24:4c:df:d9:94:84:1a:2d:03Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before27/08/2021, 00:00Not After26/08/2024, 23:59SubjectSERIALNUMBER=0500-01-016519,CN=SOFTETHER CORPORATION,O=SOFTETHER CORPORATION,ST=Ibaraki,C=JP,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024a50Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
24:e1:29:01:90:2d:e8:24:4c:df:d9:94:84:1a:2d:03Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before27/08/2021, 00:00Not After26/08/2024, 23:59SubjectSERIALNUMBER=0500-01-016519,CN=SOFTETHER CORPORATION,O=SOFTETHER CORPORATION,ST=Ibaraki,C=JP,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024a50Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c4:96:4a:29:b1:26:13:8b:b2:11:c8:80:ad:a5:1e:52:10:05:14:7f:da:6d:21:d0:61:88:bd:f2:71:7b:8c:bbSigner
Actual PE Digestc4:96:4a:29:b1:26:13:8b:b2:11:c8:80:ad:a5:1e:52:10:05:14:7f:da:6d:21:d0:61:88:bd:f2:71:7b:8c:bbDigest Algorithmsha256PE Digest Matchestrue9e:44:5e:c1:c4:0a:aa:52:b8:67:61:ff:a9:33:9e:61:71:ba:ba:16Signer
Actual PE Digest9e:44:5e:c1:c4:0a:aa:52:b8:67:61:ff:a9:33:9e:61:71:ba:ba:16Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
GetVersionExA
CreateEventA
GetLocalTime
lstrlenA
GetSystemDirectoryA
GetExitCodeProcess
GetUserDefaultLCID
GetSystemDefaultLCID
GetComputerNameW
PulseEvent
ReleaseMutex
SetErrorMode
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileW
CreateDirectoryW
CreateDirectoryA
RemoveDirectoryW
RemoveDirectoryA
DeleteFileW
DeleteFileA
GetFileAttributesW
GetFileAttributesA
FreeResource
LoadLibraryExA
LoadLibraryExW
SetFileAttributesA
SetFileAttributesW
GetComputerNameA
LocalFree
GetCurrentProcess
GetThreadLocale
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetStdHandle
LoadLibraryW
GetShortPathNameA
GetShortPathNameW
TerminateProcess
OpenProcess
SetThreadAffinityMask
GetCurrentThread
SetEvent
lstrcmpiA
GetCurrentProcessId
SetThreadPriority
FindClose
FindNextFileA
FindNextFileW
FindFirstFileA
FindFirstFileW
GetTempPathW
GetTempPathA
SetUnhandledExceptionFilter
GetModuleFileNameW
GetModuleFileNameA
GetCommandLineW
GetCommandLineA
WaitForMultipleObjects
SystemTimeToFileTime
GetSystemTime
GetTimeZoneInformation
HeapFree
GetProcessHeap
RaiseException
GetDiskFreeSpaceExW
GetDiskFreeSpaceExA
FileTimeToSystemTime
GetCurrentDirectoryW
GetCurrentDirectoryA
Sleep
GlobalMemoryStatus
SetPriorityClass
GetSystemInfo
CreateProcessW
CreateProcessA
MoveFileA
SetFilePointer
GetFileSize
EnumResourceNamesA
SetFileTime
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
ResetEvent
ReadConsoleA
ReadConsoleW
WriteConsoleA
WriteConsoleW
SetLastError
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
TlsFree
InterlockedExchangeAdd
GetModuleHandleW
GetVersion
MultiByteToWideChar
GetFileType
FormatMessageA
VirtualFree
VirtualAlloc
WideCharToMultiByte
GetACP
GetEnvironmentVariableW
GetSystemTimeAsFileTime
GetConsoleMode
SetConsoleMode
CreateFileA
GetLastError
DeviceIoControl
OpenEventA
ReadFile
WriteFile
MoveFileW
TlsAlloc
GetCurrentThreadId
MulDiv
GetModuleHandleA
WaitForSingleObject
CreateMutexA
OpenMutexA
TlsSetValue
TlsGetValue
GetDriveTypeA
FlushFileBuffers
CloseHandle
ReadConsoleInputA
SetEndOfFile
GetConsoleOutputCP
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
LCMapStringW
LCMapStringA
GetFullPathNameA
SetStdHandle
HeapSize
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
GetTickCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FileTimeToLocalFileTime
SetConsoleCtrlHandler
CreateThread
ExitThread
RtlUnwind
GetStartupInfoA
InterlockedExchange
LocalAlloc
FindResourceA
LoadResource
SizeofResource
LockResource
LoadLibraryA
GetProcAddress
FreeLibrary
GetFileInformationByHandle
ExitProcess
gdi32
GetDeviceCaps
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
CreateDIBSection
BitBlt
GdiFlush
DeleteObject
GetObjectA
CreateCompatibleDC
DeleteDC
GetStockObject
CreateFontA
comdlg32
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
GetOpenFileNameA
shell32
ShellExecuteW
Shell_NotifyIconW
Shell_NotifyIconA
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
ShellExecuteExA
SHChangeNotify
SHBrowseForFolderW
ole32
CoUninitialize
CoInitialize
PropVariantClear
CoCreateInstance
oleaut32
SysAllocString
SysFreeString
ws2_32
send
recv
htonl
bind
htons
setsockopt
sendto
shutdown
accept
socket
closesocket
WSACleanup
WSAStartup
WSAEventSelect
WSAIoctl
WSAAccept
WSAGetLastError
connect
ntohs
listen
getsockopt
getsockname
getpeername
gethostname
WSASetLastError
inet_ntoa
getservbyname
inet_addr
gethostbyname
select
ioctlsocket
getservbyport
recvfrom
gethostbyaddr
comctl32
PropertySheetW
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Create
ImageList_Destroy
CreateStatusWindowW
InitCommonControlsEx
CreatePropertySheetPageW
shlwapi
SHStrDupW
Sections
.text Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 748KB - Virtual size: 748KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 149KB - Virtual size: 217KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48.2MB - Virtual size: 48.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 171KB - Virtual size: 170KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
xmlrpc.config