ColorTemprite[.]zip

Resubmissions

04/09/2023, 02:25

230904-cwpm7sdd4x 1

04/09/2023, 01:44

230904-b56seadc5s 3

Sharing

Copy URL Twitter E-mail

Reason

config extraction: missing cfgextr callback for rule "Gozi_FJ_loader_0"

General

Target

ColorTemprite.zip
Size

6.4MB
MD5

a38f6450fddac874c128c199cd5dd3b7
SHA1

283ed1540d83370f9a406c24f0d30c89d468cf99
SHA256

8ec2b5ea897cc92f86ab026921607267569f12afa53f73a770444e0cbc725c77
SHA512

4074f078740597b424beb4b5c4649f34cfb2b3d1ffda124919117bceab6b3f6b7039fd9d10c9001b2ea06282f1e2ae9f6abfd06ffac959e5213eab8fd57ccfb4
SSDEEP

98304:/EV5DHW3s2v3CCwTXNo0cpKwstTJIkS43mCFPH4BXIE:85S3x2ox8tQe3mjBXIE

Score

1^/10

Malware Config

Signatures

Files

ColorTemprite.zip
.zip
Client32.ini
HTCTL32.DLL
.dll windows x86

6ba08298dd09ea8e41ab7285d3183bba

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:9a:ad:c7:dc:6b:64:28:d9:9b:28:3b:14:85:83:63:08:60:5c:14:e0:60:b3:f1:ce:19:61:68:8b:29:63:f5
Signer

Actual PE Digest

49:9a:ad:c7:dc:6b:64:28:d9:9b:28:3b:14:85:83:63:08:60:5c:14:e0:60:b3:f1:ce:19:61:68:8b:29:63:f5

Digest Algorithm

sha256

PE Digest Matches

true

55:a2:2c:85:ec:8b:5f:16:52:a8:7d:e3:fd:3a:49:f5:1f:08:59:26
Signer

Actual PE Digest

55:a2:2c:85:ec:8b:5f:16:52:a8:7d:e3:fd:3a:49:f5:1f:08:59:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wsock32

getpeername
ntohs
socket
setsockopt
bind
htons
WSASetBlockingHook
WSAUnhookBlockingHook
send
gethostname
getsockname
connect
__WSAFDIsSet
WSASetLastError
ioctlsocket
gethostbyname
shutdown
recv
closesocket
WSACancelBlockingCall
inet_ntoa
select
WSAGetLastError
WSAStartup
WSACleanup
inet_addr

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetLocaleInfoW
LoadLibraryW
SetConsoleCtrlHandler
FatalAppExitA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
ReadFile
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDBCSLeadByte
CompareStringA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
OutputDebugStringA
LoadLibraryA
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
SetLastError
WritePrivateProfileStringA
CloseHandle
FlushFileBuffers
SetFilePointer
GetFileSize
GetPrivateProfileIntA
CreateFileA
SetStdHandle
WriteFile
GetLocalTime
GetDateFormatA
CopyFileA
InterlockedExchange
SetEvent
GetVersionExA
InterlockedDecrement
GetTickCount
SystemTimeToFileTime
GetSystemTime
OpenProcess
GetCurrentProcessId
GetCurrentThreadId
InterlockedIncrement
GetTempPathA
ReleaseMutex
WaitForSingleObject
TerminateThread
lstrlenA
CreateMutexA
SetThreadPriority
CreateThread
CreateEventA
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetVersion
GlobalFree
LCMapStringW
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEndOfFile
GetProcessHeap
GetLastError
PulseEvent
HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
EncodePointer
DecodePointer
GetCommandLineA
GetModuleHandleW
GetStdHandle

user32

PostThreadMessageA
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
KillTimer
PeekMessageA
PostQuitMessage
GetDesktopWindow
MessageBoxA
wvsprintfA
wsprintfA

advapi32

GetTokenInformation
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
OpenProcessToken

Exports

Exports

ctl_adddomain
ctl_addoperator
ctl_bridgename
ctl_broadcast
ctl_broadcastdata
ctl_call
ctl_callremote
ctl_clearpin
ctl_clientpinrequest
ctl_clientstatus
ctl_close
ctl_closeremote
ctl_connected
ctl_controlpinrequest
ctl_controlsendpin
ctl_escape
ctl_findslaves
ctl_findslaves2
ctl_findslavesex
ctl_getconnectivityinfo
ctl_getfailedreason
ctl_getfileinfo
ctl_getlocalipaddressinuse
ctl_getsession
ctl_hangup
ctl_helpreq
ctl_installed
ctl_licenseinfo
ctl_maxpacket
ctl_messageacknowledged
ctl_messagereceived
ctl_myaddr
ctl_netname
ctl_networks
ctl_nsessions
ctl_open
ctl_openremote
ctl_pause
ctl_pingnet
ctl_pittmanfunc
ctl_publishservice
ctl_publishserviceex
ctl_putfile
ctl_putfilelink
ctl_remotename
ctl_removedomain
ctl_removeoperator
ctl_send
ctl_sendif
ctl_sendto
ctl_subset
ctl_userstatus
ctl_version

Sections

.text
Size: 249KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NSM.LIC
PCICHEK.DLL
.dll windows x86

56e17186efeb24a70224bc24dced0a14

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1c:85:f0:b4:e9:5d:96:97:1a:93:1d:23:61:fb:ff:03:12:06:47:1d:f0:67:be:ea:70:1e:7b:4b:bd:e4:42:fe
Signer

Actual PE Digest

1c:85:f0:b4:e9:5d:96:97:1a:93:1d:23:61:fb:ff:03:12:06:47:1d:f0:67:be:ea:70:1e:7b:4b:bd:e4:42:fe

Digest Algorithm

sha256

PE Digest Matches

true

73:b0:90:d4:ff:6d:5b:3c:de:16:aa:12:28:10:8e:c4:ba:c6:96:af
Signer

Actual PE Digest

73:b0:90:d4:ff:6d:5b:3c:de:16:aa:12:28:10:8e:c4:ba:c6:96:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetVersionExA
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess

user32

LoadStringA
wsprintfA
MessageBoxA

msvcr100

memset
_crt_debugger_hook

Exports

Exports

CheckLicenseString
IsILS

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 795B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PCICL32.DLL
.dll windows x86

e88a5043d77a82981daefac5a519917e

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e9:98:7b:c8:60:29:41:5c:d8:5b:09:48:eb:ae:47:8e:d5:c1:48:d0:f9:82:58:ff:10:b8:83:69:fe:79:b7:d7
Signer

Actual PE Digest

e9:98:7b:c8:60:29:41:5c:d8:5b:09:48:eb:ae:47:8e:d5:c1:48:d0:f9:82:58:ff:10:b8:83:69:fe:79:b7:d7

Digest Algorithm

sha256

PE Digest Matches

true

f7:0f:c1:22:f6:e1:a0:1e:82:57:07:cb:c8:a6:af:c0:ee:75:68:66
Signer

Actual PE Digest

f7:0f:c1:22:f6:e1:a0:1e:82:57:07:cb:c8:a6:af:c0:ee:75:68:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shfolder

SHGetFolderPathA

pcichek

IsILS
CheckLicenseString

pcicapi

CapiClose
CapiOpen
CapiListen
CapiHangup

mpr

WNetCancelConnection2A
WNetGetConnectionA
WNetAddConnection2A

comctl32

ImageList_Draw
ImageList_LoadImageA
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetImageCount
ord17
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Create

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

winmm

waveOutClose
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutUnprepareHeader
waveInPrepareHeader
waveOutSetVolume
waveOutOpen
waveInStart
waveInOpen
waveOutWrite
waveOutPrepareHeader
timeGetTime
timeEndPeriod
timeBeginPeriod
PlaySoundA
waveInAddBuffer

wsock32

inet_addr
send
setsockopt
bind
listen
accept
htons
socket
connect
getpeername
gethostbyname
recv
shutdown
closesocket
WSACleanup
WSAStartup
WSAGetLastError
gethostname
htonl
ioctlsocket

kernel32

IsBadReadPtr
SizeofResource
CreateDirectoryA
RemoveDirectoryA
MoveFileA
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
FileTimeToDosDateTime
FileTimeToLocalFileTime
OpenEventA
MultiByteToWideChar
OutputDebugStringA
SetCurrentDirectoryA
GetProcessHeap
GetTimeFormatW
GetDateFormatW
RaiseException
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
lstrlenW
lstrlenA
lstrcmpiA
FlushInstructionCache
lstrcmpA
FindResourceExA
TerminateThread
ReleaseMutex
WaitForSingleObjectEx
GlobalReAlloc
CreateNamedPipeA
ConnectNamedPipe
SetProcessShutdownParameters
SetConsoleCtrlHandler
IsDBCSLeadByteEx
DisconnectNamedPipe
WriteProfileStringA
DefineDosDeviceA
QueryDosDeviceA
ResumeThread
VirtualQueryEx
GetThreadContext
ReadProcessMemory
PulseEvent
CreateRemoteThread
SetThreadContext
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
Beep
GetSystemDefaultLangID
GetSystemInfo
SuspendThread
OpenThread
GetProcessVersion
GlobalGetAtomNameA
HeapReAlloc
RtlUnwind
DecodePointer
EncodePointer
InterlockedCompareExchange
HeapAlloc
HeapFree
FindResourceA
LoadResource
LockResource
VirtualProtectEx
WriteProcessMemory
GetExitCodeThread
CompareStringA
SetFilePointer
GetProfileStringA
GetOEMCP
GetShortPathNameA
TerminateProcess
SystemTimeToFileTime
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreatePipe
DuplicateHandle
SetHandleInformation
FormatMessageA
LocalFree
SetNamedPipeHandleState
GetPriorityClass
WinExec
SearchPathA
IsValidCodePage
SetSystemTime
_lopen
_lclose
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
GetDateFormatA
GetTimeFormatA
GlobalSize
SetUnhandledExceptionFilter
OpenMutexA
CreateMutexA
SetErrorMode
GetACP
SetPriorityClass
GetFileAttributesA
GetTempFileNameA
CopyFileA
FileTimeToSystemTime
GetComputerNameA
ExitProcess
GetModuleHandleA
GetExitCodeProcess
GetCurrentProcess
LoadLibraryExA
ExitThread
GetDriveTypeA
GetWindowsDirectoryA
IsDBCSLeadByte
GetLocalTime
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
GetSystemPowerStatus
ExpandEnvironmentStringsA
FindFirstFileA
FindNextFileA
FindClose
GetUserDefaultUILanguage
GetUserDefaultLangID
GetModuleFileNameA
GetCurrentProcessId
CreateProcessA
DeleteCriticalSection
InitializeCriticalSection
GetVersion
CreateThread
SetThreadPriority
InterlockedIncrement
WaitForMultipleObjects
GetOverlappedResult
ResetEvent
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetLastError
DeviceIoControl
InterlockedExchange
SetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
CreateFileA
GetTempPathA
WriteFile
GetCurrentThreadId
CreateEventA
WaitForSingleObject
SetEvent
GlobalDeleteAtom
Sleep
GlobalAddAtomA
OpenProcess
GetVersionExA
GetTickCount
CloseHandle
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetModuleHandleW
VirtualQuery
GetConsoleMode
GetCommandLineA
LCMapStringW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameW
HeapSize
GetLocaleInfoW
SetHandleCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetTimeZoneInformation
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
LoadLibraryW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
InterlockedPushEntrySList
VirtualFree
InterlockedPopEntrySList
LocalAlloc

user32

GetScrollRange
CreateCursor
HideCaret
OemToCharBuffA
ScrollWindow
SetScrollPos
SetScrollRange
ClipCursor
DrawIconEx
RemoveMenu
SetActiveWindow
AdjustWindowRectEx
TrackPopupMenuEx
SetMenuDefaultItem
InsertMenuItemA
EndMenu
SetMenuInfo
GetMenuInfo
GetScrollInfo
SetScrollInfo
TileWindows
GetWindowRgn
GetAsyncKeyState
EnumThreadWindows
EnumDisplaySettingsA
CreateDesktopA
PostMessageW
OpenInputDesktop
GetMenuItemRect
mouse_event
MapVirtualKeyA
CharLowerBuffA
ShowCursor
SwitchDesktop
AttachThreadInput
GetCursor
CreateDialogIndirectParamA
DialogBoxIndirectParamA
DialogBoxParamA
SetClassLongA
MapDialogRect
CreateAcceleratorTableA
DestroyAcceleratorTable
RedrawWindow
InvalidateRgn
CharNextA
LoadAcceleratorsA
ScreenToClient
ModifyMenuA
CreateMenu
MoveWindow
SetCursorPos
DrawTextW
IsDialogMessageA
UnionRect
DrawFocusRect
wsprintfW
EndDialog
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
MsgWaitForMultipleObjects
GetUserObjectSecurity
SetUserObjectSecurity
MessageBoxIndirectA
WinHelpA
UnhookWindowsHookEx
SetWindowsHookExA
CreateDialogParamA
GetLastActivePopup
CallNextHookEx
GetUpdateRect
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyCursor
GetActiveWindow
IsZoomed
CreatePopupMenu
AppendMenuA
CopyRect
EqualRect
ClientToScreen
DeferWindowPos
IsChild
GetWindowPlacement
TranslateAcceleratorA
SetRectEmpty
SetMenu
SetWindowPlacement
GetForegroundWindow
CharUpperBuffA
WindowFromPoint
WaitForInputIdle
GetUserObjectInformationA
GetCursorPos
CheckDlgButton
SetForegroundWindow
EnumChildWindows
RegisterClipboardFormatA
CountClipboardFormats
EnumClipboardFormats
GetClipboardData
IsClipboardFormatAvailable
GetClipboardFormatNameA
RegisterWindowMessageA
DestroyIcon
CharUpperA
ExitWindowsEx
GetDesktopWindow
MessageBoxA
keybd_event
GetThreadDesktop
SetThreadDesktop
wvsprintfA
CreateCaret
ShowCaret
DestroyCaret
UnregisterClassA
SetTimer
KillTimer
SetDlgItemTextA
SendMessageA
SendDlgItemMessageA
PostMessageA
ShowWindow
DefWindowProcA
CallWindowProcA
PostThreadMessageA
GetQueueStatus
GetDlgItem
GetDlgCtrlID
GetDC
ReleaseDC
InvalidateRect
GetKeyState
PeekMessageA
SetCaretPos
DrawMenuBar
GetSystemMenu
OpenClipboard
EmptyClipboard
SetClipboardData
MessageBeep
CloseClipboard
FindWindowExA
DeleteMenu
GetWindowTextLengthA
GetFocus
GetClassInfoExA
DestroyWindow
DefDlgProcA
RegisterClassExA
IsDlgButtonChecked
GetDlgItemTextA
IsIconic
GetMenu
SystemParametersInfoA
IntersectRect
GetCursorInfo
GetIconInfo
IsWindowVisible
GetWindow
SendMessageTimeoutA
GetClassLongA
CopyIcon
CopyImage
LoadImageA
OpenDesktopA
EnumDesktopWindows
CloseDesktop
EnumWindows
GetClassNameA
GetClassInfoA
LoadIconA
RegisterClassA
BringWindowToTop
GetMessageA
TranslateMessage
DispatchMessageA
SetPropA
GetPropA
RemovePropA
GetCapture
SetCapture
ReleaseCapture
CreateWindowExA
BeginPaint
EndPaint
wsprintfA
PostQuitMessage
GetMenuItemID
CheckMenuItem
EnableMenuItem
GetMenuItemInfoA
SetMenuItemInfoA
PtInRect
GetWindowDC
LoadMenuA
GetSubMenu
GetMenuItemCount
DestroyMenu
InflateRect
GetSystemMetrics
FindWindowA
GetWindowThreadProcessId
IsWindow
SetFocus
SetWindowPos
GetParent
GetWindowTextA
SetWindowTextA
GetWindowLongA
SetWindowLongA
MapWindowPoints
GetClientRect
DrawTextA
OffsetRect
IsWindowEnabled
SetRect
GetWindowRect
FillRect
LoadBitmapA
GetSysColor
SetCursor
LoadCursorA
UpdateWindow
EnableWindow
LoadStringA

gdi32

EndPage
StartPage
ExtEscape
ExtTextOutA
CreateDIBitmap
GetSystemPaletteEntries
RealizePalette
EqualRgn
CreateBrushIndirect
GetDCOrgEx
GetTextExtentPoint32A
SetBrushOrgEx
PatBlt
CreatePatternBrush
GetTextMetricsA
StretchBlt
GetDIBits
CreateDIBSection
GdiFlush
GetRegionData
CombineRgn
GetNearestPaletteIndex
GetBkMode
CreateFontIndirectW
SetBitmapBits
UnrealizeObject
SetDIBits
SetWindowOrgEx
AddFontResourceA
CreatePenIndirect
GetClipRgn
GetWindowOrgEx
IntersectClipRect
Arc
Chord
Pie
Polyline
RoundRect
SetPolyFillMode
SetTextJustification
SetTextCharacterExtra
SelectPalette
RemoveFontResourceA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
CreateRectRgn
CreateRectRgnIndirect
PtInRegion
RectInRegion
CreatePalette
GetPaletteEntries
GetTextColor
BitBlt
DeleteDC
RectVisible
SetRectRgn
DeleteObject
GetMapMode
SetMapMode
GetStretchBltMode
SetStretchBltMode
GetBitmapBits
BeginPath
TextOutA
EndPath
PathToRegion
GetRgnBox
OffsetRgn
FillRgn
FrameRgn
CreateBitmap
CreateDCA
SelectClipRgn
LineDDA
Polygon
CreateFontIndirectA
CreateHatchBrush
GetDeviceCaps
SetBkColor
ExtFloodFill
GetPixel
SetPixel
SetPixelV
Ellipse
Rectangle
SetROP2
MoveToEx
LineTo
GetStockObject
CreatePen
CreateSolidBrush
GetTextExtentPointA
SetBkMode
SetTextColor
GetBkColor

winspool.drv

EnumPrinterDriversA
DeletePrinter
AddPrinterA
EnumPrintersA
ord201
ord202
EnumJobsA
SetJobA
AbortPrinter
StartPagePrinter
WritePrinter
OpenPrinterA
ClosePrinter
StartDocPrinterA
EndPagePrinter
EndDocPrinter
GetPrinterA

comdlg32

ChooseFontA
PageSetupDlgA
GetOpenFileNameA
GetSaveFileNameA

advapi32

EnumServicesStatusA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyA
SetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherA
LogonUserA
ControlService
StartServiceA
RegQueryInfoKeyW
CryptGetProvParam
CryptReleaseContext
AllocateLocallyUniqueId
FreeSid
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
LookupPrivilegeValueA
AdjustTokenPrivileges
QueryServiceConfigA
CreateProcessAsUserA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
AddAccessAllowedAce
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegFlushKey
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetUserNameA
LookupPrivilegeNameA
RegQueryValueExA
GetTokenInformation
LookupAccountSidA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
EqualSid
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
GetUserNameW

shell32

ExtractIconExA
SHGetSpecialFolderPathA
SHGetFileInfoA
SHGetMalloc
SHGetDesktopFolder
SHGetPathFromIDListA
FindExecutableA
ExtractIconA
Shell_NotifyIconA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2
ReleaseStgMedium
OleDuplicateData
CreateDataAdviseHolder
CoTaskMemFree
CLSIDFromProgID
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeSecurity
CoInitializeEx
OleCreateStaticFromData
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleSetContainedObject
IIDFromString
CLSIDFromString
CoGetClassObject
OleLockRunning

oleaut32

LoadTypeLi
VariantCopy
OleLoadPicture
SysFreeString
SysAllocString
VariantClear
VariantInit
VariantChangeType
SysStringLen
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
OleCreatePictureIndirect
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreate

netapi32

NetApiBufferFree
NetUserEnum

wininet

InternetCrackUrlA

Exports

Exports

_GetRawWMIStringW@16
_GetWMIStringW@16
_IsAcerA@8
_NSMClient32@8
_NSMFindClass@12
br_close
br_open
br_poll
br_status

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hhshare
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCCTL32.DLL
.dll windows x86

2c4d798bb87ec57193b7625c4259da43

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8f:ec:cd:2a:c3:24:de:bf:34:53:a4:ee:a7:d9:37:bf:a7:ed:0e:6c:ec:5f:1c:f3:ea:50:69:cc:cb:c8:7b:04
Signer

Actual PE Digest

8f:ec:cd:2a:c3:24:de:bf:34:53:a4:ee:a7:d9:37:bf:a7:ed:0e:6c:ec:5f:1c:f3:ea:50:69:cc:cb:c8:7b:04

Digest Algorithm

sha256

PE Digest Matches

true

13:46:de:36:a0:83:71:12:2e:47:55:89:99:d1:8d:7f:a0:45:c1:55
Signer

Actual PE Digest

13:46:de:36:a0:83:71:12:2e:47:55:89:99:d1:8d:7f:a0:45:c1:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

kernel32

GetLastError
WriteFile
ReadFile
Sleep
ClearCommError
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetModuleFileNameA
DeleteCriticalSection
CloseHandle
TerminateThread
SetEvent
CreateEventA
GetTickCount
SetThreadPriority
CreateThread
SetCommTimeouts
InitializeCriticalSection
GetCommState
IsDBCSLeadByte
CompareStringA
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleHandleA
OutputDebugStringA
OpenProcess
GetCurrentProcessId
GetVersionExA
GetLocalTime
GetOverlappedResult
GetCurrentThreadId
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
LocalAlloc
LocalFree
PulseEvent
InterlockedExchange
GetExitCodeThread
ResetEvent
GetVersion
SetLastError
EscapeCommFunction
GetCommModemStatus
CreateDirectoryA
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
lstrlenW
lstrlenA
CreateFileW
GetProcessHeap
SetEndOfFile
WriteConsoleW
CreateFileA
FlushFileBuffers
SetStdHandle
LoadLibraryW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
WaitForSingleObject
GetStringTypeW
FatalAppExitA
GetUserDefaultLCID
GetTempPathA
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
HeapSize
SetFilePointer
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
HeapDestroy
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
RaiseException
EncodePointer
DecodePointer
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetCurrentThread
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetModuleFileNameW
HeapCreate

user32

CharLowerA
PostThreadMessageA
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
MessageBoxA
KillTimer
PeekMessageA
PostQuitMessage
wsprintfA
wvsprintfA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
GetUserNameA

oleaut32

SysAllocStringLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantClear
SysStringByteLen
CreateErrorInfo
GetErrorInfo
SysAllocString
SetErrorInfo
SysFreeString
VariantInit

Exports

Exports

?RemoteNotify@@YAXP6GHHPAXPATCTL_CALLBACK@@@Z0@Z
ctl_bridgename
ctl_broadcastdata
ctl_call
ctl_callremote
ctl_close
ctl_closeremote
ctl_connected
ctl_escape
ctl_findslaves
ctl_findslavesex
ctl_getcodepage
ctl_getlocalipaddressinuse
ctl_getsession
ctl_hangup
ctl_helpreq
ctl_installed
ctl_maxpacket
ctl_myaddr
ctl_netname
ctl_networks
ctl_nsessions
ctl_open
ctl_openremote
ctl_pause
ctl_pingnet
ctl_remotename
ctl_send
ctl_sendex
ctl_sendif
ctl_sendname
ctl_sendto
ctl_subset
ctl_version

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp140_codecvt_ids.dll
.dll windows x64

536e29dae203b5f7347030aec0cba513

Code Sign

33:00:00:02:56:06:f5:9e:81:98:70:24:97:00:00:00:00:02:56
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:80:42:9f:34:53:2a:76:b8:95:6f:b2:27:cb:09:67:dd:1a:7a:82:0a:f1:5e:ac:df:15:93:0f:d0:41:39:a7
Signer

Actual PE Digest

85:80:42:9f:34:53:2a:76:b8:95:6f:b2:27:cb:09:67:dd:1a:7a:82:0a:f1:5e:ac:df:15:93:0f:d0:41:39:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

kernel32

IsDebuggerPresent
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

Exports

Exports

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_S_QU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_UDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@_U_QU_Mbstatet@@@std@@2V0locale@2@A

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr100.dll
.dll windows x86

5271d5ce8b44dd47bc92563e27585466

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8d:91:f0:a3:ff:41:70:8c:67:d0:ba:79:6d:52:da:88:0c:59:23:cc
Signer

Actual PE Digest

8d:91:f0:a3:ff:41:70:8c:67:d0:ba:79:6d:52:da:88:0c:59:23:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileExA
FindClose
FindNextFileW
FindFirstFileExW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetDriveTypeA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
CreateEventW
SwitchToThread
SignalObjectAndWait
TryEnterCriticalSection
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetProcessAffinityMask
VirtualProtect
SetThreadAffinityMask
InitializeSListHead
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetThreadPriority
LoadLibraryW
SleepEx
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
RtlUnwind
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreatePipe
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetProcessHeap
InterlockedExchange
LockFile
UnlockFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsProcessorFeaturePresent

Exports

Exports

$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@details@Concurrency@@QAE@PBD@Z
??0task_canceled@details@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@IAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p

Sections

.text
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nskbfltr.inf
pcicapi.dll
.dll windows x86

d78463f91aa83e9c39d2e594035ae4bb

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

21/09/2017, 23:59

Subject

CN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3d:b6:09:02:28:e8:91:ba:e3:c0:b6:7b:de:e7:37:ed:39:79:47:84:74:cf:7c:5d:2d:36:3d:d8:2c:05:0b:fb
Signer

Actual PE Digest

3d:b6:09:02:28:e8:91:ba:e3:c0:b6:7b:de:e7:37:ed:39:79:47:84:74:cf:7c:5d:2d:36:3d:d8:2c:05:0b:fb

Digest Algorithm

sha256

PE Digest Matches

true

9c:33:79:f7:f1:bd:90:f4:a1:94:37:e4:f2:5a:58:25:b4:bb:94:cc
Signer

Actual PE Digest

9c:33:79:f7:f1:bd:90:f4:a1:94:37:e4:f2:5a:58:25:b4:bb:94:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
OutputDebugStringA
LoadLibraryA
FreeLibrary
CloseHandle
OpenProcess
GetCurrentProcessId
CreateEventA
InterlockedIncrement
GetVersionExA
GetLocalTime
GetTempPathA
GetCurrentThreadId
GetTickCount
GetLastError
ExitProcess
SetLastError
DisableThreadLibraryCalls
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
SetEvent
InterlockedDecrement
WaitForSingleObject
DeleteCriticalSection
CreateThread
InitializeCriticalSection
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
Sleep
IsDBCSLeadByte

user32

GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
MessageBoxA
KillTimer
PeekMessageA
PostQuitMessage
wvsprintfA
wsprintfA

advapi32

GetTokenInformation
OpenProcessToken

msvcr100

strncpy
_except_handler4_common
strrchr
isdigit
fclose
fopen
strncat
fputs
memset
memcpy
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit

Exports

Exports

CapiClose
CapiConnected
CapiDial
CapiHangup
CapiListen
CapiNotify
CapiOpen
CapiOpen2
CapiRead
CapiSend

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
remcmdstub.exe
.exe windows x86

47fd9e27a90c5418f2563fefa3fed45c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:6f:9f:ff:bb:2a:f5:b9:cb:05:59:84:7d:5e:59:74
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

08/07/2009, 00:00

Not After

21/08/2011, 23:59

Subject

CN=NetSupport Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=NetSupport,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetOEMCP
WaitForSingleObject
Sleep
WriteFile
GetExitCodeProcess
GenerateConsoleCtrlEvent
WaitForMultipleObjects
CloseHandle
CreateProcessA
SetLastError
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
GetLastError
SetConsoleMode
GetConsoleMode
GetStdHandle
ExpandEnvironmentStringsA
GetVersionExA
GetModuleFileNameA
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
FlushFileBuffers
SetStdHandle
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
VirtualFree
HeapCreate
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapReAlloc
HeapFree
RtlUnwind
GetStringTypeA
GetStringTypeW
HeapAlloc
VirtualAlloc

user32

EnumThreadWindows
SendMessageA
EnumWindows
GetClassNameA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ucrtbase.dll
.dll windows x64

405cde0fc80c30dcc3d783173dbd4143

Code Sign

33:00:00:03:26:ae:ce:ed:f9:bc:e4:7b:92:00:00:00:00:03:26
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:09:1a:39:a5:c3:fd:37:30:89:d0:08:0c:5b:0e:eb:cd:6b:70:a1:0d:10:93:83:62:ff:4e:94:0a:b2:4f:61
Signer

Actual PE Digest

e2:09:1a:39:a5:c3:fd:37:30:89:d0:08:0c:5b:0e:eb:cd:6b:70:a1:0d:10:93:83:62:ff:4e:94:0a:b2:4f:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
SetLastError
SetErrorMode
GetLastError

api-ms-win-core-heap-l1-1-0

HeapWalk
HeapValidate
HeapFree
HeapCompact
HeapReAlloc
HeapQueryInformation
GetProcessHeap
HeapAlloc
HeapSize

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess
TlsAlloc
GetCurrentThread
TlsGetValue
GetCurrentThreadId
CreateProcessW
TlsSetValue
ExitProcess
ExitThread
CreateThread
TlsFree
GetExitCodeProcess
ResumeThread
TerminateProcess

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
LoadLibraryExW
GetModuleHandleExW
FreeLibraryAndExitThread
GetModuleHandleW
GetProcAddress
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
SetStdHandle
GetCommandLineA
GetCurrentDirectoryW
GetStdHandle
SetEnvironmentVariableW
GetEnvironmentStringsW
SetCurrentDirectoryW
FreeEnvironmentStringsW

api-ms-win-core-file-l1-1-0

ReadFile
GetFileSizeEx
GetFileType
SetFilePointerEx
CreateFileW
FindClose
FindNextFileW
FindFirstFileExW
GetFileInformationByHandle
GetFullPathNameW
GetDriveTypeW
GetFileAttributesExW
GetDiskFreeSpaceW
GetLogicalDrives
SetFileAttributesW
SetFileTime
CreateDirectoryW
LockFileEx
UnlockFileEx
FlushFileBuffers
SetEndOfFile
DeleteFileW
WriteFile
RemoveDirectoryW

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-localization-l1-2-0

GetOEMCP
EnumSystemLocalesW
IsValidCodePage
GetACP
GetCPInfo
IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-sysinfo-l1-1-0

SetLocalTime
GetSystemTimeAsFileTime
GetLocalTime
GetSystemInfo

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-console-l1-1-0

PeekConsoleInputA
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
WriteConsoleW
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
ReadConsoleW
ReadConsoleInputW
SetConsoleMode

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe
CreatePipe

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualAlloc
VirtualProtect

api-ms-win-core-util-l1-1-0

Beep
EncodePointer

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InterlockedPushEntrySList

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_CreateFrameInfo
_CxxThrowException
_Exit
_FCbuild
_FCmulcc
_FCmulcr
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_IsExceptionObjectToBeDestroyed
_LCbuild
_LCmulcc
_LCmulcr
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
_Strftime
_W_Getdays
_W_Getmonths
_W_Gettnames
_Wcsftime
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxFrameHandler4
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__acrt_iob_func
__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
__current_exception
__current_exception_context
__daylight
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__doserrno
__dstbias
__fpe_flt_rounds
__fpecode
__initialize_lconv_for_unsigned_char
__intrinsic_setjmp
__intrinsic_setjmpex
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__p___argc
__p___argv
__p___wargv
__p__acmdln
__p__commode
__p__environ
__p__fmode
__p__mbcasemap
__p__mbctype
__p__pgmptr
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__processing_throw
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__setusermatherr
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
__strncnt
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__wcserror
__wcserror_s
__wcsncnt
_abs64
_access
_access_s
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_base
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_configthreadlocale
_configure_narrow_argv
_configure_wide_argv
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cputs
_cputws
_creat
_create_locale
_crt_at_quick_exit
_crt_atexit
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_d_int
_dclass
_dexp
_difftime32
_difftime64
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_endthread
_endthreadex
_eof
_errno
_except1
_execl
_execle
_execlp
_execlpe
_execute_onexit_table
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flushall
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_base
_free_locale
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwrite_nolock
_gcvt
_gcvt_s
_get_FMA3_enable
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_initial_narrow_environment
_get_initial_wide_environment
_get_invalid_parameter_handler
_get_narrow_winmain_command_line
_get_osfhandle
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_stream_buffer_pointers
_get_terminate
_get_thread_local_invalid_parameter_handler
_get_timezone
_get_tzname
_get_unexpected
_get_wide_winmain_command_line
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getwc_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapchk
_heapmin
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_initterm_e
_invalid_parameter_noinfo
_invalid_parameter_noinfo_noreturn
_invoke_watson
_is_exception_typeof
_isalnum_l
_isalpha_l
_isatty
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_isnan
_isnanf
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_itoa
_itoa_s
_itow
_itow_s
_j0
_j1
_jn
_kbhit
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_lfind
_lfind_s
_loaddll
_local_unwind

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zip.dll
.dll windows x64

8156ea4256c65d2b155723dbbb1f5bb4

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:7f:cc:30:29:9e:fe:f9:d1:c7:fe:e5
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

07/04/2021, 15:06

Not After

09/04/2023, 13:48

Subject

SERIALNUMBER=301679591,CN=Medixant Maciej Frankiewicz,O=Medixant Maciej Frankiewicz,STREET=Promienista 25,L=Poznan,ST=Greater Poland,C=PL,1.3.6.1.4.1.311.60.2.1.3=#1302504c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:96:68:1c:80:db:40:1e:fe:97:8b:c1:a2:29:74:59:5b:3e:48:8f:27:cf:13:42:ca:2a:2f:40:6c:7b:5b:aa
Signer

Actual PE Digest

9f:96:68:1c:80:db:40:1e:fe:97:8b:c1:a2:29:74:59:5b:3e:48:8f:27:cf:13:42:ca:2a:2f:40:6c:7b:5b:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
FindFirstFileW
CreateDirectoryW
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFileSizeEx
FindNextFileW
SetFileTime
FindClose
MultiByteToWideChar
GetLastError
CloseHandle
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTime
QueryPerformanceCounter
GetFileTime
ReadFile
WriteFile
SetFilePointer
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
__std_type_info_destroy_list
memset
_CxxThrowException
__std_terminate
__C_specific_handler
memmove
__std_exception_copy
memcpy
__std_exception_destroy
strchr
strrchr

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_initterm
_initialize_onexit_table
_execute_onexit_table
_cexit
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-string-l1-1-0

tolower
strncpy
strncat
wcsncmp
strcmp
strcpy_s

api-ms-win-crt-stdio-l1-1-0

_wfopen_s
fseek
fwrite
ferror
fread
fclose
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
_localtime64

Exports

Exports

GetLibVersion
ZipGetInterface

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

Errors

General

Malware Config

Signatures

Files

6ba08298dd09ea8e41ab7285d3183bba

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

49:9a:ad:c7:dc:6b:64:28:d9:9b:28:3b:14:85:83:63:08:60:5c:14:e0:60:b3:f1:ce:19:61:68:8b:29:63:f5Signer

55:a2:2c:85:ec:8b:5f:16:52:a8:7d:e3:fd:3a:49:f5:1f:08:59:26Signer

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

winmm

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 249KB - Virtual size: 249KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 10KB - Virtual size: 25KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 12KB

56e17186efeb24a70224bc24dced0a14

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

1c:85:f0:b4:e9:5d:96:97:1a:93:1d:23:61:fb:ff:03:12:06:47:1d:f0:67:be:ea:70:1e:7b:4b:bd:e4:42:feSigner

73:b0:90:d4:ff:6d:5b:3c:de:16:aa:12:28:10:8e:c4:ba:c6:96:afSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr100

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 795B

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

49:9a:ad:c7:dc:6b:64:28:d9:9b:28:3b:14:85:83:63:08:60:5c:14:e0:60:b3:f1:ce:19:61:68:8b:29:63:f5
Signer

55:a2:2c:85:ec:8b:5f:16:52:a8:7d:e3:fd:3a:49:f5:1f:08:59:26
Signer

.text
Size: 249KB - Virtual size: 249KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 10KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 12KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

1c:85:f0:b4:e9:5d:96:97:1a:93:1d:23:61:fb:ff:03:12:06:47:1d:f0:67:be:ea:70:1e:7b:4b:bd:e4:42:fe
Signer

73:b0:90:d4:ff:6d:5b:3c:de:16:aa:12:28:10:8e:c4:ba:c6:96:af
Signer

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 795B

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 268B

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

e9:98:7b:c8:60:29:41:5c:d8:5b:09:48:eb:ae:47:8e:d5:c1:48:d0:f9:82:58:ff:10:b8:83:69:fe:79:b7:d7
Signer

f7:0f:c1:22:f6:e1:a0:1e:82:57:07:cb:c8:a6:af:c0:ee:75:68:66
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 311KB - Virtual size: 310KB

.data
Size: 47KB - Virtual size: 73KB

.tls
Size: 512B - Virtual size: 21B

.hhshare
Size: 512B - Virtual size: 28B

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

.reloc
Size: 141KB - Virtual size: 140KB

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49
Certificate