11842164433[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

11842164433.zip
Size

1.7MB
MD5

d20bb5b3af64d629382edd6b6f61fa1e
SHA1

7c505f287cbc563be3cf57fbeb788e63545ec5f4
SHA256

a8263f1172c5a05e075f06f2482c45a75b91df019ba1c4c0280513c9a412bb89
SHA512

a9aa55f65fb5da8f5ae92d8c0e12015bd9660bbb2e8bcd469a42add42a3cf1a25b69894e35421076335d60d0b306b8ae626780da1010b2fdcb8ebe792e7beabe
SSDEEP

49152:DNB/EKmadngVbO47TnCwobN4f9XbgzuYiDn:RuUgU4nCwo5ggzuYiDn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/iphlpapi.dll

Files

11842164433.zip
.zip

Password: infected
b2fa0a7710a6d80abc5d4914b8daa5b45855fb3da40543a21501b75c1c8e91cf
.zip
Google_Chrome_Update_v51.0.0729.87.exe
.exe windows x64

95d8da2f0dfdd11b0641ad16ed2eb2f9

Code Sign

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:24

Not After

02/12/2021, 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:92:85:e8:0a:0d:70:8d:e9:6d:df:24:63:12:0c:12:78:06:6a:61:03:3a:52:42:36:76:03:97:a4:84:1b:98
Signer

Actual PE Digest

45:92:85:e8:0a:0d:70:8d:e9:6d:df:24:63:12:0c:12:78:06:6a:61:03:3a:52:42:36:76:03:97:a4:84:1b:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
SetStdHandle
GetStringTypeW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
FindClose
GetFileSizeEx
SetFilePointerEx
ReadFile
ReadConsoleW
WriteConsoleW
FindNextFileW
FindFirstFileW
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
CreateProcessW
GetProductInfo
VerifyVersionInfoW
VerSetConditionMask
LoadLibraryExW
MoveFileExW
IsWow64Process
ExpandEnvironmentStringsW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
GetFileSize
CreateFileW
LocalFree
LocalAlloc
OpenMutexW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetTickCount64
GetVolumePathNameW
Sleep
GetCommandLineW
GetModuleHandleExW
FreeLibrary
GetEnvironmentVariableW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CloseHandle
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
IsDebuggerPresent
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
GetCurrentDirectoryW
FreeLibraryAndExitThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
RtlUnwind
LoadLibraryExA
VirtualQuery
VirtualProtect
InitializeCriticalSection
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
FlushViewOfFile
CreateFileA
LoadLibraryA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
MapViewOfFile
GetSystemPowerStatus
GlobalMemoryStatusEx
GetLongPathNameW
ReadProcessMemory
GetProcessTimes
GetSystemTimes
SetFilePointer
RegisterApplicationRestart
ReleaseMutex
SetDllDirectoryW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetExitCodeProcess
GetFileAttributesW
DecodePointer
GetConsoleMode
CompareFileTime
DeleteFileW
GetSystemTime
CreateDirectoryW
GetFullPathNameW
GetTempFileNameW
RemoveDirectoryW
SetFileTime
GetTempPathW
CopyFileW
SystemTimeToFileTime
LockFileEx
UnlockFileEx
DeviceIoControl
LoadLibraryW
WerRegisterFile
WerUnregisterFile
WaitForSingleObject
GetTickCount
WaitForMultipleObjects
QueueUserWorkItem
QueryPerformanceFrequency
FormatMessageA
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
ReleaseSRWLockShared
AcquireSRWLockShared
GetLocaleInfoEx
SetFileInformationByHandle
InitOnceExecuteOnce
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetFileInformationByHandleEx
LCMapStringEx
CompareStringEx
K32GetModuleFileNameExW
GlobalFree
GetVersionExW
MoveFileW
CreateMutexW
GetUserDefaultLocaleName
GetComputerNameW
GetDiskFreeSpaceExW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ReadDirectoryChangesW
CreateIoCompletionPort
OpenFileById
GetFinalPathNameByHandleW
GetFileInformationByHandle
CompareStringOrdinal

user32

SendMessageTimeoutW
GetClassNameW
DispatchMessageW
TranslateMessage
ShowWindow
DestroyWindow
GetWindowThreadProcessId
PostMessageW
GetMessageW
CreateWindowExW
RegisterClassW
EnumWindows

oleaut32

SysFreeString
SysAllocString
SetErrorInfo
GetErrorInfo
SysStringLen
SysStringByteLen
SysAllocStringByteLen
GetRecordInfoFromTypeInfo
LoadRegTypeLi
LoadTypeLi
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen

ntdll

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

shlwapi

SHDeleteValueW
PathIsPrefixW
StrStrIW
SHRegGetBoolUSValueW
SHCreateStreamOnFileW
PathFileExistsW
PathStripPathW
SHGetValueW
PathRemoveFileSpecW
SHDeleteKeyW
PathIsDirectoryW
SHSetValueW
SHCreateStreamOnFileEx
PathIsRelativeW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

userenv

GetDefaultUserProfileDirectoryW
GetProfileType
CreateEnvironmentBlock

advapi32

CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
ImpersonateLoggedOnUser
RevertToSelf
RegSetKeyValueW
RegGetValueW
RegDeleteKeyExW
RegDeleteTreeW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
GetAclInformation
StartServiceW
QueryServiceConfigW
CreateWellKnownSid
ControlService
QueryServiceStatusEx
QueryServiceStatus
DeleteService
SetNamedSecurityInfoW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
EventUnregister
EventWriteTransfer
GetUserNameW
RegOpenKeyExW
RegEnumValueW
EventRegister
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
CryptImportKey
CryptSetHashParam
CryptDestroyKey
SetFileSecurityW
RegCreateKeyTransactedW
RegEnumKeyW
RegLoadKeyW
RegUnLoadKeyW
CreateServiceW
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
DuplicateTokenEx
CreateProcessAsUserW
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
OpenProcessToken
ConvertSidToStringSidW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
GetTokenInformation

shell32

CommandLineToArgvW
SHGetKnownFolderPath
SHLoadNonloadedIconOverlayIdentifiers
SHGetSpecialFolderPathW
SHFileOperationW
SHChangeNotify
SHCreateItemFromParsingName
SHGetFolderPathAndSubDirW
SHCreateDirectoryExW
ord526
ShellExecuteExW
SHGetFolderPathW

ole32

CLSIDFromString
StringFromCLSID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance
CoCreateFreeThreadedMarshaler

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

rstrtmgr

RmStartSession
RmEndSession
RmRegisterResources
RmGetList

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrustEx

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

crypt32

CryptStringToBinaryW
CertVerifyCertificateChainPolicy
CryptBinaryToStringW

rpcrt4

RpcBindingFree
RpcServerInqCallAttributesW
RpcServerUnregisterIf
RpcEpUnregister
RpcBindingVectorFree
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqW
RpcServerRegisterIfEx
RpcBindingSetAuthInfoExW
RpcStringBindingComposeW
UuidToStringW
RpcBindingFromStringBindingW
RpcStringFreeW

secur32

GetUserNameExW

urlmon

URLOpenStreamW

wininet

HttpOpenRequestA
InternetSetStatusCallbackA
InternetSetOptionW
HttpSendRequestA
InternetQueryDataAvailable
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpAddRequestHeadersA
InternetReadFile
InternetCloseHandle
InternetGetConnectedState
InternetCheckConnectionW

ws2_32

socket
bind
listen
send
setsockopt
htonl
closesocket
accept
WSAStartup
htons
WSAGetLastError

iphlpapi

GetAdaptersInfo

Exports

Exports

??0EventProperties@Telemetry@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0EventProperties@Telemetry@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0EventProperties@Telemetry@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@2@@5@@Z
??0EventProperties@Telemetry@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@5@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@CW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@EW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@FW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@GW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@HW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@IW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@JW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@NW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@PEBDW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@UGUID_t@123@W4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@Utime_ticks_t@123@W4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@XZ
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@_JW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@_KW4PiiKind@123@@Z
??0EventProperty@Telemetry@Applications@Microsoft@@QEAA@_NW4PiiKind@123@@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QEAA@HHHAEBV?$initializer_list@E@std@@@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QEAA@PEBD@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QEAA@QEBE_N@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QEAA@U_GUID@@@Z
??0GUID_t@Telemetry@Applications@Microsoft@@QEAA@XZ
??0ILogger@Telemetry@Applications@Microsoft@@QEAA@$$QEAV0123@@Z
??0ILogger@Telemetry@Applications@Microsoft@@QEAA@AEBV0123@@Z
??0ILogger@Telemetry@Applications@Microsoft@@QEAA@XZ
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@$$QEAU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0LogConfiguration@Telemetry@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Telemetry@Applications@Microsoft@@QEAA@AEBU0123@@Z
??0time_ticks_t@Telemetry@Applications@Microsoft@@QEAA@PEB_J@Z
??0time_ticks_t@Telemetry@Applications@Microsoft@@QEAA@XZ
??0time_ticks_t@Telemetry@Applications@Microsoft@@QEAA@_K@Z
??1EventProperties@Telemetry@Applications@Microsoft@@UEAA@XZ
??1EventProperty@Telemetry@Applications@Microsoft@@UEAA@XZ
??1LogConfiguration@Telemetry@Applications@Microsoft@@UEAA@XZ
??1LogManager@Telemetry@Applications@Microsoft@@MEAA@XZ
??4EventProperties@Telemetry@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4EventProperties@Telemetry@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@2@@std@@@Z
??4EventProperties@Telemetry@Applications@Microsoft@@QEAAAEAV0123@V?$initializer_list@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@std@@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@C@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@E@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@F@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@G@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@H@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@I@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@J@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@N@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@PEBD@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@UGUID_t@123@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@Utime_ticks_t@123@@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@_J@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@_K@Z
??4EventProperty@Telemetry@Applications@Microsoft@@QEAAAEAU0123@_N@Z
??4GUID_t@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4ILogger@Telemetry@Applications@Microsoft@@QEAAAEAV0123@$$QEAV0123@@Z
??4ILogger@Telemetry@Applications@Microsoft@@QEAAAEAV0123@AEBV0123@@Z
??4LogConfiguration@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??4time_ticks_t@Telemetry@Applications@Microsoft@@QEAAAEAU0123@AEBU0123@@Z
??YEventProperties@Telemetry@Applications@Microsoft@@QEAAAEAV0123@AEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@2@@std@@@Z
??_7EventProperties@Telemetry@Applications@Microsoft@@6B@
??_7EventProperty@Telemetry@Applications@Microsoft@@6B@
??_7ILogger@Telemetry@Applications@Microsoft@@6B@
??_7LogConfiguration@Telemetry@Applications@Microsoft@@6B@
??_7LogManager@Telemetry@Applications@Microsoft@@6B@
?AddEventListener@LogManager@Telemetry@Applications@Microsoft@@SAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?DispatchEvent@LogManager@Telemetry@Applications@Microsoft@@SA_NAEAVDebugEvent@234@@Z
?DispatchEvent@LogManager@Telemetry@Applications@Microsoft@@SA_NW4DebugEventType@234@@Z
?Flush@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?FlushAndTeardown@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?GetLogger@LogManager@Telemetry@Applications@Microsoft@@SAPEAVILogger@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?GetLogger@LogManager@Telemetry@Applications@Microsoft@@SAPEAVILogger@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetLogger@LogManager@Telemetry@Applications@Microsoft@@SAPEAVILogger@234@XZ
?GetName@EventProperties@Telemetry@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetPiiProperties@EventProperties@Telemetry@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Telemetry@Applications@Microsoft@@@2@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$pair@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4PiiKind@Telemetry@Applications@Microsoft@@@2@@std@@@2@@std@@XZ
?GetPolicyBitFlags@EventProperties@Telemetry@Applications@Microsoft@@QEBA_KXZ
?GetPriority@EventProperties@Telemetry@Applications@Microsoft@@QEBA?AW4EventPriority@234@XZ
?GetProperties@EventProperties@Telemetry@Applications@Microsoft@@QEBAAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@Telemetry@Applications@Microsoft@@@std@@@2@@std@@XZ
?GetProperties@LogConfiguration@Telemetry@Applications@Microsoft@@QEBAXAEAV?$map@PEBDPEBDU?$less@PEBD@std@@V?$allocator@U?$pair@QEBDPEBD@std@@@2@@std@@@Z
?GetProperty@LogConfiguration@Telemetry@Applications@Microsoft@@QEBAPEBDPEBD@Z
?GetSemanticContext@LogManager@Telemetry@Applications@Microsoft@@SAPEAVISemanticContext@234@XZ
?GetTimestamp@EventProperties@Telemetry@Applications@Microsoft@@QEBA_JXZ
?GetTransmitProfileName@LogManager@Telemetry@Applications@Microsoft@@SAPEBDW4TransmitProfile@234@@Z
?GetType@EventProperties@Telemetry@Applications@Microsoft@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?Initialize@LogManager@Telemetry@Applications@Microsoft@@SAPEAVILogger@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Initialize@LogManager@Telemetry@Applications@Microsoft@@SAPEAVILogger@234@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBULogConfiguration@234@@Z
?LoadTransmitProfiles@LogManager@Telemetry@Applications@Microsoft@@SA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PauseTransmission@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?RemoveEventListener@LogManager@Telemetry@Applications@Microsoft@@SAXW4DebugEventType@234@AEAVDebugEventListener@234@@Z
?ResetTransmitProfiles@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?ResumeTransmission@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@@Z
?SetContext@ILogger@Telemetry@Applications@Microsoft@@UEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0W4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@@Z
?SetContext@LogManager@Telemetry@Applications@Microsoft@@SAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@@Z
?SetName@EventProperties@Telemetry@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetPolicyBitFlags@EventProperties@Telemetry@Applications@Microsoft@@QEAAX_K@Z
?SetPriority@EventProperties@Telemetry@Applications@Microsoft@@QEAAXW4EventPriority@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@FW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@GW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@NW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UEventProperty@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UGUID_t@234@W4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Utime_ticks_t@234@W4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V56@W4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_JW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_KW4PiiKind@234@@Z
?SetProperty@EventProperties@Telemetry@Applications@Microsoft@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_NW4PiiKind@234@@Z
?SetProperty@LogConfiguration@Telemetry@Applications@Microsoft@@QEAAXPEBD0@Z
?SetTimestamp@EventProperties@Telemetry@Applications@Microsoft@@QEAAX_J@Z
?SetTransmitProfile@LogManager@Telemetry@Applications@Microsoft@@SAXW4TransmitProfile@234@@Z
?SetTransmitProfile@LogManager@Telemetry@Applications@Microsoft@@SA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetType@EventProperties@Telemetry@Applications@Microsoft@@QEAA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?UploadNow@LogManager@Telemetry@Applications@Microsoft@@SAXXZ
?checkup@LogManager@Telemetry@Applications@Microsoft@@KAXXZ
?clear@EventProperty@Telemetry@Applications@Microsoft@@QEAAXXZ
?empty@EventProperty@Telemetry@Applications@Microsoft@@QEAA_NXZ
?to_bytes@GUID_t@Telemetry@Applications@Microsoft@@QEAAXAEAY0BA@E@Z
?to_string@EventProperty@Telemetry@Applications@Microsoft@@UEAA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?type_name@EventProperty@Telemetry@Applications@Microsoft@@SAPEBDI@Z

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iphlpapi.dll
.dll windows x64

ed976ed3f8ff0a80ece9bdb812456ffa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
SleepEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
GetLastError
GetModuleFileNameW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
HeapAlloc
GetACP
GetStdHandle
GetFileType
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetCommandLineA
GetCommandLineW
GetStringTypeW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
WriteConsoleW
CreateFileW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
HeapFree
Sleep

advapi32

SystemFunction036

Exports

Exports

AddIPAddress
AllocateAndGetInterfaceInfoFromStack
AllocateAndGetIpAddrTableFromStack
CancelIPChangeNotify
CancelIfTimestampConfigChange
CancelMibChangeNotify2
CaptureInterfaceHardwareCrossTimestamp
CloseCompartment
CloseGetIPPhysicalInterfaceForDestination
ConvertCompartmentGuidToId
ConvertCompartmentIdToGuid
ConvertGuidToStringA
ConvertGuidToStringW
ConvertInterfaceAliasToLuid
ConvertInterfaceGuidToLuid
ConvertInterfaceIndexToLuid
ConvertInterfaceLuidToAlias
ConvertInterfaceLuidToGuid
ConvertInterfaceLuidToIndex
ConvertInterfaceLuidToNameA
ConvertInterfaceLuidToNameW
ConvertInterfaceNameToLuidA
ConvertInterfaceNameToLuidW
ConvertInterfacePhysicalAddressToLuid
ConvertIpv4MaskToLength
ConvertLengthToIpv4Mask
ConvertRemoteInterfaceAliasToLuid
ConvertRemoteInterfaceGuidToLuid
ConvertRemoteInterfaceIndexToLuid
ConvertRemoteInterfaceLuidToAlias
ConvertRemoteInterfaceLuidToGuid
ConvertRemoteInterfaceLuidToIndex
ConvertStringToGuidA
ConvertStringToGuidW
ConvertStringToInterfacePhysicalAddress
CreateAnycastIpAddressEntry
CreateCompartment
CreateIpForwardEntry
CreateIpForwardEntry2
CreateIpNetEntry
CreateIpNetEntry2
CreatePersistentTcpPortReservation
CreatePersistentUdpPortReservation
CreateProxyArpEntry
CreateSortedAddressPairs
CreateUnicastIpAddressEntry
DeleteAnycastIpAddressEntry
DeleteCompartment
DeleteIPAddress
DeleteIpForwardEntry
DeleteIpForwardEntry2
DeleteIpNetEntry
DeleteIpNetEntry2
DeletePersistentTcpPortReservation
DeletePersistentUdpPortReservation
DeleteProxyArpEntry
DeleteUnicastIpAddressEntry
DisableMediaSense
EnableRouter
FlushIpNetTable
FlushIpNetTable2
FlushIpPathTable
FreeDnsSettings
FreeInterfaceDnsSettings
FreeMibTable
GetAdapterIndex
GetAdapterOrderMap
GetAdaptersAddresses
GetAdaptersInfo
GetAnycastIpAddressEntry
GetAnycastIpAddressTable
GetBestInterface
GetBestInterfaceEx
GetBestRoute
GetBestRoute2
GetCurrentThreadCompartmentId
GetCurrentThreadCompartmentScope
GetDefaultCompartmentId
GetDnsSettings
GetExtendedTcpTable
GetExtendedUdpTable
GetFriendlyIfIndex
GetIcmpStatistics
GetIcmpStatisticsEx
GetIfEntry
GetIfEntry2
GetIfEntry2Ex
GetIfStackTable
GetIfTable
GetIfTable2
GetIfTable2Ex
GetInterfaceCompartmentId
GetInterfaceCurrentTimestampCapabilities
GetInterfaceDnsSettings
GetInterfaceHardwareTimestampCapabilities
GetInterfaceInfo
GetInvertedIfStackTable
GetIpAddrTable
GetIpErrorString
GetIpForwardEntry2
GetIpForwardTable
GetIpForwardTable2
GetIpInterfaceEntry
GetIpInterfaceTable
GetIpNetEntry2
GetIpNetTable
GetIpNetTable2
GetIpNetworkConnectionBandwidthEstimates
GetIpPathEntry
GetIpPathTable
GetIpStatistics
GetIpStatisticsEx
GetJobCompartmentId
GetMulticastIpAddressEntry
GetMulticastIpAddressTable
GetNetworkInformation
GetNetworkParams
GetNumberOfInterfaces
GetOwnerModuleFromPidAndInfo
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromTcpEntry
GetOwnerModuleFromUdp6Entry
GetOwnerModuleFromUdpEntry
GetPerAdapterInfo
GetPerTcp6ConnectionEStats
GetPerTcp6ConnectionStats
GetPerTcpConnectionEStats
GetPerTcpConnectionStats
GetRTTAndHopCount
GetSessionCompartmentId
GetTcp6Table
GetTcp6Table2
GetTcpStatistics
GetTcpStatisticsEx
GetTcpStatisticsEx2
GetTcpTable
GetTcpTable2
GetTeredoPort
GetUdp6Table
GetUdpStatistics
GetUdpStatisticsEx
GetUdpStatisticsEx2
GetUdpTable
GetUniDirectionalAdapterInfo
GetUnicastIpAddressEntry
GetUnicastIpAddressTable
GetWPAOACSupportLevel
Icmp6CreateFile
Icmp6ParseReplies
Icmp6SendEcho2
IcmpCloseHandle
IcmpCreateFile
IcmpParseReplies
IcmpSendEcho
IcmpSendEcho2
IcmpSendEcho2Ex
InitializeCompartmentEntry
InitializeIpForwardEntry
InitializeIpInterfaceEntry
InitializeUnicastIpAddressEntry
InternalCleanupPersistentStore
InternalCreateAnycastIpAddressEntry
InternalCreateIpForwardEntry
InternalCreateIpForwardEntry2
InternalCreateIpNetEntry
InternalCreateIpNetEntry2
InternalCreateUnicastIpAddressEntry
InternalDeleteAnycastIpAddressEntry
InternalDeleteIpForwardEntry
InternalDeleteIpForwardEntry2
InternalDeleteIpNetEntry
InternalDeleteIpNetEntry2
InternalDeleteUnicastIpAddressEntry
InternalFindInterfaceByAddress
InternalGetAnycastIpAddressEntry
InternalGetAnycastIpAddressTable
InternalGetBoundTcp6EndpointTable
InternalGetBoundTcpEndpointTable
InternalGetForwardIpTable2
InternalGetIPPhysicalInterfaceForDestination
InternalGetIfEntry2
InternalGetIfTable
InternalGetIfTable2
InternalGetIpAddrTable
InternalGetIpForwardEntry2
InternalGetIpForwardTable
InternalGetIpInterfaceEntry
InternalGetIpInterfaceTable
InternalGetIpNetEntry2
InternalGetIpNetTable
InternalGetIpNetTable2
InternalGetMulticastIpAddressEntry
InternalGetMulticastIpAddressTable
InternalGetRtcSlotInformation
InternalGetTcp6Table2
InternalGetTcp6TableWithOwnerModule
InternalGetTcp6TableWithOwnerPid
InternalGetTcpTable
InternalGetTcpTable2
InternalGetTcpTableEx
InternalGetTcpTableWithOwnerModule
InternalGetTcpTableWithOwnerPid
InternalGetTunnelPhysicalAdapter
InternalGetUdp6TableWithOwnerModule
InternalGetUdp6TableWithOwnerPid
InternalGetUdpTable
InternalGetUdpTableEx
InternalGetUdpTableWithOwnerModule
InternalGetUdpTableWithOwnerPid
InternalGetUnicastIpAddressEntry
InternalGetUnicastIpAddressTable
InternalIcmpCreateFileEx
InternalSetIfEntry
InternalSetIpForwardEntry
InternalSetIpForwardEntry2
InternalSetIpInterfaceEntry
InternalSetIpNetEntry
InternalSetIpNetEntry2
InternalSetIpStats
InternalSetTcpEntry
InternalSetTeredoPort
InternalSetUnicastIpAddressEntry
IpReleaseAddress
IpRenewAddress
LookupPersistentTcpPortReservation
LookupPersistentUdpPortReservation
NTPTimeToNTFileTime
NTTimeToNTPTime
NhGetGuidFromInterfaceName
NhGetInterfaceDescriptionFromGuid
NhGetInterfaceNameFromDeviceGuid
NhGetInterfaceNameFromGuid
NhpAllocateAndGetInterfaceInfoFromStack
NotifyAddrChange
NotifyCompartmentChange
NotifyIfTimestampConfigChange
NotifyIpInterfaceChange
NotifyRouteChange
NotifyRouteChange2
NotifyStableUnicastIpAddressTable
NotifyTeredoPortChange
NotifyUnicastIpAddressChange
OpenCompartment
ParseNetworkString
ResolveIpNetEntry2
ResolveNeighbor
RestoreMediaSense
SendARP
SetAdapterIpAddress
SetCurrentThreadCompartmentId
SetCurrentThreadCompartmentScope
SetDnsSettings
SetIfEntry
SetInterfaceDnsSettings
SetIpForwardEntry
SetIpForwardEntry2
SetIpInterfaceEntry
SetIpNetEntry
SetIpNetEntry2
SetIpStatistics
SetIpStatisticsEx
SetIpTTL
SetJobCompartmentId
SetNetworkInformation
SetPerTcp6ConnectionEStats
SetPerTcp6ConnectionStats
SetPerTcpConnectionEStats
SetPerTcpConnectionStats
SetSessionCompartmentId
SetTcpEntry
SetUnicastIpAddressEntry
UnenableRouter
_PfAddFiltersToInterface
_PfAddGlobalFilterToInterface
_PfBindInterfaceToIPAddress
_PfBindInterfaceToIndex
_PfCreateInterface
_PfDeleteInterface
_PfDeleteLog
_PfGetInterfaceStatistics
_PfMakeLog
_PfRebindFilters
_PfRemoveFilterHandles
_PfRemoveFiltersFromInterface
_PfRemoveGlobalFilterFromInterface
_PfSetLogBuffer
_PfTestPacket
_PfUnBindInterface
do_echo_rep
do_echo_req
if_indextoname
if_nametoindex
register_icmp

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

95d8da2f0dfdd11b0641ad16ed2eb2f9

Code Sign

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

45:92:85:e8:0a:0d:70:8d:e9:6d:df:24:63:12:0c:12:78:06:6a:61:03:3a:52:42:36:76:03:97:a4:84:1b:98Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

oleaut32

ntdll

shlwapi

version

userenv

advapi32

shell32

ole32

winhttp

rstrtmgr

wintrust

wtsapi32

crypt32

rpcrt4

secur32

urlmon

wininet

ws2_32

iphlpapi

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 100KB - Virtual size: 128KB

.pdata Size: 161KB - Virtual size: 161KB

.didat Size: 512B - Virtual size: 72B

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 16KB - Virtual size: 16KB

ed976ed3f8ff0a80ece9bdb812456ffa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 61KB - Virtual size: 60KB

.data Size: 19KB - Virtual size: 22KB

.pdata Size: 4KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 156B

.rsrc Size: 1024B - Virtual size: 648B

.reloc Size: 2KB - Virtual size: 2KB

33:00:00:03:f1:62:06:e3:e7:ef:da:8a:be:00:00:00:00:03:f1
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

45:92:85:e8:0a:0d:70:8d:e9:6d:df:24:63:12:0c:12:78:06:6a:61:03:3a:52:42:36:76:03:97:a4:84:1b:98
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 100KB - Virtual size: 128KB

.pdata
Size: 161KB - Virtual size: 161KB

.didat
Size: 512B - Virtual size: 72B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 16KB - Virtual size: 16KB

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 19KB - Virtual size: 22KB

.pdata
Size: 4KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 156B

.rsrc
Size: 1024B - Virtual size: 648B

.reloc
Size: 2KB - Virtual size: 2KB