05-10-2023_erIhfHHcSbYxlN4[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

05-10-2023_erIhfHHcSbYxlN4.zip
Size

681KB
MD5

c03d1643952d4aa34868e8adb907d6ba
SHA1

6cb361104d3b3e68da4e491511eb3b68f240f250
SHA256

44e3b076a573a99bd10cea800d260edf928eb6ec10b9cee596cae85d13497896
SHA512

33a55023f48b0d87a1a1d0372955e1d0ba34f4f7ed6cba1ee32eab31920f821bd527570a51be24a72a7cae3d7f6d1677d6cf9f861f9fb60868a3fffa53174692
SSDEEP

12288:tWSfh0sM+RqiO68qL6eAyy/+ZQAffChc0wxSbHaIMmKNqh+qoIyRCiwE9g9:tWKyLpqWevw6QCChsOnMmKNqhRoIxTEk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/totoware.exe

Files

05-10-2023_erIhfHHcSbYxlN4.zip
.zip
drv.sys
.sys windows:10 windows x64

f650aacc47442be6a0742aab54e02049

Code Sign

4c:17:4a:40
Certificate

Issuer

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Not Before

05/06/2013, 18:44

Not After

06/06/2014, 11:27

Subject

CN=Netgear Inc.,O=Netgear Inc.,L=San Jose,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:0e:8c:3a
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

11/11/2011, 15:41

Not After

12/11/2021, 08:51

Subject

CN=Entrust Code Signing Certification Authority - L1D,OU=www.entrust.net/rpa is incorporated by reference+OU=(c) 2009 Entrust\, Inc.,O=Entrust\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:26:79:51:00:00:00:00:00:29
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:52

Not After

15/04/2021, 20:02

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

73:7c:d5:48:10:9e:39:d1:02:00:6a:dc:5e:e5:f2:f5:9d:51:42:60
Signer

Actual PE Digest

73:7c:d5:48:10:9e:39:d1:02:00:6a:dc:5e:e5:f2:f5:9d:51:42:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitUnicodeString
RtlCompareUnicodeString
RtlGetVersion
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoGetCurrentProcess
ObfDereferenceObjectWithTag
ZwOpenFile
ZwClose
ZwDeviceIoControlFile
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
MmCopyVirtualMemory
PsGetProcessPeb
ZwProtectVirtualMemory
IoCreateDriver
rand
__C_specific_handler

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 990B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
how to use.txt
totoware.exe
.exe windows:6 windows x64

36395b8cb6c7db6a7a44044e4ba25be9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmExtendFrameIntoClientArea
DwmGetColorizationColor

kernel32

QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
HeapFree
VirtualFree
DeviceIoControl
VirtualAlloc
InitializeCriticalSectionEx
CreateFileW
GetCurrentThreadId
HeapSize
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
DecodePointer
HeapDestroy
GetModuleHandleA
GetCurrentProcessId
GetProcessHeap
GetTempPathW
Process32First
CreateToolhelp32Snapshot
Process32Next
InitializeSListHead
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalAlloc
MultiByteToWideChar
GetTickCount64
Sleep
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
GlobalFree
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime

user32

DispatchMessageA
GetAsyncKeyState
DestroyWindow
SetWindowPos
ShowWindow
SetWindowLongA
GetWindowLongA
SetLayeredWindowAttributes
TranslateMessage
mouse_event
GetWindow
FindWindowA
UpdateWindow
UnregisterClassA
GetKeyState
GetMessageExtraInfo
LoadCursorA
GetDC
MonitorFromWindow
ScreenToClient
GetCapture
ClientToScreen
PeekMessageA
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
SetProcessDPIAware
IsWindowUnicode
ReleaseCapture
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard

gdi32

GetDeviceCaps
DeleteObject
CreateRectRgn

advapi32

RegSetKeyValueW
RegOpenKeyW
RegCreateKeyW
RegDeleteKeyW
RegCloseKey

d3d9

Direct3DCreate9Ex

msvcp140

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Thrd_hardware_concurrency
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?_Getdays@_Locinfo@std@@QEBAPEBDXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mbrtowc
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?width@ios_base@std@@QEAA_J_J@Z
?width@ios_base@std@@QEBA_JXZ
?setf@ios_base@std@@QEAAHHH@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
??7ios_base@std@@QEBA_NXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getmonths@_Locinfo@std@@QEBAPEBDXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
NtQuerySystemInformation
RtlInitUnicodeString

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memset
_CxxThrowException
__std_type_info_destroy_list
memmove
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
memcpy
memchr
memcmp
strchr

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_seh_filter_exe
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
exit
__p___argc
__p___argv
_c_exit
system
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
_set_fmode
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fgetc
ftell
fputc
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsprintf_s
fread
_wfopen
fwrite
__stdio_common_vfprintf
fseek
fclose
fflush
__p__commode

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-string-l1-1-0

wcscpy_s
toupper
strncpy
strncmp
_stricmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
malloc
free
_recalloc
calloc

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wremove

api-ms-win-crt-time-l1-1-0

strftime
_time64

api-ms-win-crt-math-l1-1-0

sinf
pow
powf
sin
asin
floorf
__setusermatherr
ceilf
logf
log
sqrtf
tanf
atan2f
cos
fmodf
fmod
cosf
acosf
atan2

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 502KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 187KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f650aacc47442be6a0742aab54e02049

Code Sign

4c:17:4a:40Certificate

Extended Key Usages

Key Usages

4c:0e:8c:3aCertificate

Key Usages

61:26:79:51:00:00:00:00:00:29Certificate

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

73:7c:d5:48:10:9e:39:d1:02:00:6a:dc:5e:e5:f2:f5:9d:51:42:60Signer

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 56B

.pdata Size: 512B - Virtual size: 180B

INIT Size: 1024B - Virtual size: 990B

.reloc Size: 512B - Virtual size: 36B

36395b8cb6c7db6a7a44044e4ba25be9

Headers

DLL Characteristics

File Characteristics

Imports

dwmapi

kernel32

user32

gdi32

advapi32

d3d9

msvcp140

imm32

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 502KB - Virtual size: 501KB

.data Size: 187KB - Virtual size: 217KB

.pdata Size: 40KB - Virtual size: 39KB

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1024B - Virtual size: 916B

4c:17:4a:40
Certificate

4c:0e:8c:3a
Certificate

61:26:79:51:00:00:00:00:00:29
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

73:7c:d5:48:10:9e:39:d1:02:00:6a:dc:5e:e5:f2:f5:9d:51:42:60
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 56B

.pdata
Size: 512B - Virtual size: 180B

INIT
Size: 1024B - Virtual size: 990B

.reloc
Size: 512B - Virtual size: 36B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 502KB - Virtual size: 501KB

.data
Size: 187KB - Virtual size: 217KB

.pdata
Size: 40KB - Virtual size: 39KB

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 916B