650dddc5cef5400a9ffdfbb4b54165059c7eade0acab4d9453dcfb003989d066_JC[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

650dddc5cef5400a9ffdfbb4b54165059c7eade0acab4d9453dcfb003989d066_JC.zip
Size

3.0MB
MD5

5e468d307e7c7b54a6a296cb8a48815a
SHA1

dcf013bb3486d744b66def2f643c829fb1173f8c
SHA256

650dddc5cef5400a9ffdfbb4b54165059c7eade0acab4d9453dcfb003989d066
SHA512

09de1a16fd3ef8c206bd3f0e14d9e78277a106795cd7fbccf62c26e79df7477ea2d2514b8e48e6f6ed316eca81ef0b9a34bbe451cfb5dad3a8eaee1f2292238f
SSDEEP

98304:yy6PJXaIp0Brg56tJfsIMwkXqrks7a5Zz2y:EROrK6tFMwfra5Zz2y

Score

1^/10

Malware Config

Signatures

Files

650dddc5cef5400a9ffdfbb4b54165059c7eade0acab4d9453dcfb003989d066_JC.zip
.zip
116.0.1938.69/116.0.1938.69.manifest
116.0.1938.69/Extensions/external_extensions.json
116.0.1938.69/Installer/msedge_7z.data
116.0.1938.69/Installer/setup.exe
.exe windows:5 windows x64

a739bd952c65a9a0747071451d6d4968

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:07:f3:84:70:f3:32:bc:28:e4:84:a4:05:02:7d:e9:4d:7b:16:52:d0:da:37:26:da:d2:50:ea:57:1f:d7:11
Signer

Actual PE Digest

59:07:f3:84:70:f3:32:bc:28:e4:84:a4:05:02:7d:e9:4d:7b:16:52:d0:da:37:26:da:d2:50:ea:57:1f:d7:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
AssignProcessToJobObject
AttachConsole
CancelIo
CloseHandle
CompareStringW
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FindResourceW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleDisplayMode
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceExW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoEx
GetLocaleInfoW
GetLogicalDriveStringsW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeClientProcessId
GetNativeSystemInfo
GetOEMCP
GetPriorityClass
GetProcAddress
GetProcessHeap
GetProcessId
GetProcessIoCounters
GetProcessMitigationPolicy
GetProcessTimes
GetProcessWorkingSetSizeEx
GetProductInfo
GetShortPathNameA
GetShortPathNameW
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPreferredUILanguages
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExW
GetVolumePathNameW
GetWindowsDirectoryW
HeapAlloc
HeapDestroy
HeapFree
HeapReAlloc
HeapSetInformation
HeapSize
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32EnumProcesses
K32GetModuleInformation
K32GetProcessImageFileNameW
K32GetProcessMemoryInfo
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalFree
LockResource
MapViewOfFile
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenMutexW
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
Process32FirstW
Process32NextW
QueryDosDeviceW
QueryFullProcessImageNameW
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
QueueUserAPC
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
RemoveDirectoryW
ReplaceFileW
ResetEvent
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetHandleInformation
SetLastError
SetPriorityClass
SetProcessWorkingSetSizeEx
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SleepConditionVariableSRW
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
VirtualQuery
WTSGetActiveConsoleSessionId
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpiA
lstrcmpiW
lstrlenA

ntdll

NtClose
NtOpenKeyEx
NtQueryValueKey
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
RtlInitUnicodeString

ncrypt

NCryptCreatePersistedKey
NCryptDeleteKey
NCryptEnumKeys
NCryptExportKey
NCryptFinalizeKey
NCryptFreeBuffer
NCryptFreeObject
NCryptIsAlgSupported
NCryptOpenKey
NCryptOpenStorageProvider
NCryptSignHash

Exports

Exports

??0IDataFieldVisitor@telemetry_client@@QEAA@AEBV01@@Z
??0IDataFieldVisitor@telemetry_client@@QEAA@XZ
??1IDataFieldVisitor@telemetry_client@@UEAA@XZ
??4IDataFieldVisitor@telemetry_client@@QEAAAEAV01@AEBV01@@Z
??_7IDataFieldVisitor@telemetry_client@@6B@
GetHandleVerifier
OQS_CPU_has_extension
OQS_KEM_alg_count
OQS_KEM_alg_identifier
OQS_KEM_alg_is_enabled
OQS_KEM_decaps
OQS_KEM_encaps
OQS_KEM_free
OQS_KEM_keypair
OQS_KEM_kyber_768_decaps
OQS_KEM_kyber_768_encaps
OQS_KEM_kyber_768_keypair
OQS_KEM_new
OQS_MEM_cleanse
OQS_MEM_insecure_free
OQS_MEM_secure_bcmp
OQS_MEM_secure_free
OQS_SIG_alg_count
OQS_SIG_alg_identifier
OQS_SIG_alg_is_enabled
OQS_SIG_free
OQS_SIG_keypair
OQS_SIG_new
OQS_SIG_sign
OQS_SIG_verify
OQS_init
OQS_randombytes
OQS_randombytes_custom_algorithm
OQS_randombytes_nist_kat_init_256bit
OQS_randombytes_switch_algorithm
OQS_version

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 513KB - Virtual size: 513KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 200B

.tls
Size: 1024B - Virtual size: 529B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

LZMADEC
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
116.0.1938.69/MEIPreload/manifest.json
116.0.1938.69/MEIPreload/preloaded_data.pb
116.0.1938.69/Notifications/SoftLandingAssetDark.gif
.gif
116.0.1938.69/Notifications/SoftLandingAssetLight.gif
.gif
116.0.1938.69/PdfPreview/PdfPreviewHandler.dll
.dll windows:5 windows x64

3ca611bf4cdc140bb7c620f76933ca2e

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:20:7f:52:3e:ff:ed:09:be:f8:7b:65:a6:90:91:e7:e7:73:14:01:81:cc:0d:41:17:db:ba:67:02:1c:3f:de
Signer

Actual PE Digest

a1:20:7f:52:3e:ff:ed:09:be:f8:7b:65:a6:90:91:e7:e7:73:14:01:81:cc:0d:41:17:db:ba:67:02:1c:3f:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CreateEventW
CreateFileW
DecodePointer
DeleteCriticalSection
DisableThreadLibraryCalls
EncodePointer
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesW
GetLastError
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemTimeAsFileTime
HeapFree
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

user32

BeginPaint
CreateWindowExW
DefWindowProcW
DestroyWindow
EndPaint
GetClientRect
GetFocus
GetWindowLongPtrW
LoadCursorW
PostMessageW
PostQuitMessage
RegisterClassExW
SetFocus
SetParent
SetWindowLongPtrW
SetWindowPos
ShowWindow
UpdateWindow

shell32

SHGetKnownFolderPath

api-ms-win-core-path-l1-1-0

PathCchAppendEx

advapi32

EventRegister
EventSetInformation
EventUnregister
EventWriteTransfer
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenProcessToken
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExW

ole32

CoTaskMemAlloc
CoTaskMemFree

vcruntime140

_CxxThrowException
__C_specific_handler
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_destroy_list
__uncaught_exceptions
_purecall
memcmp
memcpy
memmove
memset
wcsrchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_l_func
__pctype_func
_configthreadlocale
_create_locale
_free_locale
setlocale

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
fflush
fwrite
getc
ungetc

api-ms-win-crt-string-l1-1-0

_isctype_l
_iswlower_l
_strdup
_wcsicmp
mbrlen
strcmp
strlen
tolower
toupper
wcslen
wcsncpy_s
wcsnlen

api-ms-win-crt-runtime-l1-1-0

__sys_nerr
_cexit
_configure_narrow_argv
_crt_atexit
_errno
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_seh_filter_dll
abort
strerror_s

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
realloc

api-ms-win-crt-multibyte-l1-1-0

_mbtowc_l

api-ms-win-crt-time-l1-1-0

_strftime_l

api-ms-win-crt-convert-l1-1-0

_strtod_l
_strtof_l
_strtoi64_l
_strtold_l
_strtoui64_l
_ultow_s
_wtoi
mbrtowc
mbsrtowcs
wcrtomb
wcrtomb_s
wcstol

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
116.0.1938.69/Trust Protection Lists/Mu/Advertising
116.0.1938.69/Trust Protection Lists/Mu/Analytics
116.0.1938.69/Trust Protection Lists/Mu/CompatExceptions
116.0.1938.69/Trust Protection Lists/Mu/Content
116.0.1938.69/Trust Protection Lists/Mu/Cryptomining
116.0.1938.69/Trust Protection Lists/Mu/Entities
116.0.1938.69/Trust Protection Lists/Mu/Fingerprinting
116.0.1938.69/Trust Protection Lists/Mu/LICENSE
116.0.1938.69/Trust Protection Lists/Mu/Other
116.0.1938.69/Trust Protection Lists/Mu/Social
116.0.1938.69/Trust Protection Lists/Mu/TransparentAdvertisers
116.0.1938.69/Trust Protection Lists/Sigma/Advertising
116.0.1938.69/Trust Protection Lists/Sigma/Analytics
116.0.1938.69/Trust Protection Lists/Sigma/Content
116.0.1938.69/Trust Protection Lists/Sigma/Cryptomining
116.0.1938.69/Trust Protection Lists/Sigma/Entities
116.0.1938.69/Trust Protection Lists/Sigma/Fingerprinting
116.0.1938.69/Trust Protection Lists/Sigma/LICENSE
116.0.1938.69/Trust Protection Lists/Sigma/Other
116.0.1938.69/Trust Protection Lists/Sigma/Social
116.0.1938.69/Trust Protection Lists/Sigma/Staging
116.0.1938.69/Trust Protection Lists/manifest.json
116.0.1938.69/VisualElements/Logo.png
.png
116.0.1938.69/VisualElements/LogoBeta.png
.png
116.0.1938.69/VisualElements/LogoCanary.png
.png
116.0.1938.69/VisualElements/LogoDev.png
.png
116.0.1938.69/VisualElements/SmallLogo.png
.png
116.0.1938.69/VisualElements/SmallLogoBeta.png
.png
116.0.1938.69/VisualElements/SmallLogoCanary.png
.png
116.0.1938.69/VisualElements/SmallLogoDev.png
.png
116.0.1938.69/edge_feedback/camera_mf_trace.wprp
.xml
116.0.1938.69/edge_feedback/mf_trace.wprp
.xml
116.0.1938.69/identity_proxy/beta.identity_helper.exe.manifest
.xml
116.0.1938.69/identity_proxy/canary.identity_helper.exe.manifest
.xml
116.0.1938.69/identity_proxy/dev.identity_helper.exe.manifest
.xml
116.0.1938.69/identity_proxy/internal.identity_helper.exe.manifest
.xml
116.0.1938.69/identity_proxy/resources.pri
116.0.1938.69/identity_proxy/stable.identity_helper.exe.manifest
.xml
116.0.1938.69/identity_proxy/win10/identity_helper.Sparse.Beta.msix
.appx
116.0.1938.69/identity_proxy/win10/identity_helper.Sparse.Canary.msix
.appx
116.0.1938.69/identity_proxy/win10/identity_helper.Sparse.Dev.msix
.appx
116.0.1938.69/identity_proxy/win10/identity_helper.Sparse.Internal.msix
.appx
116.0.1938.69/identity_proxy/win10/identity_helper.Sparse.Stable.msix
.appx
116.0.1938.69/identity_proxy/win11/identity_helper.Sparse.Beta.msix
.appx
116.0.1938.69/identity_proxy/win11/identity_helper.Sparse.Canary.msix
.appx
116.0.1938.69/identity_proxy/win11/identity_helper.Sparse.Dev.msix
.appx
116.0.1938.69/identity_proxy/win11/identity_helper.Sparse.Internal.msix
.appx
116.0.1938.69/identity_proxy/win11/identity_helper.Sparse.Stable.msix
.appx
116.0.1938.69/webview2_integration.dll
.dll windows:5 windows x64

d58e2580b02ba8198aec184b4e66bb5f

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:9e:dd:45:1d:41:45:7b:e6:e5:42:f2:6b:64:d9:4d:11:95:1b:d8:20:bd:2e:da:d0:cd:21:21:c0:b7:11:c3
Signer

Actual PE Digest

48:9e:dd:45:1d:41:45:7b:e6:e5:42:f2:6b:64:d9:4d:11:95:1b:d8:20:bd:2e:da:d0:cd:21:21:c0:b7:11:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventW
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemInfo
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetEvent
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
memcpy
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_configure_narrow_argv
_crt_atexit
_execute_onexit_table
_initialize_narrow_environment
_initialize_onexit_table
_initterm
_initterm_e
_register_onexit_function
_seh_filter_dll

Exports

Exports

GetXboxDefaultScaleFactor
LoadWCOSAdapter
OpenSharedResource
PrepareVisualForWcos

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
116.0.1938.69/wns_push_client.dll
.dll windows:5 windows x64

245dee34b9003caf603e6a79a3808b51

Code Sign

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:e4:d3:9b:48:22:c9:97:80:7d:9c:d5:e9:ec:8c:78:47:6b:ab:66:f0:b3:2e:8c:58:da:e7:52:fe:ec:4b:81
Signer

Actual PE Digest

22:e4:d3:9b:48:22:c9:97:80:7d:9c:d5:e9:ec:8c:78:47:6b:ab:66:f0:b3:2e:8c:58:da:e7:52:fe:ec:4b:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

??0IAuthToken@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IAuthToken@ConnectionProvider@@QEAA@AEBU01@@Z
??0IAuthToken@ConnectionProvider@@QEAA@XZ
??0IAuthTokenChangedInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IAuthTokenChangedInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IAuthTokenChangedInfo@ConnectionProvider@@QEAA@XZ
??0IByteBuffer@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IByteBuffer@ConnectionProvider@@QEAA@AEBU01@@Z
??0IByteBuffer@ConnectionProvider@@QEAA@XZ
??0ICallbackInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ICallbackInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0ICallbackInfo@ConnectionProvider@@QEAA@XZ
??0IConnectedInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IConnectedInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IConnectedInfo@ConnectionProvider@@QEAA@XZ
??0IConnectionChangedInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IConnectionChangedInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IConnectionChangedInfo@ConnectionProvider@@QEAA@XZ
??0IConnectionProvider@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IConnectionProvider@ConnectionProvider@@QEAA@AEBU01@@Z
??0IConnectionProvider@ConnectionProvider@@QEAA@XZ
??0IConnectionProviderCallback@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IConnectionProviderCallback@ConnectionProvider@@QEAA@AEBU01@@Z
??0IConnectionProviderCallback@ConnectionProvider@@QEAA@XZ
??0IConnectionProviderPlatform@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IConnectionProviderPlatform@ConnectionProvider@@QEAA@AEBU01@@Z
??0IConnectionProviderPlatform@ConnectionProvider@@QEAA@XZ
??0IDeleteNotificationData@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IDeleteNotificationData@ConnectionProvider@@QEAA@AEBU01@@Z
??0IDeleteNotificationData@ConnectionProvider@@QEAA@XZ
??0IDisconnectInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IDisconnectInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IDisconnectInfo@ConnectionProvider@@QEAA@XZ
??0INetworkListener@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0INetworkListener@ConnectionProvider@@QEAA@AEBU01@@Z
??0INetworkListener@ConnectionProvider@@QEAA@XZ
??0INetworkMonitor@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0INetworkMonitor@ConnectionProvider@@QEAA@AEBU01@@Z
??0INetworkMonitor@ConnectionProvider@@QEAA@XZ
??0INotificationData@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0INotificationData@ConnectionProvider@@QEAA@AEBU01@@Z
??0INotificationData@ConnectionProvider@@QEAA@XZ
??0INotificationPolicyChangedInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0INotificationPolicyChangedInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0INotificationPolicyChangedInfo@ConnectionProvider@@QEAA@XZ
??0INotificationUserList@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0INotificationUserList@ConnectionProvider@@QEAA@AEBU01@@Z
??0INotificationUserList@ConnectionProvider@@QEAA@XZ
??0IPingCompletedInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IPingCompletedInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IPingCompletedInfo@ConnectionProvider@@QEAA@XZ
??0IPingFailedInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IPingFailedInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IPingFailedInfo@ConnectionProvider@@QEAA@XZ
??0IRefCounted@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IRefCounted@ConnectionProvider@@QEAA@AEBU01@@Z
??0IRefCounted@ConnectionProvider@@QEAA@XZ
??0IRequestChannelInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IRequestChannelInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IRequestChannelInfo@ConnectionProvider@@QEAA@XZ
??0IRevokeChannelInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IRevokeChannelInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IRevokeChannelInfo@ConnectionProvider@@QEAA@XZ
??0ISequencedTaskRunner@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ISequencedTaskRunner@ConnectionProvider@@QEAA@AEBU01@@Z
??0ISequencedTaskRunner@ConnectionProvider@@QEAA@XZ
??0ISocket@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ISocket@ConnectionProvider@@QEAA@AEBU01@@Z
??0ISocket@ConnectionProvider@@QEAA@XZ
??0ISocketBackOffPolicy@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ISocketBackOffPolicy@ConnectionProvider@@QEAA@AEBU01@@Z
??0ISocketBackOffPolicy@ConnectionProvider@@QEAA@XZ
??0ISocketListener@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ISocketListener@ConnectionProvider@@QEAA@AEBU01@@Z
??0ISocketListener@ConnectionProvider@@QEAA@XZ
??0ITask@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ITask@ConnectionProvider@@QEAA@AEBU01@@Z
??0ITask@ConnectionProvider@@QEAA@XZ
??0ITestingTaskEnvironment@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ITestingTaskEnvironment@ConnectionProvider@@QEAA@AEBU01@@Z
??0ITestingTaskEnvironment@ConnectionProvider@@QEAA@XZ
??0ITimer@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ITimer@ConnectionProvider@@QEAA@AEBU01@@Z
??0ITimer@ConnectionProvider@@QEAA@XZ
??0ITimerCallback@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0ITimerCallback@ConnectionProvider@@QEAA@AEBU01@@Z
??0ITimerCallback@ConnectionProvider@@QEAA@XZ
??0IUserChangedInfo@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IUserChangedInfo@ConnectionProvider@@QEAA@AEBU01@@Z
??0IUserChangedInfo@ConnectionProvider@@QEAA@XZ
??0IXmlElementCollection@ConnectionProvider@@QEAA@$$QEAU01@@Z
??0IXmlElementCollection@ConnectionProvider@@QEAA@AEBU01@@Z
??0IXmlElementCollection@ConnectionProvider@@QEAA@XZ
??4IAuthToken@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IAuthToken@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IAuthTokenChangedInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IAuthTokenChangedInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IByteBuffer@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IByteBuffer@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ICallbackInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ICallbackInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IConnectedInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IConnectedInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IConnectionChangedInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IConnectionChangedInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IConnectionProvider@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IConnectionProvider@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IConnectionProviderCallback@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IConnectionProviderCallback@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IConnectionProviderPlatform@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IConnectionProviderPlatform@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IDeleteNotificationData@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IDeleteNotificationData@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IDisconnectInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IDisconnectInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4INetworkListener@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4INetworkListener@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4INetworkMonitor@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4INetworkMonitor@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4INotificationData@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4INotificationData@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4INotificationPolicyChangedInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4INotificationPolicyChangedInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4INotificationUserList@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4INotificationUserList@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IPingCompletedInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IPingCompletedInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IPingFailedInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IPingFailedInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IRefCounted@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IRefCounted@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IRequestChannelInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IRequestChannelInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IRevokeChannelInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IRevokeChannelInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ISequencedTaskRunner@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ISequencedTaskRunner@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ISocket@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ISocket@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ISocketBackOffPolicy@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ISocketBackOffPolicy@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ISocketListener@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ISocketListener@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ITask@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ITask@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ITestingTaskEnvironment@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ITestingTaskEnvironment@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ITimer@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ITimer@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4ITimerCallback@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4ITimerCallback@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IUserChangedInfo@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IUserChangedInfo@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??4IXmlElementCollection@ConnectionProvider@@QEAAAEAU01@$$QEAU01@@Z
??4IXmlElementCollection@ConnectionProvider@@QEAAAEAU01@AEBU01@@Z
??_7IAuthToken@ConnectionProvider@@6B@
??_7IAuthTokenChangedInfo@ConnectionProvider@@6B@
??_7IByteBuffer@ConnectionProvider@@6B@
??_7ICallbackInfo@ConnectionProvider@@6B@
??_7IConnectedInfo@ConnectionProvider@@6B@
??_7IConnectionChangedInfo@ConnectionProvider@@6B@
??_7IConnectionProvider@ConnectionProvider@@6B@
??_7IConnectionProviderCallback@ConnectionProvider@@6B@
??_7IConnectionProviderPlatform@ConnectionProvider@@6B@
??_7IDeleteNotificationData@ConnectionProvider@@6B@
??_7IDisconnectInfo@ConnectionProvider@@6B@
??_7INetworkListener@ConnectionProvider@@6B@
??_7INetworkMonitor@ConnectionProvider@@6B@
??_7INotificationData@ConnectionProvider@@6B@
??_7INotificationPolicyChangedInfo@ConnectionProvider@@6B@
??_7INotificationUserList@ConnectionProvider@@6B@
??_7IPingCompletedInfo@ConnectionProvider@@6B@
??_7IPingFailedInfo@ConnectionProvider@@6B@
??_7IRefCounted@ConnectionProvider@@6B@
??_7IRequestChannelInfo@ConnectionProvider@@6B@
??_7IRevokeChannelInfo@ConnectionProvider@@6B@
??_7ISequencedTaskRunner@ConnectionProvider@@6B@
??_7ISocket@ConnectionProvider@@6B@
??_7ISocketBackOffPolicy@ConnectionProvider@@6B@
??_7ISocketListener@ConnectionProvider@@6B@
??_7ITask@ConnectionProvider@@6B@
??_7ITestingTaskEnvironment@ConnectionProvider@@6B@
??_7ITimer@ConnectionProvider@@6B@
??_7ITimerCallback@ConnectionProvider@@6B@
??_7IUserChangedInfo@ConnectionProvider@@6B@
??_7IXmlElementCollection@ConnectionProvider@@6B@
CreateConnectionProvider

Sections

.text
Size: 535KB - Virtual size: 535KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Client version(updater).hta
.html

Sharing

General

Malware Config

Signatures

Files

a739bd952c65a9a0747071451d6d4968

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3cCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

59:07:f3:84:70:f3:32:bc:28:e4:84:a4:05:02:7d:e9:4d:7b:16:52:d0:da:37:26:da:d2:50:ea:57:1f:d7:11Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ncrypt

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 513KB - Virtual size: 513KB

.data Size: 66KB - Virtual size: 137KB

.pdata Size: 81KB - Virtual size: 80KB

.00cfg Size: 512B - Virtual size: 48B

.gxfg Size: 12KB - Virtual size: 12KB

.retplne Size: 512B - Virtual size: 200B

.tls Size: 1024B - Virtual size: 529B

LZMADEC Size: 4KB - Virtual size: 4KB

_RDATA Size: 512B - Virtual size: 348B

malloc_h Size: 512B - Virtual size: 226B

.rsrc Size: 449KB - Virtual size: 448KB

.reloc Size: 14KB - Virtual size: 14KB

3ca611bf4cdc140bb7c620f76933ca2e

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3cCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a1:20:7f:52:3e:ff:ed:09:be:f8:7b:65:a6:90:91:e7:e7:73:14:01:81:cc:0d:41:17:db:ba:67:02:1c:3f:deSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

api-ms-win-core-winrt-error-l1-1-0

user32

shell32

api-ms-win-core-path-l1-1-0

advapi32

ole32

vcruntime140

vcruntime140_1

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

Exports

Exports

Sections

.text Size: 166KB - Virtual size: 165KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 5KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 9KB

.00cfg Size: 512B - Virtual size: 56B

.retplne Size: 512B - Virtual size: 140B

.tls Size: 512B - Virtual size: 9B

.reloc Size: 1KB - Virtual size: 1KB

d58e2580b02ba8198aec184b4e66bb5f

Code Sign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3cCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

59:07:f3:84:70:f3:32:bc:28:e4:84:a4:05:02:7d:e9:4d:7b:16:52:d0:da:37:26:da:d2:50:ea:57:1f:d7:11
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 513KB - Virtual size: 513KB

.data
Size: 66KB - Virtual size: 137KB

.pdata
Size: 81KB - Virtual size: 80KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 12KB - Virtual size: 12KB

.retplne
Size: 512B - Virtual size: 200B

.tls
Size: 1024B - Virtual size: 529B

LZMADEC
Size: 4KB - Virtual size: 4KB

_RDATA
Size: 512B - Virtual size: 348B

malloc_h
Size: 512B - Virtual size: 226B

.rsrc
Size: 449KB - Virtual size: 448KB

.reloc
Size: 14KB - Virtual size: 14KB

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a1:20:7f:52:3e:ff:ed:09:be:f8:7b:65:a6:90:91:e7:e7:73:14:01:81:cc:0d:41:17:db:ba:67:02:1c:3f:de
Signer

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 5KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 9KB

.00cfg
Size: 512B - Virtual size: 56B

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 1KB - Virtual size: 1KB

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

48:9e:dd:45:1d:41:45:7b:e6:e5:42:f2:6b:64:d9:4d:11:95:1b:d8:20:bd:2e:da:d0:cd:21:21:c0:b7:11:c3
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 684B

.00cfg
Size: 512B - Virtual size: 56B

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 60B

33:00:00:03:3e:63:3a:86:bf:41:73:d7:e0:00:00:00:00:03:3e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

22:e4:d3:9b:48:22:c9:97:80:7d:9c:d5:e9:ec:8c:78:47:6b:ab:66:f0:b3:2e:8c:58:da:e7:52:fe:ec:4b:81
Signer

.text
Size: 535KB - Virtual size: 535KB

.rdata
Size: 202KB - Virtual size: 201KB

.data
Size: 10KB - Virtual size: 20KB

.pdata
Size: 39KB - Virtual size: 38KB

.00cfg
Size: 512B - Virtual size: 56B

.gxfg
Size: 9KB - Virtual size: 9KB

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB