287a3c636c07074ee7278833a6029c76638f27c45f466a095a37e10f10322a83

Sharing

Copy URL Twitter E-mail

General

Target

287a3c636c07074ee7278833a6029c76638f27c45f466a095a37e10f10322a83
Size

11.1MB
MD5

8174d64d8b566a3985852b2697c05ad0
SHA1

2ae3b5645ae3958aa2f57eb044249c00b1aa5bc2
SHA256

287a3c636c07074ee7278833a6029c76638f27c45f466a095a37e10f10322a83
SHA512

f6dc2f48f51ed4b40a0b0bd5d96a0398a1e2c926edca746ec0338ca805544b7dace989027f403d2d422dd600ed4f437e7f9be7b3fa6e6e6da96a12ea9fa1c694
SSDEEP

196608:V9/UZddj4VeJOlhNkZ+6NcYxVXkAvtnPe6Qqo24DfNsUJGUqdYI+JWl6GpX:MLQeJSNkOsPe6Qqo2UltJPqxkWcGl

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/rdp/x64/Launcher.dll
unpack001/rdp/x64/Launcher.exe
unpack001/rdp/x64/MFC14XU.dll
unpack001/rdp/x64/RenderMaintainer.exe
unpack001/rdp/x64/ShadowBotRDP_Win7Helper.dll
unpack001/rdp/x86/Launcher.dll
unpack001/rdp/x86/Launcher.exe
unpack001/rdp/x86/MFC14XU.dll
unpack001/rdp/x86/RenderMaintainer.exe
unpack001/rdp/x86/ShadowBotRDP_Win7Helper.dll

Files

287a3c636c07074ee7278833a6029c76638f27c45f466a095a37e10f10322a83
.zip
rdp/x64/Launcher.deps.json
rdp/x64/Launcher.dll
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x64/Launcher.dll.config
rdp/x64/Launcher.exe
.exe windows:6 windows x64

bc869d882755376c81b17b229a3fc736

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FreeLibrary
FlushInstructionCache
SetThreadContext
VirtualQuery
OpenThread
LoadLibraryExW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
FindClose
CreateFileW
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
lstrlenA
GetVersionExA
lstrcpynA
FormatMessageA
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
GetFileInformationByHandleEx
AreFileApisANSI
FindFirstFileW
GetLocaleInfoEx
LocalFree
GetProcAddress
GetModuleHandleW
GetThreadContext
CloseHandle
GetCurrentThread
GetLastError
Sleep
MultiByteToWideChar
GetModuleHandleA
ResumeThread
SuspendThread
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
TerminateProcess
VirtualAlloc
GetCurrentProcess
VirtualFree
SetLastError
VirtualProtect
OutputDebugStringW

user32

GetUserObjectInformationA
GetActiveWindow
MessageBoxW
GetProcessWindowStation
GetLastActivePopup
MessageBoxA

shell32

ShellExecuteW

oleaut32

GetErrorInfo
SysFreeString

advapi32

RegCloseKey
RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

msvcr14x

___lc_codepage_func
terminate
_callnewh
__CxxFrameHandler4
__std_terminate
_invalid_parameter_noinfo_noreturn
__std_exception_destroy
__acrt_iob_func
fputwc
fputws
__std_exception_copy
fflush
__stdio_common_vfwprintf
__stdio_common_vswprintf
_wfopen
setvbuf
__C_specific_handler
toupper
_wcsicmp
_assert
tolower
wcstoul
_errno
_wcsnicmp
_set_error_mode
wcsncmp
_gmtime64_s
wcsftime
_time64
exit
_wputenv
ferror
isalpha
fgetc
_purecall
__stdio_common_vsnprintf_s
strncmp
free
isspace
strchr
_ftelli64
isdigit
fread
__stdio_common_vsscanf
_fseeki64
malloc
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_exit
_set_fmode
__p___argc
__p___wargv
_c_exit
memcpy
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_CxxThrowException
__current_exception
__current_exception_context
memset
memmove
memcmp
_wtoi

msvcp14x

?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??Bios_base@std@@QEBA_NXZ
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?good@ios_base@std@@QEBA_NXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x64/Launcher.runtimeconfig.json
rdp/x64/MFC14XU.dll
.dll windows:6 windows x64

79a1158798fb666625f740926535a969

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

uxtheme

IsAppThemed
DrawThemeParentBackground
GetWindowTheme
DrawThemeBackground
GetThemeColor
OpenThemeData
CloseThemeData
GetCurrentThemeName
GetThemeSysColor
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemePartSize

winspool.drv

GetJobW
ClosePrinter
DocumentPropertiesW
OpenPrinterW

user32

EndDialog
CreateDialogIndirectParamW
GetDlgItem
GetMessageTime
GetMessagePos
GetPropW
RemovePropW
SetPropW
MapDialogRect
GetDialogBaseUnits
GetDCEx
RemoveMenu
CharToOemBuffA
GetTabbedTextExtentW
OemToCharBuffA
MsgWaitForMultipleObjectsEx
CharNextW
IsDialogMessageW
SetWindowContextHelpId
ClipCursor
SendNotifyMessageW
MapVirtualKeyExW
GetKeyboardLayout
GetKeyNameTextW
IsCharLowerW
EnableWindow
SetRect
IsWindow
RedrawWindow
GetWindowTextLengthW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
InvalidateRgn
MoveWindow
InSendMessage
GetMenuStringW
CreateMenu
SetActiveWindow
CallWindowProcW
SetWindowLongPtrW
GetMenuCheckMarkDimensions
SetMenuItemInfoW
SetMenuItemBitmaps
SetWindowLongW
MessageBoxW
GetWindowThreadProcessId
ShowOwnedPopups
UnregisterClassW
PostQuitMessage
DrawEdge
CharUpperBuffW
GetComboBoxInfo
RegisterClipboardFormatW
GetActiveWindow
InsertMenuW
IsWindowEnabled
ShowScrollBar
FrameRect
GetWindowRgn
ReleaseDC
GetDC
GetDoubleClickTime
GetWindowTextW
EnumChildWindows
InvertRect
HideCaret
SetMenuDefaultItem
GetMenuDefaultItem
GetScrollPos
EnableScrollBar
UpdateLayeredWindow
GetMessageW
InvalidateRect
SendMessageW
GetWindowRect
SetRectEmpty
KillTimer
GetClientRect
IsWindowVisible
GetCursorPos
ScreenToClient
TrackMouseEvent
SetTimer
UpdateWindow
PtInRect
OffsetRect
InflateRect
DrawIconEx
GetParent
SetClassLongPtrW
GetSysColorBrush
EqualRect
DeferWindowPos
PostMessageW
GetDlgCtrlID
IsRectEmpty
GetWindowPlacement
GetSysColor
SetParent
GetClassNameW
GetLastActivePopup
SubtractRect
DrawFrameControl
GetMenuItemInfoW
WindowFromDC
SetScrollRange
AdjustWindowRectEx
CountClipboardFormats
GetMenu
SetFocus
CheckMenuItem
GetMenuState
SetWindowTextW
CharUpperW
MapVirtualKeyW
ToUnicodeEx
GetKeyboardState
CopyAcceleratorTableW
DestroyIcon
RegisterWindowMessageW
BringWindowToTop
CopyIcon
CreateAcceleratorTableW
DestroyCursor
IsClipboardFormatAvailable
GetClassLongPtrW
ShowWindow
ReleaseCapture
SetCapture
ClientToScreen
WindowFromPoint
SetCursorPos
MessageBeep
MapWindowPoints
LoadBitmapW
CopyRect
NotifyWinEvent
FillRect
GetIconInfo
CopyImage
LoadImageW
GetWindowLongW
SetCursor
DrawFocusRect
GetNextDlgGroupItem
LoadIconW
TrackPopupMenu
IsChild
GetFocus
LoadCursorW
SetForegroundWindow
PeekMessageW
TranslateMessage
DispatchMessageW
WaitMessage
GetDesktopWindow
GetAsyncKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawStateW
GetCapture
LoadAcceleratorsW
TranslateAcceleratorW
GetSystemMetrics
DestroyMenu
LoadMenuW
SetMenu
GetSubMenu
PostThreadMessageW
GetClassInfoW
DefWindowProcW
GetWindow
GetMenuItemCount
GetMenuItemID
IsIconic
GetForegroundWindow
DrawIcon
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
ValidateRect
SetLayeredWindowAttributes
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetUpdateRect
UnionRect
SetWindowPos
LockWindowUpdate
GetKeyState
BeginDeferWindowPos
EndDeferWindowPos
AppendMenuW
CreatePopupMenu
IntersectRect
SetScrollPos
EnableMenuItem
GetNextDlgTabItem
GetSystemMenu
IsMenu
IsZoomed
ModifyMenuW
DeleteMenu
SetWindowRgn
DestroyAcceleratorTable
GetTopWindow
DestroyWindow
MonitorFromRect
EnumDisplayMonitors
RealChildWindowFromPoint
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
DefFrameProcW
GetWindowDC
GetMenuBarInfo
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
SendDlgItemMessageA
EndPaint
BeginPaint
MonitorFromWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
WinHelpW
RegisterClassW
TrackPopupMenuEx
SetWindowPlacement
CreateWindowExW
GetWindowLongPtrW
GetClassInfoExW

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegQueryValueW
RegSetValueW
GetFileSecurityW
SetFileSecurityW
IsTextUnicode
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW

ole32

ReadClassStg
GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
CreateGenericComposite
OleSetMenuDescriptor
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
OleRun
CreateFileMoniker
CreateBindCtx
GetClassFile
OleRegGetUserType
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfile
StgIsStorageFile
StgOpenStorage
CoGetMalloc
OleSave
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
IsAccelerator
OleTranslateAccelerator
GetRunningObjectTable
WriteClassStg
OleDuplicateData
WriteFmtUserTypeStg
SetConvertStg
CoTreatAsClass
CoRegisterMessageFilter
CoDisconnectObject
OleRegEnumVerbs
OleRegGetMiscStatus
OleDraw
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSetContainedObject
StringFromCLSID
OleLockRunning
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
PropVariantCopy
CoInitializeEx
StringFromGUID2
ReadFmtUserTypeStg
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReadClassStm
OleSaveToStream
CreateOleAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
ReleaseStgMedium
CreateDataAdviseHolder
CreateDataCache
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
PropVariantClear
OleLoad
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
DoDragDrop
CoCreateInstance
CreateItemMoniker

shell32

DragFinish
DragAcceptFiles
SHAddToRecentDocs
ExtractIconW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHAppBarMessage
DragQueryFileW

oleaut32

OleTranslateColor
OleCreateFontIndirect
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
OleCreatePictureIndirect
VarBstrFromDate
VarBstrFromCy
SystemTimeToVariantTime
VarCyFromStr
SysAllocStringByteLen
SafeArrayRedim
OleLoadPicture
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantInit
DispCallFunc
VarBstrCmp
OleCreatePropertyFrame
SafeArrayUnlock
VariantCopy
SysReAllocStringLen
SafeArrayDestroy
SysStringByteLen
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantTimeToSystemTime
SafeArrayDestroyData
VarParseNumFromStr
SafeArrayCreateVector
VarBstrFromDec
VarDecFromStr
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayCreate

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
UrlUnescapeW

wininet

HttpSendRequestExW
InternetFindNextFileW
GopherFindFirstFileW
InternetGetLastResponseInfoW
HttpQueryInfoW
FtpFindFirstFileW
GopherGetAttributeW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetQueryOptionW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetSetStatusCallbackW
InternetSetCookieW
InternetGetCookieW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectW
FtpDeleteFileW
FtpRenameFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
HttpEndRequestW
FtpGetCurrentDirectoryW
FtpOpenFileW
FtpCommandW
FtpPutFileW
FtpGetFileW
GopherCreateLocatorW
FtpSetCurrentDirectoryW
GopherOpenFileW
HttpOpenRequestW
InternetErrorDlg
HttpAddRequestHeadersW
HttpSendRequestW

ws2_32

WSACleanup
WSAStartup
WSASetLastError
WSAGetLastError
getpeername
ntohs
inet_ntoa
getsockname
accept
htonl
inet_addr
htons
bind
closesocket
gethostbyname
recv
send
WSAAsyncSelect
select
socket
recvfrom
sendto
connect

gdi32

CreateRectRgnIndirect
OffsetRgn
CreateDIBSection
Ellipse
SetPixel
GetBkColor
CreateFontIndirectW
GetDeviceCaps
GetTextCharsetInfo
EnumFontFamiliesW
CreatePen
CreatePatternBrush
CreateDIBitmap
SetPaletteEntries
ExtFloodFill
StartPage
EndPage
EndDoc
GetCurrentObject
DeleteDC
PatBlt
CombineRgn
GetBoundsRect
FillRgn
SetRectRgn
CreateRoundRectRgn
EnumFontFamiliesExW
CreateBitmap
SetBkColor
StretchBlt
SelectPalette
GetDIBits
SetDIBColorTable
Polyline
ExtTextOutW
CreateHatchBrush
CreateEllipticRgn
RoundRect
StretchDIBits
CreateFontW
GetCharWidthW
LPtoDP
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
GetViewportOrgEx
PtVisible
RectVisible
TextOutW
Escape
GetClipBox
GetTextAlign
GetCurrentPositionEx
MoveToEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetRgnBox
RestoreDC
GetROP2
GetBkMode
GetPolyFillMode
GetStretchBltMode
GetNearestColor
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
SetTextColor
SetMapMode
SetWindowExtEx
ScaleWindowExtEx
GetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreateDCW
SetBrushOrgEx
SetAbortProc
StartDocW
DPtoLP
AbortDoc
CopyMetaFileW
UnrealizeObject
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
OffsetWindowOrgEx
SelectClipRgn
ExcludeClipRect
OffsetClipRgn
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
SelectClipPath
GetClipRgn
ExtSelectClipRgn
PlayMetaFileRecord
PlayMetaFile
EnumMetaFile
ExtCreatePen
CreateDIBPatternBrushPt
GetMapMode
BitBlt
SetPixelV
FrameRgn
CreateCompatibleBitmap
PtInRegion
CreatePolygonRgn
GetPixel
GetSystemPaletteEntries
GetNearestPaletteIndex
RealizePalette
CreatePalette
GetPaletteEntries
GetStockObject
Rectangle
Polygon
GetTextColor
GetObjectType
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
CreateSolidBrush
GetTextExtentPoint32W
SaveDC
CreateRectRgn
GetTextMetricsW

gdiplus

GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageI
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipCreateBitmapFromFile

msimg32

AlphaBlend
TransparentBlt

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

odbc32

ord110
ord3
ord111
ord13
ord61
ord5
ord16
ord9
ord14
ord15
ord176
ord145
ord139
ord23
ord2
ord1
ord141
ord43
ord68
ord12
ord119
ord4
ord72
ord49
ord48
ord20
ord117
ord59
ord108
ord44
ord138
ord18

crypt32

CryptProtectData
CryptUnprotectData

oledlg

OleUIChangeIconW
OleUIEditLinksW
OleUIUpdateLinksW
OleUIPasteSpecialW
OleUIConvertW
OleUIObjectPropertiesW
OleUIChangeSourceW
OleUIAddVerbMenuW
OleUIInsertObjectW
OleUIBusyW

urlmon

IsAsyncMoniker
CreateAsyncBindCtx
RegisterBindStatusCallback
CreateURLMoniker

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

kernel32

TerminateProcess
AreFileApisANSI
GlobalFlags
GlobalFindAtomW
GetSystemTime
LocalUnlock
LocalLock
GlobalGetAtomNameW
GetAtomNameW
SetEvent
CopyFileW
WaitForMultipleObjects
CreateEventW
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
FormatMessageA
GetEnvironmentVariableA
GetEnvironmentVariableW
FormatMessageW
SetFileAttributesW
LocalFileTimeToFileTime
GetFileAttributesExW
GetFileSizeEx
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameW
GetStringTypeExW
GetThreadLocale
FindClose
FindFirstFileW
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
ResumeThread
SuspendThread
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
GetProfileIntW
SystemTimeToFileTime
ReplaceFileW
GetFileTime
GetSystemTimeAsFileTime
ExpandEnvironmentStringsA
IsDebuggerPresent
GetFullPathNameW
GetDiskFreeSpaceW
GetTempFileNameW
VirtualProtect
lstrcpyA
CompareStringW
IsDBCSLeadByte
GetUserDefaultLCID
FindResourceExW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalAddAtomW
GetCurrentProcessId
SetErrorMode
GlobalDeleteAtom
CompareStringA
lstrcmpA
WideCharToMultiByte
GetVersionExW
GetCurrentThread
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
SearchPathW
GlobalSize
GetFileAttributesW
GetFileSize
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsFree
TlsAlloc
LocalFree
LocalAlloc
SetThreadPriority
lstrcmpiW
GetWindowsDirectoryW
GetTickCount
GlobalFree
GetSystemDirectoryW
lstrcmpW
GetCurrentDirectoryW
Sleep
SetFilePointer
CreateFileW
GetTempPathW
CloseHandle
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
MulDiv
GetModuleHandleW
DeleteFileW
InitializeCriticalSection
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
MultiByteToWideChar
OutputDebugStringA
QueryActCtxW
GetModuleHandleExW
GetModuleFileNameW
CreateActCtxW
FindActCtxSectionStringW
ActivateActCtx
GetProcAddress
LoadLibraryW
DeactivateActCtx
SetLastError
__C_specific_handler
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
OutputDebugStringW
RtlCaptureContext
RtlLookupFunctionEntry
InitializeSListHead
QueryPerformanceCounter
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
SetFileTime

msvcr14x

abort
__std_terminate
_invalid_parameter_noinfo
_errno
_wcslwr_s
toupper
wcsnlen
_purecall
wmemcpy_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
wcschr
iswspace
wcsstr
free
malloc
_wtoi
_wcsupr_s
calloc
_wcsicmp
wcspbrk
wcsrchr
wcscspn
wcsspn
clock
_wsplitpath_s
wcscoll
_wcsicoll
wcsncmp
wcscpy_s
iswdigit
iswalpha
iswalnum
iswprint
towupper
towlower
_wtol
wcstoul
__stdio_common_vswscanf
wcscat_s
_localtime64_s
_endthread
_beginthread
_wcsdup
_wmakepath_s
_time64
wcstod
_resetstkoflw
_recalloc
__stdio_common_vsnwprintf_s
__p___argc
__p___wargv
_strnicmp
wcsncpy_s
_itow_s
_ltow_s
_wcsnicmp
strnlen
_mktime64
_mbscmp
wcstol
realloc
rand_s
__stdio_common_vsprintf_s
__CxxFrameHandler4
__stdio_common_vsprintf
_wfullpath
_get_osfhandle
_fileno
_open_osfhandle
_fdopen
__doserrno
fread
feof
ferror
clearerr_s
fwrite
fputws
fgetws
fseek
ftell
fflush
fclose
_mbsinc
_mbsicoll
wcscmp
_mbspbrk
_ismbcspace
_wcsrev
_mbsrchr
_mbscoll
_mbsspn
_mbsrev
_mbslwr_s
_mbsupr_s
_mbschr
_mbscspn
_mbsicmp
_mbsstr
_ultow_s
_endthreadex
_beginthreadex
_msize
_expand
memset
memmove
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
terminate
__current_exception
__current_exception_context
_initterm
_initterm_e
__std_type_info_destroy_list
_CxxThrowException
atan2
ceil
cos
exp
floor
memcmp
memcpy
sin
sqrt
strcpy_s

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 882KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x64/RenderMaintainer.exe
.exe windows:5 windows x64

970a1b6fa4f52d56e993dbe67ba4a4ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyW

shlwapi

PathFindFileNameW
PathFindExtensionW

gdi32

DeleteObject
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectObject
BitBlt
GetDeviceCaps

user32

GetActiveWindow
MessageBoxA
EnumWindows
GetClassNameW
GetUserObjectInformationW
GetProcessWindowStation
GetWindowRect
ShowWindowAsync
GetDesktopWindow
DrawIcon
GetClientRect
IsIconic
AppendMenuW
GetSystemMenu
MessageBoxW
SetWindowPos
SetDlgItemTextW
EndDialog
LoadIconW
EnableWindow
GetMonitorInfoW
PostMessageW
GetDC
MonitorFromWindow
SendMessageW
GetSystemMetrics
SetTimer
ReleaseDC
GetLastActivePopup
GetWindowThreadProcessId

mfc14xu

ord14088
ord7668
ord12625
ord4011
ord14216
ord7650
ord14210
ord2439
ord5183
ord8023
ord12544
ord8084
ord8167
ord2350
ord2346
ord446
ord7233
ord2689
ord14194
ord3748
ord2907
ord8440
ord4083
ord3096
ord6002
ord13401
ord3212
ord3209
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8822
ord11771
ord3718
ord11625
ord14209
ord8656
ord11902
ord6729
ord10691
ord8947
ord3173
ord13513
ord1700
ord1722
ord1748
ord1734
ord1755
ord4843
ord4788
ord4853
ord4837
ord4752
ord4767
ord4828
ord4360
ord9384
ord4352
ord2967
ord14211
ord7651
ord14217
ord6631
ord11406
ord13354
ord5723
ord2629
ord11806
ord3812
ord11850
ord5582
ord5916
ord9946
ord6342
ord990
ord2212
ord3599
ord2344
ord10163
ord4725
ord2301
ord3713
ord878
ord1369
ord10727
ord4726
ord4721
ord8507
ord2686
ord6285
ord8901
ord11854
ord8830
ord2697
ord13397
ord6000
ord3307
ord3308
ord11085
ord10704
ord8731
ord11813
ord4949
ord4955
ord12241
ord316
ord310
ord1034
ord983
ord13545
ord6122
ord14289
ord6123
ord14290
ord6121
ord14288
ord11665
ord11664
ord2011
ord3949
ord9089
ord12223
ord12222
ord296
ord1033
ord4656
ord11944
ord11940
ord4776
ord4806
ord4800
ord4794
ord4782
ord4859
ord4814
ord3279
ord3278
ord3172
ord2187
ord1501
ord2431
ord8161
ord1503
ord280
ord2415
ord12240
ord286
ord2909
ord13986
ord5709
ord285
ord3071
ord2921
ord4947
ord4675
ord278
ord12442
ord12563
ord8058
ord2370
ord7719
ord3731
ord5706
ord11921
ord11929
ord7920
ord10124
ord11933
ord11901
ord12606
ord5080
ord5363
ord5552
ord9041
ord5339
ord5555
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord9941
ord8900
ord6614
ord4445
ord2288
ord1157
ord1089
ord3951
ord2178
ord2269
ord2273
ord7716
ord1450
ord7393
ord10070
ord12212

kernel32

TlsGetValue
GetModuleHandleW
DeleteCriticalSection
Process32FirstW
DeleteFileW
TlsAlloc
OutputDebugStringW
Process32NextW
GetFileAttributesExW
FormatMessageW
CreateToolhelp32Snapshot
OpenThread
IsProcessorFeaturePresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
TlsSetValue
CreateDirectoryW
UnregisterWaitEx
GetLocalTime
SetEnvironmentVariableW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
OpenProcess
GetFileSizeEx
GetExitCodeProcess
CreateProcessW
GetCommandLineW
GetProcessTimes
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
GetCurrentProcessId
LocalFree
GetProcAddress
HeapAlloc
ResetEvent
LoadLibraryW
RaiseException
CloseHandle
WaitForSingleObjectEx
SetEvent
GetLastError
Sleep
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetSystemDirectoryW
ReleaseMutex
GetVersionExW
GetFileAttributesW
CreateFileW
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetProcessId
GetModuleFileNameW
TerminateProcess
RegisterWaitForSingleObject
ReleaseSemaphore
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
CreateTimerQueueTimer

comctl32

InitCommonControlsEx

oleaut32

SystemTimeToVariantTime
VariantClear
VariantChangeType
GetErrorInfo
SysFreeString
VariantTimeToSystemTime

gdiplus

GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

winsta

WinStationQueryInformationW

ntdll

RtlGetVersion
RtlSetHeapInformation
RtlCreateHeap
NtCreateKeyedEvent
NtQuerySystemInformationEx
NtQueryObject
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlRaiseStatus
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtDuplicateObject
NtClose
NtResumeProcess
NtSuspendProcess
NtQueryInformationJobObject
NtOpenProcess
NtQuerySystemInformation

msvcr14x

_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
__current_exception_context
__current_exception
terminate
_callnewh
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p__commode
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_fmode
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
__setusermatherr
_set_app_type
_seh_filter_exe
wcsncmp
wcsncpy
exit
_resetstkoflw
malloc
_beginthreadex
getenv
__stdio_common_vswprintf
_recalloc
free
calloc
_wcsnicmp
fclose
fwrite
_wfopen
_errno
_invalid_parameter_noinfo
_localtime64_s
_time64
_wcsicmp
__C_specific_handler
__std_terminate
__CxxFrameHandler4
fread
memcpy

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x64/ShadowBotRDP.exe
.exe windows:5 windows x64

edc63f97fa62252258952de231db3c9b

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:a2:43:37:d3:43:8d:cf:7d:d1:8d:a2:0d:df:1c:9f
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

21/06/2022, 00:00

Not After

20/06/2024, 23:59

Subject

SERIALNUMBER=91330110MA2GKLF15T,CN=杭州分叉智能科技有限公司,O=杭州分叉智能科技有限公司,ST=浙江省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:a2:43:37:d3:43:8d:cf:7d:d1:8d:a2:0d:df:1c:9f
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

21/06/2022, 00:00

Not After

20/06/2024, 23:59

Subject

SERIALNUMBER=91330110MA2GKLF15T,CN=杭州分叉智能科技有限公司,O=杭州分叉智能科技有限公司,ST=浙江省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:7d:10:90:70:f2:73:9e:2e:39:b4:89:21:77:17:53:30:61:d9:76:a8:3b:6b:cc:0e:6d:46:05:89:ac:74:ae
Signer

Actual PE Digest

fe:7d:10:90:70:f2:73:9e:2e:39:b4:89:21:77:17:53:30:61:d9:76:a8:3b:6b:cc:0e:6d:46:05:89:ac:74:ae

Digest Algorithm

sha256

PE Digest Matches

true

c1:2b:ea:5a:fa:bd:f1:ae:15:d7:39:02:e0:10:3e:06:79:da:c1:3d
Signer

Actual PE Digest

c1:2b:ea:5a:fa:bd:f1:ae:15:d7:39:02:e0:10:3e:06:79:da:c1:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc14xu

ord10704
ord11813
ord3308
ord2370
ord3307
ord3071
ord6000
ord13397
ord2697
ord3172
ord8901
ord6285
ord8731
ord11854
ord13864
ord7191
ord13767
ord8507
ord10727
ord1369
ord878
ord3713
ord2301
ord2431
ord2415
ord5120
ord10163
ord2909
ord2222
ord3599
ord2212
ord2187
ord446
ord8167
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord5706
ord11921
ord11929
ord7920
ord10124
ord11933
ord11901
ord12606
ord5555
ord9941
ord6614
ord4445
ord1089
ord3951
ord13545
ord2178
ord7716
ord1450
ord983
ord7393
ord10070
ord8161
ord1503
ord1033
ord286
ord296
ord12240
ord4675
ord265
ord4725
ord4656
ord7233
ord4726
ord2686
ord1491
ord266
ord6002
ord13401
ord3212
ord3209
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8830
ord11771
ord3718
ord11625
ord14209
ord8656
ord11902
ord6729
ord10691
ord8947
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord4843
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord11085
ord4782
ord4859
ord4814
ord4752
ord4767
ord4828
ord4360
ord9384
ord4352
ord2967
ord14211
ord7651
ord14217
ord6631
ord11406
ord13354
ord5723
ord2629
ord11806
ord3812
ord3279
ord3278
ord11850
ord5080
ord5363
ord5552
ord9041
ord5339
ord5582
ord5083
ord5229
ord5062
ord5916
ord7460
ord7461
ord7450
ord5227
ord7922
ord9946
ord8900
ord7182
ord1454
ord990
ord1489
ord3203
ord4947

kernel32

GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ReadProcessMemory
ResumeThread
GetCommandLineW
ProcessIdToSessionId
GetExitCodeProcess
lstrcmpiA
GetModuleHandleW
lstrcpynA
DeleteCriticalSection
LoadLibraryA
OutputDebugStringW
FormatMessageW
OpenProcess
GetModuleHandleA
lstrcmpA
GetCurrentThreadId
lstrcpynW
GetSystemTimeAsFileTime
FreeLibrary
GetCurrentProcessId
LocalFree
GetProcAddress
LoadLibraryW
GetLastError
Sleep
CreateEventW
GetVersionExW
GetFileAttributesW
LocalAlloc
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
VirtualFree
SetLastError
VirtualProtect
CloseHandle

user32

DefWindowProcW
IsIconic
SetForegroundWindow
GetProcessWindowStation
GetUserObjectInformationW
GetClassNameW
MessageBoxA
BringWindowToTop
ShowWindowAsync
IsZoomed
DrawIcon
CallWindowProcW
AppendMenuW
GetSystemMenu
LoadIconW
GetLastActivePopup
GetWindow
GetWindowRect
SetWindowLongPtrW
SendMessageW
GetSystemMetrics
EnableWindow
PostQuitMessage
MessageBoxW
GetActiveWindow
GetClientRect

advapi32

LookupAccountSidW
OpenProcessToken
RegOpenKeyW
GetTokenInformation
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathRemoveExtensionA
PathUnquoteSpacesW

ole32

CoTaskMemAlloc
CoCreateInstance

oleaut32

VariantClear
SysFreeString
GetErrorInfo
SysAllocString

winsta

WinStationQueryInformationW

msvcr14x

_wtoi
__stdio_common_vswscanf
exit
__C_specific_handler
wcsrchr
__std_terminate
__CxxFrameHandler4
wcschr
_wgetenv
_stricmp
free
wcsncpy
wcsncmp
_wtol
__stdio_common_vswprintf_s
memset
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
strcmp
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
__current_exception
__current_exception_context
_CxxThrowException
memcpy

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pcode0
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rdp/x64/ShadowBotRDP_Win7Helper.dll
.dll windows:6 windows x64

f58c9ce3b9820ec27b437201ab891235

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
SetLastError
GetModuleFileNameW
GetTickCount
SleepEx
DisableThreadLibraryCalls
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
CloseHandle
GetModuleHandleW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
OpenProcess
GetCurrentProcessId
QueryPerformanceCounter
GetProcAddress
CreateEventW
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsDebuggerPresent

advapi32

CreateProcessAsUserW
SetTokenInformation
LookupPrivilegeValueW
SetThreadToken
AdjustTokenPrivileges
CloseServiceHandle
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DuplicateTokenEx
IsWellKnownSid
GetTokenInformation
OpenProcessToken

ole32

CoInitializeEx
CoUninitialize
CoGetObject

shlwapi

PathFindFileNameW

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

msvcr14x

_invalid_parameter_noinfo
_errno
_wcsicmp
_wcsnicmp
memmove
memset
__C_specific_handler
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_CxxThrowException
__std_type_info_destroy_list
free
__std_terminate
__CxxFrameHandler4
memcpy

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x86/Launcher.deps.json
rdp/x86/Launcher.dll
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x86/Launcher.dll.config
rdp/x86/Launcher.exe
.exe windows:6 windows x86

1a1644bdf1ef61904bef819df608fc52

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
FlushInstructionCache
SetThreadContext
VirtualQuery
OpenThread
LoadLibraryExW
FindFirstFileExW
EnterCriticalSection
GetFullPathNameW
FindNextFileW
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
FindClose
CreateFileW
GetFileAttributesExW
LoadLibraryA
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
lstrlenA
GetVersionExA
lstrcpynA
FormatMessageA
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
GetFileInformationByHandleEx
AreFileApisANSI
FindFirstFileW
GetLocaleInfoEx
LocalFree
GetProcAddress
GetThreadContext
GetModuleHandleW
CloseHandle
GetCurrentThread
GetLastError
Sleep
MultiByteToWideChar
GetModuleHandleA
ResumeThread
SuspendThread
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableW
TerminateProcess
VirtualAlloc
GetCurrentProcess
VirtualFree
SetLastError
VirtualProtect
OutputDebugStringW

user32

GetLastActivePopup
GetActiveWindow
GetUserObjectInformationA
MessageBoxW
GetProcessWindowStation
MessageBoxA

shell32

ShellExecuteW

oleaut32

GetErrorInfo
SysFreeString

advapi32

RegCloseKey
RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW

msvcr14x

___lc_codepage_func
terminate
_callnewh
__CxxFrameHandler3
__std_terminate
_invalid_parameter_noinfo_noreturn
__std_exception_destroy
__acrt_iob_func
fputwc
fputws
__std_exception_copy
fflush
__stdio_common_vfwprintf
__stdio_common_vswprintf
_wfopen
setvbuf
toupper
_wcsicmp
_assert
tolower
wcstoul
_errno
_wcsnicmp
_set_error_mode
wcsncmp
_wtoi
wcsftime
_time64
exit
ftell
_wputenv
ferror
fseek
isalpha
fgetc
_purecall
__stdio_common_vsnprintf_s
strncmp
free
isspace
strchr
isdigit
fread
__stdio_common_vsscanf
malloc
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_except_handler4_common
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_exit
_set_fmode
__p___argc
__p___wargv
memcpy
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_CxxThrowException
__current_exception
__current_exception_context
memset
_controlfp_s
memmove
_gmtime64_s

msvcp14x

?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??Bios_base@std@@QBE_NXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?good@ios_base@std@@QBE_NXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x86/Launcher.runtimeconfig.json
rdp/x86/MFC14XU.dll
.dll windows:6 windows x86

cab510432b34c8a623c634f7060ed21e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

uxtheme

DrawThemeParentBackground
IsAppThemed
GetWindowTheme
DrawThemeBackground
GetThemeColor
OpenThemeData
CloseThemeData
GetCurrentThemeName
GetThemeSysColor
DrawThemeText
IsThemeBackgroundPartiallyTransparent
GetThemePartSize

winspool.drv

ClosePrinter
DocumentPropertiesW
GetJobW
OpenPrinterW

user32

GetMessagePos
GetMessageTime
EndDialog
CreateDialogIndirectParamW
GetDlgItem
GetTabbedTextExtentW
GetWindowTextLengthW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
InvalidateRgn
MoveWindow
CreateMenu
SetActiveWindow
GetPropW
RemovePropW
SetPropW
MapDialogRect
GetDialogBaseUnits
GetDCEx
RemoveMenu
CharToOemBuffA
CallWindowProcW
OemToCharBuffA
MsgWaitForMultipleObjectsEx
CharNextW
IsDialogMessageW
SetWindowContextHelpId
ClipCursor
SendNotifyMessageW
InSendMessage
MapVirtualKeyExW
GetKeyboardLayout
GetKeyNameTextW
IsCharLowerW
EnableWindow
SetRect
IsWindow
RedrawWindow
InvalidateRect
SendMessageW
GetWindowRect
SetRectEmpty
KillTimer
GetClientRect
IsWindowVisible
GetCursorPos
ScreenToClient
TrackMouseEvent
GetMenuStringW
WindowFromDC
GetMenuCheckMarkDimensions
SetMenuItemInfoW
SetMenuItemBitmaps
SetWindowLongW
MessageBoxW
GetWindowThreadProcessId
ShowOwnedPopups
UnregisterClassW
PostQuitMessage
DrawEdge
CharUpperBuffW
GetComboBoxInfo
RegisterClipboardFormatW
GetActiveWindow
InsertMenuW
IsWindowEnabled
ShowScrollBar
FrameRect
GetWindowRgn
ReleaseDC
GetDC
GetDoubleClickTime
GetWindowTextW
EnumChildWindows
InvertRect
HideCaret
SetMenuDefaultItem
GetMenuDefaultItem
GetScrollPos
EnableScrollBar
UpdateLayeredWindow
GetMessageW
GetLastActivePopup
SetTimer
UpdateWindow
PtInRect
OffsetRect
InflateRect
DrawIconEx
GetParent
SetClassLongW
GetSysColorBrush
EqualRect
DeferWindowPos
PostMessageW
GetClassLongW
IsRectEmpty
GetWindowPlacement
ShowWindow
SetParent
GetClassNameW
DestroyIcon
RegisterWindowMessageW
BringWindowToTop
CopyIcon
ReleaseCapture
SetCapture
ClientToScreen
WindowFromPoint
SetCursorPos
MessageBeep
MapWindowPoints
LoadBitmapW
CopyRect
SubtractRect
DrawFrameControl
GetMenuItemInfoW
SetFocus
SetScrollRange
AdjustWindowRectEx
CountClipboardFormats
GetMenu
SetMenu
CheckMenuItem
GetMenuState
SetWindowTextW
CharUpperW
MapVirtualKeyW
ToUnicodeEx
GetKeyboardState
NotifyWinEvent
FillRect
GetIconInfo
CopyImage
LoadImageW
GetWindowLongW
CopyAcceleratorTableW
CreateAcceleratorTableW
DestroyCursor
IsClipboardFormatAvailable
GetDlgCtrlID
SetCursor
DrawFocusRect
GetNextDlgGroupItem
LoadIconW
TrackPopupMenu
IsChild
GetFocus
LoadCursorW
SetForegroundWindow
PeekMessageW
TranslateMessage
DispatchMessageW
WaitMessage
GetDesktopWindow
GetAsyncKeyState
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawStateW
GetCapture
LoadAcceleratorsW
TranslateAcceleratorW
GetSystemMetrics
DestroyMenu
LoadMenuW
GetClassInfoExW
GetSubMenu
PostThreadMessageW
GetClassInfoW
DefWindowProcW
GetWindow
GetMenuItemCount
GetMenuItemID
IsIconic
GetForegroundWindow
DrawIcon
GetMonitorInfoW
MonitorFromPoint
SystemParametersInfoW
ValidateRect
SetLayeredWindowAttributes
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetUpdateRect
UnionRect
SetWindowPos
LockWindowUpdate
GetKeyState
BeginDeferWindowPos
EndDeferWindowPos
AppendMenuW
CreatePopupMenu
IntersectRect
SetScrollPos
EnableMenuItem
GetNextDlgTabItem
GetSystemMenu
IsMenu
IsZoomed
ModifyMenuW
DeleteMenu
SetWindowRgn
DestroyAcceleratorTable
GetTopWindow
DestroyWindow
MonitorFromRect
EnumDisplayMonitors
GetSysColor
CreateWindowExW
RealChildWindowFromPoint
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
DefFrameProcW
GetWindowDC
GetMenuBarInfo
InsertMenuItemW
ReuseDDElParam
UnpackDDElParam
SendDlgItemMessageA
EndPaint
BeginPaint
MonitorFromWindow
ScrollWindow
GetScrollInfo
SetScrollInfo
GetScrollRange
WinHelpW
RegisterClassW
TrackPopupMenuEx
SetWindowPlacement

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegQueryValueW
RegSetValueW
GetFileSecurityW
SetFileSecurityW
IsTextUnicode
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW

ole32

GetHGlobalFromILockBytes
OleGetIconOfClass
WriteClassStm
CreateItemMoniker
OleSetMenuDescriptor
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
OleRun
CreateFileMoniker
CreateBindCtx
GetClassFile
OleRegGetUserType
OleGetClipboard
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
StgCreateDocfile
StgIsStorageFile
StgOpenStorage
CoGetMalloc
DoDragDrop
OleLoad
RegisterDragDrop
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleSave
CreateGenericComposite
IsAccelerator
OleTranslateAccelerator
GetRunningObjectTable
OleCreate
OleCreateLinkToFile
OleCreateFromFile
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSetContainedObject
StringFromCLSID
OleLockRunning
StgOpenStorageOnILockBytes
CLSIDFromString
CLSIDFromProgID
PropVariantCopy
CoInitializeEx
CoGetClassObject
StringFromGUID2
ReadFmtUserTypeStg
OleLoadFromStream
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
ReadClassStm
OleSaveToStream
CreateOleAdviseHolder
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
ReleaseStgMedium
CreateDataAdviseHolder
CreateDataCache
WriteClassStg
OleDuplicateData
WriteFmtUserTypeStg
SetConvertStg
CoTreatAsClass
CoRegisterMessageFilter
CoDisconnectObject
OleRegEnumVerbs
OleRegGetMiscStatus
OleDraw
ReadClassStg
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
PropVariantClear
CoTaskMemAlloc
CoCreateGuid
CoTaskMemFree
CoLockObjectExternal
CoCreateInstance

shell32

DragFinish
DragAcceptFiles
SHAddToRecentDocs
ExtractIconW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHAppBarMessage
DragQueryFileW

oleaut32

SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromCy
VarCyFromStr
SysAllocStringByteLen
SafeArrayRedim
SystemTimeToVariantTime
VarBstrFromDate
OleCreatePropertyFrame
OleTranslateColor
OleCreateFontIndirect
OleCreatePictureIndirect
OleLoadPicture
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
VariantInit
DispCallFunc
VarBstrCmp
SafeArrayUnlock
VariantCopy
SysReAllocStringLen
SafeArrayDestroy
SysStringByteLen
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantTimeToSystemTime
SafeArrayDestroyData
VarParseNumFromStr
SafeArrayCreateVector
VarBstrFromDec
VarDecFromStr
VarDateFromStr
SafeArrayDestroyDescriptor
SafeArrayCreate

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
PathFindExtensionW
StrFormatKBSizeW
UrlUnescapeW

wininet

HttpSendRequestExW
InternetFindNextFileW
GopherFindFirstFileW
InternetGetLastResponseInfoW
HttpQueryInfoW
FtpFindFirstFileW
InternetSetOptionW
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetQueryOptionW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetSetStatusCallbackW
InternetSetCookieW
InternetGetCookieW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
InternetQueryDataAvailable
InternetConnectW
FtpDeleteFileW
FtpRenameFileW
FtpCreateDirectoryW
FtpRemoveDirectoryW
FtpSetCurrentDirectoryW
GopherGetAttributeW
FtpOpenFileW
FtpCommandW
FtpPutFileW
FtpGetFileW
GopherCreateLocatorW
FtpGetCurrentDirectoryW
GopherOpenFileW
HttpOpenRequestW
InternetErrorDlg
HttpAddRequestHeadersW
HttpSendRequestW
HttpEndRequestW

ws2_32

WSAStartup
WSASetLastError
WSAGetLastError
getpeername
ntohs
inet_ntoa
getsockname
accept
WSACleanup
inet_addr
htons
bind
connect
sendto
recvfrom
socket
select
WSAAsyncSelect
send
recv
gethostbyname
closesocket
htonl

gdi32

CreateRectRgnIndirect
OffsetRgn
CreateDIBSection
Ellipse
SetPixel
GetBkColor
CreateFontIndirectW
GetDeviceCaps
GetTextCharsetInfo
EnumFontFamiliesW
CreatePen
CreatePatternBrush
CreateDIBitmap
SetPaletteEntries
StartPage
EndPage
EndDoc
GetCurrentObject
DeleteDC
PatBlt
CreateRectRgn
CombineRgn
GetBoundsRect
FillRgn
SetRectRgn
CreateRoundRectRgn
EnumFontFamiliesExW
CreateBitmap
SetBkColor
StretchBlt
SelectPalette
GetDIBits
SetDIBColorTable
Polyline
ExtTextOutW
CreateHatchBrush
CreateEllipticRgn
RoundRect
StretchDIBits
CreateFontW
GetCharWidthW
LPtoDP
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
GetViewportOrgEx
PtVisible
RectVisible
TextOutW
Escape
GetClipBox
GetTextAlign
GetCurrentPositionEx
MoveToEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetRgnBox
RestoreDC
GetROP2
GetBkMode
GetPolyFillMode
GetStretchBltMode
GetNearestColor
GetTextFaceW
GetWindowExtEx
GetViewportExtEx
SetTextColor
SetMapMode
SetWindowExtEx
ScaleWindowExtEx
GetWindowOrgEx
SetWindowOrgEx
IntersectClipRect
CreateDCW
SetBrushOrgEx
SetAbortProc
StartDocW
DPtoLP
AbortDoc
CopyMetaFileW
UnrealizeObject
SetBkMode
SetPolyFillMode
SetROP2
SetStretchBltMode
SetGraphicsMode
SetWorldTransform
ModifyWorldTransform
OffsetWindowOrgEx
SelectClipRgn
ExcludeClipRect
OffsetClipRgn
LineTo
SetTextAlign
SetTextJustification
SetTextCharacterExtra
SetMapperFlags
GetLayout
SetLayout
ArcTo
SetArcDirection
PolyDraw
PolylineTo
SetColorAdjustment
PolyBezierTo
SelectClipPath
GetClipRgn
ExtSelectClipRgn
PlayMetaFileRecord
PlayMetaFile
EnumMetaFile
ExtCreatePen
CreateDIBPatternBrushPt
GetMapMode
BitBlt
SetPixelV
FrameRgn
CreateCompatibleBitmap
PtInRegion
CreatePolygonRgn
GetPixel
GetSystemPaletteEntries
GetNearestPaletteIndex
RealizePalette
CreatePalette
GetPaletteEntries
GetStockObject
Rectangle
Polygon
GetTextColor
GetObjectType
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
CreateSolidBrush
GetTextExtentPoint32W
SaveDC
ExtFloodFill
GetTextMetricsW

gdiplus

GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDrawImageI
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdiplusShutdown
GdipGetImagePalette
GdipGetImagePaletteSize

msimg32

AlphaBlend
TransparentBlt

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

odbc32

ord110
ord3
ord111
ord18
ord13
ord61
ord5
ord16
ord9
ord14
ord15
ord176
ord145
ord139
ord23
ord2
ord4
ord72
ord49
ord48
ord20
ord117
ord59
ord108
ord44
ord138
ord119
ord12
ord68
ord43
ord141
ord1

crypt32

CryptProtectData
CryptUnprotectData

oledlg

OleUIConvertW
OleUIChangeIconW
OleUIEditLinksW
OleUIUpdateLinksW
OleUIPasteSpecialW
OleUIBusyW
OleUIObjectPropertiesW
OleUIChangeSourceW
OleUIAddVerbMenuW
OleUIInsertObjectW

urlmon

CreateAsyncBindCtx
IsAsyncMoniker
RegisterBindStatusCallback
CreateURLMoniker

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

kernel32

TerminateProcess
AreFileApisANSI
GlobalFlags
GlobalFindAtomW
GetSystemTime
LocalUnlock
LocalLock
GlobalGetAtomNameW
GetAtomNameW
SetEvent
CopyFileW
WaitForMultipleObjects
CreateEventW
ReleaseMutex
CreateMutexW
ReleaseSemaphore
CreateSemaphoreW
FormatMessageA
GetEnvironmentVariableA
GetEnvironmentVariableW
FormatMessageW
SetFileAttributesW
LocalFileTimeToFileTime
GetFileAttributesExW
GetFileSizeEx
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetShortPathNameW
GetStringTypeExW
GetThreadLocale
FindClose
FindFirstFileW
GetVolumeInformationW
MoveFileW
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
WriteFile
ReadFile
ResumeThread
SuspendThread
WaitForSingleObject
DuplicateHandle
GetCurrentProcess
GetProfileIntW
SystemTimeToFileTime
ReplaceFileW
SetFileTime
GetFullPathNameW
GetDiskFreeSpaceW
GetTempFileNameW
VirtualProtect
lstrcpyA
IsDBCSLeadByte
GetUserDefaultLCID
GetSystemTimeAsFileTime
FindResourceExW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GlobalAddAtomW
GetCurrentProcessId
SetErrorMode
GlobalDeleteAtom
lstrcmpA
WideCharToMultiByte
GetVersionExW
GetCurrentThread
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
SearchPathW
GlobalSize
GetFileAttributesW
GetFileSize
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsFree
TlsAlloc
LocalFree
LocalAlloc
SetThreadPriority
lstrcmpiW
GetWindowsDirectoryW
GetTickCount
GlobalFree
GetSystemDirectoryW
lstrcmpW
GetCurrentDirectoryW
Sleep
SetFilePointer
CreateFileW
GetTempPathW
CloseHandle
FreeLibrary
VerifyVersionInfoW
VerSetConditionMask
MulDiv
DeleteFileW
InitializeCriticalSection
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
MultiByteToWideChar
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
SetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
ExpandEnvironmentStringsA
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileTime

msvcr14x

abort
__std_terminate
_invalid_parameter_noinfo
_errno
_wcslwr_s
toupper
wcsnlen
_purecall
wmemcpy_s
__stdio_common_vswprintf_s
__stdio_common_vswprintf
wcschr
iswspace
wcsstr
free
malloc
_wtoi
_wcsupr_s
calloc
_wcsicmp
wcspbrk
wcsrchr
wcscspn
wcsspn
clock
_wsplitpath_s
wcscoll
_wcsicoll
wcsncmp
wcscpy_s
iswdigit
iswalpha
iswalnum
iswprint
towupper
towlower
_wtol
wcstoul
__stdio_common_vswscanf
wcscat_s
_localtime64_s
_endthread
_beginthread
_wcsdup
_wmakepath_s
_time64
wcstod
_resetstkoflw
_recalloc
__stdio_common_vsnwprintf_s
__p___argc
__p___wargv
_strnicmp
wcsncpy_s
_itow_s
_ltow_s
_wcsnicmp
strnlen
_mktime64
_mbscmp
wcstol
realloc
rand_s
__stdio_common_vsprintf_s
__CxxFrameHandler3
__stdio_common_vsprintf
_wfullpath
_get_osfhandle
_fileno
_open_osfhandle
_fdopen
__doserrno
fread
feof
ferror
clearerr_s
fwrite
fputws
fgetws
fseek
ftell
fflush
fclose
_mbsinc
_mbsicoll
_mbspbrk
_ismbcspace
_wcsrev
_mbsrchr
_mbscoll
_mbsspn
_mbsrev
memcpy
_mbslwr_s
_mbsupr_s
_mbschr
_mbscspn
_mbsicmp
_mbsstr
_ultow_s
_endthreadex
_beginthreadex
_msize
_expand
memset
memmove
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_except_handler4_common
terminate
__current_exception
__current_exception_context
_initterm
_initterm_e
__std_type_info_destroy_list
_CIatan2
_CIcos
_CIexp
_CIsin
_CIsqrt
_CxxThrowException
ceil
floor
memcmp
strcpy_s

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 568KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x86/RenderMaintainer.exe
.exe windows:5 windows x86

4f7dd818364793bbac406f4c0be9b7de

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyW

shlwapi

PathFindFileNameW
PathFindExtensionW

gdi32

DeleteObject
GetObjectW
CreateDIBSection
CreateCompatibleDC
DeleteDC
SelectObject
BitBlt
GetDeviceCaps

user32

GetActiveWindow
MessageBoxA
EnumWindows
GetUserObjectInformationW
GetProcessWindowStation
GetWindowRect
ShowWindowAsync
GetDesktopWindow
DrawIcon
GetClientRect
IsIconic
AppendMenuW
GetSystemMenu
MessageBoxW
SetWindowPos
SetDlgItemTextW
EndDialog
LoadIconW
EnableWindow
GetMonitorInfoW
PostMessageW
GetDC
MonitorFromWindow
SendMessageW
GetSystemMetrics
SetTimer
ReleaseDC
GetWindowThreadProcessId
GetLastActivePopup
GetClassNameW

mfc14xu

ord5760
ord5549
ord5249
ord12928
ord12219
ord12251
ord10433
ord8217
ord12247
ord12239
ord5918
ord3852
ord8000
ord12531
ord14466
ord7941
ord12947
ord4152
ord14595
ord7922
ord14589
ord2486
ord5357
ord8324
ord12865
ord8386
ord8470
ord2389
ord2385
ord458
ord7493
ord2753
ord14573
ord3874
ord2994
ord8745
ord4224
ord3189
ord6220
ord13756
ord3305
ord3302
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9131
ord12089
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord1722
ord1744
ord1770
ord1756
ord1777
ord5003
ord4948
ord5013
ord4997
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord12168
ord5790
ord6129
ord10255
ord6588
ord1002
ord2246
ord3697
ord2383
ord10472
ord4885
ord2335
ord3833
ord890
ord1391
ord11038
ord4886
ord4881
ord8817
ord2750
ord6531
ord9210
ord12172
ord9139
ord2760
ord13752
ord6218
ord3403
ord3404
ord11396
ord11015
ord9040
ord12131
ord5112
ord5118
ord12560
ord316
ord310
ord1046
ord995
ord13911
ord6349
ord14668
ord6350
ord14669
ord6348
ord14667
ord11983
ord11982
ord2034
ord4090
ord9398
ord12542
ord12541
ord296
ord1045
ord4815
ord12262
ord12258
ord4936
ord4966
ord4960
ord4954
ord4942
ord5019
ord4974
ord3372
ord3371
ord3265
ord2215
ord1523
ord2477
ord8464
ord1525
ord280
ord2458
ord12559
ord286
ord2996
ord14364
ord5921
ord285
ord3164
ord3009
ord5110
ord4834
ord278
ord12762
ord12884
ord8360
ord2409
ord5525
ord5763
ord5252
ord5411
ord5228
ord7722
ord7723
ord7712
ord5409
ord8219
ord10250
ord9209
ord6860
ord4589
ord2322
ord1179
ord1111
ord4092
ord2205
ord2303
ord2307
ord7997
ord1472
ord7653
ord10379
ord9350

kernel32

DeleteCriticalSection
Process32FirstW
DeleteFileW
TlsAlloc
OutputDebugStringW
Process32NextW
GetFileAttributesExW
FormatMessageW
CreateToolhelp32Snapshot
TlsGetValue
OpenThread
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
TlsSetValue
CreateDirectoryW
UnregisterWaitEx
GetLocalTime
SetEnvironmentVariableW
ProcessIdToSessionId
OpenProcess
GetFileSizeEx
GetExitCodeProcess
CreateProcessW
GetCommandLineW
GetProcessTimes
DeleteTimerQueueTimer
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
LocalFree
GetProcAddress
HeapAlloc
ResetEvent
LoadLibraryW
RaiseException
CloseHandle
WaitForSingleObjectEx
SetEvent
GetLastError
Sleep
GetExitCodeThread
MultiByteToWideChar
CreateEventW
GetSystemDirectoryW
ReleaseMutex
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
IsDebuggerPresent
GetStartupInfoW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
RegisterWaitForSingleObject
ReleaseSemaphore
GetCurrentProcess
EnterCriticalSection
SetLastError
HeapFree
CreateTimerQueueTimer

comctl32

InitCommonControlsEx

oleaut32

SystemTimeToVariantTime
VariantClear
VariantChangeType
GetErrorInfo
SysFreeString
VariantTimeToSystemTime

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
GdiplusShutdown

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

winsta

WinStationQueryInformationW

ntdll

RtlGetVersion
RtlSetHeapInformation
RtlCreateHeap
NtCreateKeyedEvent
NtQueryObject
RtlInterlockedPopEntrySList
RtlFreeHeap
RtlUpcaseUnicodeChar
RtlAllocateHeap
RtlRaiseStatus
RtlInitializeSListHead
RtlInterlockedPushEntrySList
NtDuplicateObject
NtClose
NtResumeProcess
NtSuspendProcess
NtQueryInformationJobObject
NtOpenProcess
NtQuerySystemInformationEx
NtQuerySystemInformation

msvcr14x

_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
_controlfp_s
__current_exception_context
__current_exception
terminate
_callnewh
_except_handler4_common
_crt_atexit
_register_onexit_function
_initialize_onexit_table
__p__commode
_set_new_mode
_configthreadlocale
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_fmode
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
__setusermatherr
_set_app_type
_seh_filter_exe
wcsncmp
fread
wcsncpy
exit
_resetstkoflw
malloc
_beginthreadex
getenv
__stdio_common_vswprintf
_recalloc
free
calloc
_wcsnicmp
fclose
fwrite
_wfopen
_errno
_invalid_parameter_noinfo
_localtime64_s
_time64
_wcsicmp
wcsrchr
__std_terminate
__CxxFrameHandler3
memcpy

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rdp/x86/ShadowBotRDP.exe
.exe windows:5 windows x86

1d0706a38de78fe4f3f2ebb7364273d9

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:a2:43:37:d3:43:8d:cf:7d:d1:8d:a2:0d:df:1c:9f
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

21/06/2022, 00:00

Not After

20/06/2024, 23:59

Subject

SERIALNUMBER=91330110MA2GKLF15T,CN=杭州分叉智能科技有限公司,O=杭州分叉智能科技有限公司,ST=浙江省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:a2:43:37:d3:43:8d:cf:7d:d1:8d:a2:0d:df:1c:9f
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

21/06/2022, 00:00

Not After

20/06/2024, 23:59

Subject

SERIALNUMBER=91330110MA2GKLF15T,CN=杭州分叉智能科技有限公司,O=杭州分叉智能科技有限公司,ST=浙江省,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:d7:85:4d:b9:a0:54:a2:57:e5:90:af:d5:9d:c1:b3:88:dd:e7:f0:68:11:9f:8f:90:77:55:13:85:3c:28:78
Signer

Actual PE Digest

55:d7:85:4d:b9:a0:54:a2:57:e5:90:af:d5:9d:c1:b3:88:dd:e7:f0:68:11:9f:8f:90:77:55:13:85:3c:28:78

Digest Algorithm

sha256

PE Digest Matches

true

24:e8:ae:5a:42:52:98:12:73:f9:c2:e2:8f:64:6e:e8:11:19:06:34
Signer

Actual PE Digest

24:e8:ae:5a:42:52:98:12:73:f9:c2:e2:8f:64:6e:e8:11:19:06:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc14xu

ord7450
ord14234
ord12172
ord9040
ord6531
ord9210
ord3265
ord2760
ord8817
ord6218
ord3164
ord3403
ord3404
ord11396
ord11015
ord12131
ord5110
ord11038
ord1391
ord890
ord3833
ord2335
ord2477
ord2458
ord5289
ord10472
ord2996
ord2256
ord3697
ord2246
ord2215
ord458
ord8470
ord8386
ord12865
ord8324
ord5357
ord2486
ord12541
ord12542
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11982
ord11983
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord3852
ord5918
ord12239
ord12247
ord8217
ord10433
ord12251
ord12219
ord12928
ord5763
ord10250
ord6860
ord4589
ord1111
ord4092
ord13911
ord2205
ord7997
ord1472
ord995
ord7653
ord10379
ord8464
ord1525
ord1045
ord286
ord296
ord12559
ord4834
ord265
ord4885
ord4815
ord7493
ord4886
ord2750
ord266
ord6220
ord13756
ord3305
ord1513
ord3302
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord14137
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13703
ord5935
ord2682
ord12124
ord3941
ord3372
ord3371
ord12168
ord5249
ord5549
ord5760
ord9350
ord5525
ord5790
ord5252
ord5411
ord5228
ord6129
ord7722
ord7723
ord7712
ord5409
ord8219
ord10255
ord9209
ord7441
ord1476
ord1002
ord1511
ord3296
ord13752
ord2409

kernel32

IsDebuggerPresent
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadProcessMemory
ResumeThread
GetCommandLineW
ProcessIdToSessionId
GetExitCodeProcess
lstrcmpiA
lstrcpynA
DeleteCriticalSection
LoadLibraryA
OutputDebugStringW
FormatMessageW
OpenProcess
lstrcmpA
lstrcpynW
GetStartupInfoW
GetSystemTimeAsFileTime
FreeLibrary
GetModuleHandleW
GetCurrentProcessId
LocalFree
GetProcAddress
LoadLibraryW
GetLastError
Sleep
CreateEventW
GetModuleHandleA
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
LocalAlloc
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
VirtualFree
SetLastError
VirtualProtect
CloseHandle

user32

DefWindowProcW
IsIconic
SetForegroundWindow
GetProcessWindowStation
GetClientRect
GetUserObjectInformationW
GetClassNameW
MessageBoxA
BringWindowToTop
ShowWindowAsync
IsZoomed
DrawIcon
CallWindowProcW
AppendMenuW
GetSystemMenu
LoadIconW
GetLastActivePopup
GetWindow
GetWindowRect
SendMessageW
GetSystemMetrics
EnableWindow
SetWindowLongW
PostQuitMessage
MessageBoxW
GetActiveWindow

advapi32

LookupAccountSidW
OpenProcessToken
RegOpenKeyW
GetTokenInformation
RegCloseKey
RegQueryValueExW

shell32

CommandLineToArgvW

comctl32

InitCommonControlsEx

shlwapi

PathRemoveExtensionA
PathFindFileNameW
PathUnquoteSpacesW

ole32

CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantClear

winsta

WinStationQueryInformationW

msvcr14x

_wtoi
__stdio_common_vswscanf
exit
wcsrchr
__std_terminate
__CxxFrameHandler3
strncpy
wcschr
wcsncpy
_wgetenv
_stricmp
free
strchr
strncat
wcsncmp
_wtol
__stdio_common_vswprintf_s
memset
_seh_filter_exe
_set_app_type
__setusermatherr
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_set_fmode
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_configthreadlocale
_set_new_mode
__p__commode
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_except_handler4_common
terminate
__current_exception
__current_exception_context
_controlfp_s
_CxxThrowException
memcpy

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pcode0
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rdp/x86/ShadowBotRDP_Win7Helper.dll
.dll windows:6 windows x86

21484b35f4163f37f93c048112c409d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
SetLastError
GetModuleFileNameW
GetTickCount
SleepEx
DisableThreadLibraryCalls
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
CloseHandle
GetModuleHandleW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionEx
GetLastError
OpenProcess
GetCurrentProcessId
QueryPerformanceCounter
GetProcAddress
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent

advapi32

SetTokenInformation
CreateProcessAsUserW
LookupPrivilegeValueW
SetThreadToken
AdjustTokenPrivileges
CloseServiceHandle
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DuplicateTokenEx
IsWellKnownSid
GetTokenInformation
OpenProcessToken

ole32

CoInitializeEx
CoGetObject
CoUninitialize

shlwapi

PathFindFileNameW

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW
WTSEnumerateSessionsW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

msvcr14x

__CxxFrameHandler3
__std_terminate
free
_invalid_parameter_noinfo
_errno
_wcsicmp
_wcsnicmp
memmove
memset
memcpy
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 172KB - Virtual size: 172KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

bc869d882755376c81b17b229a3fc736

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

oleaut32

advapi32

msvcr14x

msvcp14x

Sections

.text Size: 97KB - Virtual size: 97KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

79a1158798fb666625f740926535a969

Headers

DLL Characteristics

File Characteristics

Imports

uxtheme

winspool.drv

user32

advapi32

ole32

shell32

oleaut32

shlwapi

wininet

ws2_32

gdi32

gdiplus

msimg32

imm32

winmm

odbc32

crypt32

oledlg

urlmon

oleacc

kernel32

msvcr14x

Sections

.text Size: 2.7MB - Virtual size: 2.7MB

.rdata Size: 882KB - Virtual size: 881KB

.data Size: 52KB - Virtual size: 77KB

.pdata Size: 142KB - Virtual size: 141KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 92KB - Virtual size: 91KB

970a1b6fa4f52d56e993dbe67ba4a4ea

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shlwapi

gdi32

user32

mfc14xu

kernel32

comctl32

.text
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 97KB - Virtual size: 97KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2.7MB - Virtual size: 2.7MB

.rdata
Size: 882KB - Virtual size: 881KB

.data
Size: 52KB - Virtual size: 77KB

.pdata
Size: 142KB - Virtual size: 141KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 92KB - Virtual size: 91KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 2KB - Virtual size: 1KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e6:a2:43:37:d3:43:8d:cf:7d:d1:8d:a2:0d:df:1c:9f
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

e6:a2:43:37:d3:43:8d:cf:7d:d1:8d:a2:0d:df:1c:9f
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

fe:7d:10:90:70:f2:73:9e:2e:39:b4:89:21:77:17:53:30:61:d9:76:a8:3b:6b:cc:0e:6d:46:05:89:ac:74:ae
Signer

c1:2b:ea:5a:fa:bd:f1:ae:15:d7:39:02:e0:10:3e:06:79:da:c1:3d
Signer

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.pcode0
Size: 5.0MB - Virtual size: 5.0MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 69KB - Virtual size: 69KB