dca710d1a0ba14a54229b5d88b46def4a7db4bf55ec0c898d600099a569b8552

Sharing

Copy URL

Twitter E-mail

General

Target

dca710d1a0ba14a54229b5d88b46def4a7db4bf55ec0c898d600099a569b8552
Size

13.2MB
MD5

5873326470c04668d4f8cce81ceb3d80
SHA1

b44adfee47b2083e40296ebc0cfbdfab51031927
SHA256

dca710d1a0ba14a54229b5d88b46def4a7db4bf55ec0c898d600099a569b8552
SHA512

c480abf66d27f05d38055d0dbe914235d174de13ec55ce0f3497f4c01fc409d2de9c7ca1399998768df802e29870a2c70ec506c6e6933d4a1fff809260f87d9d
SSDEEP

393216:0JZjLiIymO5hR6cnxgxqhMDJPJPF6cCxPZDgiIpJQFx:gBymSh3gxl3PFtCxtIQx

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/x86/NetchCore.dll	acprotect
static1/unpack001/x86/nfapinet.dll	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Privoxy.exe	upx
static1/unpack001/x64/nfapinet.dll	upx
static1/unpack001/x86/NetchCore.dll	upx
static1/unpack001/x86/nfapinet.dll	upx

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Privoxy.exe
unpack002/out.upx
unpack001/x64/NTT.exe
unpack001/x64/NetchCore.dll
unpack001/x64/ShadowsocksR.exe
unpack001/x64/ck-client.exe
unpack001/x64/dns2tcp.exe
unpack001/x64/nfapi.dll
unpack001/x64/nfapinet.dll
unpack001/x64/sysproxy.dll
unpack001/x64/tap-driver/tap0901.sys
unpack001/x64/tap-driver/tapinstall.exe
unpack001/x64/tun2socks.exe
unpack001/x86/NTT.exe
unpack001/x86/NetchCore.dll
unpack001/x86/ShadowsocksR.exe
unpack001/x86/ck-client.exe
unpack001/x86/dns2tcp.exe
unpack001/x86/nfapi.dll
unpack001/x86/nfapinet.dll
unpack001/x86/sysproxy.dll
unpack001/x86/tap-driver/tapinstall.exe
unpack001/x86/tun2socks.exe

Files

dca710d1a0ba14a54229b5d88b46def4a7db4bf55ec0c898d600099a569b8552
.zip
Privoxy.exe
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 320KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

Argc
Argv
CanSystemSupportServices
CreateTrayWindow
EditFile
InitLogWindow
InitWin32
LogPutString
LogShowActivity
OnLogCommand
OnLogInitMenu
OnLogRButtonUp
OnLogTimer
ShowLogWindow
TermLogWindow
TrayAddIcon
TrayDeleteIcon
TraySetIcon
WinMain@16
__mon_yday
__pth_gpointer_locked
__pthread_clock_nanosleep
__pthread_shallcancel
__xl_f
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_setnobreak
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
accept_connection
acl_addr
actions_to_html
actions_to_line_of_text
actions_to_text
add_help_link
add_loader
add_to_iob
adler32
adler32_combine
adler32_combine64
adler32_z
alloc_http_response
any_loaded_file_changed
bRunAsService
bind_port
bindup
block_acl
block_url
buf_free
cgi_default
cgi_edit_actions
cgi_edit_actions_add_url
cgi_edit_actions_add_url_form
cgi_edit_actions_for_url
cgi_edit_actions_list
cgi_edit_actions_remove_url
cgi_edit_actions_remove_url_form
cgi_edit_actions_section_add
cgi_edit_actions_section_remove
cgi_edit_actions_section_swap
cgi_edit_actions_submit
cgi_edit_actions_url
cgi_edit_actions_url_form
cgi_error_404
cgi_error_bad_param
cgi_error_disabled
cgi_error_file
cgi_error_file_read_only
cgi_error_memory
cgi_error_modified
cgi_error_no_template
cgi_error_parse
cgi_error_unknown
cgi_init_error_messages
cgi_redirect
cgi_robots_txt
cgi_send_banner
cgi_send_default_favicon
cgi_send_error_favicon
cgi_send_stylesheet
cgi_send_url_info_osd
cgi_send_user_manual
cgi_show_client_tags
cgi_show_request
cgi_show_status
cgi_show_url_info
cgi_toggle
cgi_toggle_client_tag
cgi_transparent_image
check_file_changed
check_negative_tag_patterns
chomp
clear_iob
client_has_requested_tag
client_tag_match
client_tags_mutex
client_transfer_encoding
clients
close_socket
close_unusable_connections
compile_dynamic_pcrs_job_list
cond_print
cond_print_set
configfile
connect_port_is_forbidden
connect_to
connection_destination_matches
connection_reuse_mutex
content_filters_enabled
content_requires_filtering
copy_action
crc32
crc32_combine
crc32_combine64
crc32_z
create_pattern_spec
current_action_to_html
daemon_mode
data_is_available
debug_level_is_enabled
decompress_iob
default_exports
destroy_list
direct_response
disable_client_specific_tag
disable_logging
dispatch_cgi
do_sema_b_wait_intern
drain_and_close_socket
dump_map
edit_free_file
edit_parse_actions_file
edit_read_actions_file
edit_read_file
edit_read_line
edit_write_file
enable_client_specific_tag
enlist
enlist_first
enlist_unique
enlist_unique_header
error_response
execute_content_filters
files
filters_available
finish_http_response
flush_iob
forget_connection
forward_url
forwarded_connect
free_action
free_action_spec
free_alias_list
free_csp_resources
free_current_action
free_http_request
free_http_response
free_map
free_pattern_spec
g_bCloseHidesWindow
g_bHighlightMessages
g_bLimitBufferSize
g_bLogMessages
g_bShowActivityAnimation
g_bShowLogWindow
g_bShowOnTaskBar
g_default_actions_file
g_default_filterfile
g_hInstance
g_hiconApp
g_hwndLogFrame
g_nCmdShow
g_nFontSize
g_nMaxBufferLines
g_szFontFaceName
g_trustfile
g_user_actions_file
g_user_filterfile
gai_strerrorA
gai_strerrorW
get_action_token
get_actions
get_char_param
get_crc_table
get_destination_from_headers
get_expected_content_length
get_filter
get_header
get_header_value
get_host_information
get_http_time
get_last_url
get_next_tag_timeout_for_client
get_number_param
get_string_param
get_tag_list_for_client
get_url_actions
gif_deanimate
global_toggle_state
gmtime_mutex
hash_string
html_encode
html_encode_and_free_original
image_blank_data
image_blank_length
image_pattern_data
image_pattern_length
inflate
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
inflate_copyright
inflate_fast
inflate_table
init_action
init_current_action
init_domain_components
init_error_log
init_list
init_log_module
initialize_reusable_connections
install_service
is_imageurl
is_untrusted_url
jb_err_to_string
list_append_list_unique
list_contains_item
list_duplicate
list_is_empty
list_remove_all
list_remove_item
list_remove_list
list_to_text
load_action_files
load_config
load_re_filterfiles
load_trustfile
localtime_mutex
log_error
log_init_mutex
log_mutex
lookup
make_menu
make_path
malloc_or_die
map
map_block_keep
map_block_killer
map_conditional
mark_connection_closed
match_portlist
merge_actions
merge_current_action
nanosleep
new_map
parse_forwarder_address
parse_http_request
parse_http_url
pcre_compile
pcre_copy_substring
pcre_exec
pcre_free
pcre_free_substring
pcre_free_substring_list
pcre_fullinfo
pcre_get_substring
pcre_get_substring_list
pcre_info
pcre_maketables
pcre_malloc
pcre_study
pcre_version
pcrs_compile
pcrs_compile_command
pcrs_compile_dynamic_command
pcrs_execute
pcrs_execute_list
pcrs_execute_single_command
pcrs_free_job
pcrs_free_joblist
pcrs_get_delimiter
pcrs_job_is_dynamic
pcrs_strerror
percent_encode_url
pick_from_range
privoxy_millisleep
privoxy_mutex_lock
privoxy_mutex_unlock
privoxy_strlcat
privoxy_strlcpy
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_delay_np_ms
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
rand_mutex
read_config_line
read_socket
real_main
redirect_url
regcomp
regerror
regexec
regfree
remember_connection
requested_tags
resolve_hostname_to_ip
resolver_mutex
rewrite_url
run_loader
rwl_print
rwl_print_set
save_connection_destination
sed
set_client_address
set_debug_level
show_version
simple_read_line
socket_is_still_alive
ssplit
strclean
strcmpic
strdup_or_die
string_append
string_join
string_move
string_toupper
strncmpic
strptime
sweep
szThisServiceName
template_fill
template_fill_for_cgi
template_load
thread_print
thread_print_set
timegm
trust_url
uninstall_service
unload_actions_file
unload_forward_spec
unmap
update_action_bits_for_tag
update_server_headers
url_decode
url_encode
url_match
url_requires_percent_encoding
urls_read
urls_rejected
w32ServiceDispatchTable
w32_close_service_handle
w32_create_service
w32_delete_service
w32_open_sc_manager
w32_open_service
w32_query_service_config
w32_register_service_ctrl_handler
w32_service_exit_notify
w32_service_listen_loop
w32_set_service_cwd
w32_set_service_status
w32_start_service_ctrl_dispatcher
win32_blurb
write_socket
write_socket_delayed
xtoi
zError
z_errmsg
zalloc
zalloc_or_die
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

.text
Size: 272KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
default.acl
default.conf
x64/NTT.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/NetchCore.dll
.dll windows:6 windows x64

0d6d5ccb6e23035a00d7f1488cce2876

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr

iphlpapi

DeleteIpForwardEntry2
CreateIpForwardEntry2
SetIpForwardEntry2

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_cexit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_narrow_environment

kernel32

GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
RtlVirtualUnwind
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess

Exports

Exports

ChangeRoute
CreateRoute
DeleteRoute

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/ShadowsocksR.exe
.exe windows:4 windows x64

5ef55f47a0ed40a7f8947818d4f3f247

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
SystemFunction036

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
CancelIoEx
CloseHandle
ConvertFiberToThread
ConvertThreadToFiber
CreateEventA
CreateFiber
CreateIoCompletionPort
CreateSemaphoreA
DeleteCriticalSection
DeleteFiber
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTickCount64
GetVersion
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSRWLock
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleMode
SetEvent
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SwitchToFiber
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__C_specific_handler
__argv
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_dup2
_endthreadex
_errno
_exit
_fileno
_fmode
_gmtime64
_initterm
_isctype
_localtime64
_onexit
_open
_setjmp
_setmode
_stat64
_strdup
_strdup
_stricmp
_strnicmp
_time64
_ultoa
_vsnprintf
_vsnwprintf
_wfopen
_write
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
islower
isspace
isupper
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putchar
puts
qsort
raise
rand
realloc
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
vfprintf
wcscpy
wcsstr
wcstombs

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

ws2_32

WSAAddressToStringA
WSACleanup
WSAEnumProtocolsW
WSAGetLastError
WSAIoctl
WSARecv
WSASend
WSASetLastError
WSASocketW
WSAStartup
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
recvfrom
send
sendto
setsockopt
socket

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 581KB - Virtual size: 581KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x64/Win-10.sys
.sys windows:6 windows x64

c089b867a4b799a2ece4dca0900e084b

Code Sign

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-06-2019 18:34

Not After

03-06-2020 18:34

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:00:95:80:ed:e9:c6:15:25:87:11:28:3e:1d:bc:d2:ce:3c:82:17:3e:83:b5:8a:0c:a8:55:28:3f:e7:53:8a
Signer

Actual PE Digest

f7:00:95:80:ed:e9:c6:15:25:87:11:28:3e:1d:bc:d2:ce:3c:82:17:3e:83:b5:8a:0c:a8:55:28:3f:e7:53:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

fwpkclnt.sys

FwpmFreeMemory0
FwpmEngineOpen0
FwpmEngineClose0
FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmProviderAdd0
FwpmProviderContextDeleteByKey0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerCreateEnumHandle0
FwpmSubLayerEnum0
FwpmSubLayerDestroyEnumHandle0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsFlowAbort0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsRedirectHandleCreate0
FwpsFreeNetBufferList0
FwpsFreeCloneNetBufferList0
FwpsInjectNetworkSendAsync0
FwpsConstructIpHeaderForTransportPacket0
FwpsInjectTransportSendAsync0
FwpsInjectTransportReceiveAsync0
FwpsInjectNetworkReceiveAsync0
FwpsStreamInjectAsync0
FwpsCopyStreamDataToBuffer0
FwpmBfeStateGet0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0
FwpsFlowRemoveContext0
FwpsCompleteClassify0
FwpsRedirectHandleDestroy0
FwpsCloneStreamData0
FwpsDiscardClonedStreamData0
FwpsQueryPacketInjectionState0
FwpsApplyModifiedLayerData0
FwpsAcquireWritableLayerDataPointer0
FwpsReleaseClassifyHandle0
FwpsAcquireClassifyHandle0
FwpsFlowAssociateContext0
FwpsCalloutUnregisterByKey0
FwpsCalloutRegister1
FwpsPendClassify0
FwpsAllocateNetBufferAndNetBufferList0

ndis.sys

NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisWaitEvent
NdisInitializeEvent
NdisFreeGenericObject
NdisAllocateGenericObject
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart

ntoskrnl.exe

KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExUuidCreate
swprintf_s
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
__C_specific_handler
SeExports
RtlGetVersion
RtlCompareMemory
RtlValidSid

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Win-7.sys
.sys windows:6 windows x64

22602cf9c9696e7b40d9844e9d493520

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:e7:3b:07:6f:69:a2:8f:f5:45:c4:ef
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20-06-2019 08:29

Not After

20-09-2022 08:29

Subject

SERIALNUMBER=313237333200048,CN=Sidorov Vitaly Viktorovich IP,O=Sidorov Vitaly Viktorovich IP,STREET=117A Lunacharskogo Ul.,L=Novotitarovskaya,ST=Krasnodar Krai,C=RU,1.3.6.1.4.1.311.60.2.1.2=#130e4b7261736e6f646172204b726169,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

89:99:ae:10:6d:da:bd:32:5e:20:1b:8d:c4:f5:8d:86:3f:93:04:b6:f9:29:90:ff:e7:60:6a:17:48:fe:a0:4f
Signer

Actual PE Digest

89:99:ae:10:6d:da:bd:32:5e:20:1b:8d:c4:f5:8d:86:3f:93:04:b6:f9:29:90:ff:e7:60:6a:17:48:fe:a0:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
ExUuidCreate
swprintf_s
RtlCreateSecurityDescriptor
RtlLengthSid
IoAllocateMdl
ObOpenObjectByPointer
IoReleaseCancelSpinLock
IoCreateDevice
MmFreePagesFromMdl
ObfDereferenceObject
PsGetCurrentProcessId
IoCreateSymbolicLink
SeExports
ZwSetSecurityObject
KeWaitForSingleObject
ObReferenceObjectByHandle
ZwSetInformationThread
IofCompleteRequest
PsTerminateSystemThread
ZwQueryValueKey
MmMapLockedPagesSpecifyCache
PsCreateSystemThread
RtlAddAccessAllowedAce
MmBuildMdlForNonPagedPool
MmAllocatePagesForMdl
KeInitializeEvent
RtlAppendUnicodeToString
MmGetSystemRoutineAddress
KeSetEvent
IoDeleteDevice
RtlSetDaclSecurityDescriptor
PsLookupProcessByProcessId
RtlCreateAcl
IoDeleteSymbolicLink
MmUnmapLockedPages
RtlCompareMemory
RtlValidSid
ExDeleteNPagedLookasideList
ExQueryDepthSList
IoFreeMdl
ExpInterlockedPopEntrySList
KeAcquireInStackQueuedSpinLock
ExpInterlockedPushEntrySList
KeReleaseInStackQueuedSpinLock
ExInitializeNPagedLookasideList
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwOpenKey
ZwClose
RtlInitUnicodeString
__C_specific_handler

fwpkclnt.sys

FwpsFlowAssociateContext0
FwpsCalloutUnregisterByKey0
FwpmSubLayerAdd0
FwpsQueryPacketInjectionState0
FwpmSubLayerDeleteByKey0
FwpmSubLayerEnum0
FwpmTransactionCommit0
FwpmSubLayerCreateEnumHandle0
FwpmSubLayerDestroyEnumHandle0
FwpmProviderContextDeleteByKey0
FwpmCalloutAdd0
FwpmProviderAdd0
FwpmTransactionAbort0
FwpmEngineOpen0
FwpsAcquireClassifyHandle0
FwpmFilterAdd0
FwpsPendClassify0
FwpsCalloutRegister1
FwpmTransactionBegin0
FwpmEngineClose0
FwpmFreeMemory0
FwpsAcquireWritableLayerDataPointer0
FwpsApplyModifiedLayerData0
FwpsInjectNetworkReceiveAsync0
FwpsFreeCloneNetBufferList0
FwpsInjectionHandleDestroy0
FwpsConstructIpHeaderForTransportPacket0
FwpsAllocateNetBufferAndNetBufferList0
FwpsInjectionHandleCreate0
FwpsInjectTransportReceiveAsync0
FwpsInjectNetworkSendAsync0
FwpsCopyStreamDataToBuffer0
FwpsInjectTransportSendAsync0
FwpsFlowRemoveContext0
FwpsCloneStreamData0
FwpsCompleteClassify0
FwpsStreamInjectAsync0
FwpsReleaseClassifyHandle0
FwpsDiscardClonedStreamData0
FwpsFreeNetBufferList0
FwpmBfeStateUnsubscribeChanges0
FwpmBfeStateGet0
FwpmBfeStateSubscribeChanges0

ndis.sys

NdisAllocateGenericObject
NdisWaitEvent
NdisAllocateNetBufferListPool
NdisInitializeEvent
NdisFreeGenericObject
NdisFreeNetBufferListPool
NdisGetDataBuffer
NdisRetreatNetBufferDataStart
NdisAdvanceNetBufferDataStart

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/Win-8.sys
.sys windows:6 windows x64

c089b867a4b799a2ece4dca0900e084b

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:e7:3b:07:6f:69:a2:8f:f5:45:c4:ef
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20-06-2019 08:29

Not After

20-09-2022 08:29

Subject

SERIALNUMBER=313237333200048,CN=Sidorov Vitaly Viktorovich IP,O=Sidorov Vitaly Viktorovich IP,STREET=117A Lunacharskogo Ul.,L=Novotitarovskaya,ST=Krasnodar Krai,C=RU,1.3.6.1.4.1.311.60.2.1.2=#130e4b7261736e6f646172204b726169,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:00:95:80:ed:e9:c6:15:25:87:11:28:3e:1d:bc:d2:ce:3c:82:17:3e:83:b5:8a:0c:a8:55:28:3f:e7:53:8a
Signer

Actual PE Digest

f7:00:95:80:ed:e9:c6:15:25:87:11:28:3e:1d:bc:d2:ce:3c:82:17:3e:83:b5:8a:0c:a8:55:28:3f:e7:53:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

fwpkclnt.sys

FwpmFreeMemory0
FwpmEngineOpen0
FwpmEngineClose0
FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmProviderAdd0
FwpmProviderContextDeleteByKey0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerCreateEnumHandle0
FwpmSubLayerEnum0
FwpmSubLayerDestroyEnumHandle0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsFlowAbort0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsRedirectHandleCreate0
FwpsFreeNetBufferList0
FwpsFreeCloneNetBufferList0
FwpsInjectNetworkSendAsync0
FwpsConstructIpHeaderForTransportPacket0
FwpsInjectTransportSendAsync0
FwpsInjectTransportReceiveAsync0
FwpsInjectNetworkReceiveAsync0
FwpsStreamInjectAsync0
FwpsCopyStreamDataToBuffer0
FwpmBfeStateGet0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0
FwpsFlowRemoveContext0
FwpsCompleteClassify0
FwpsRedirectHandleDestroy0
FwpsCloneStreamData0
FwpsDiscardClonedStreamData0
FwpsQueryPacketInjectionState0
FwpsApplyModifiedLayerData0
FwpsAcquireWritableLayerDataPointer0
FwpsReleaseClassifyHandle0
FwpsAcquireClassifyHandle0
FwpsFlowAssociateContext0
FwpsCalloutUnregisterByKey0
FwpsCalloutRegister1
FwpsPendClassify0
FwpsAllocateNetBufferAndNetBufferList0

ndis.sys

NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisWaitEvent
NdisInitializeEvent
NdisFreeGenericObject
NdisAllocateGenericObject
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart

ntoskrnl.exe

KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExUuidCreate
swprintf_s
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
__C_specific_handler
SeExports
RtlGetVersion
RtlCompareMemory
RtlValidSid

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/ck-client.exe
.exe windows:6 windows x64

f0070935b15a909b9dc00be7997e6112

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 258KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 914B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_MEM_READ
x64/dns2tcp.exe
.exe windows:4 windows x64

4c29cdb5454b7c93470bd2a417089a8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
FreeSid
GetSecurityInfo
GetUserNameW
OpenProcessToken
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclA
SetSecurityInfo

iphlpapi

GetAdaptersAddresses

kernel32

AssignProcessToJobObject
CancelIo
CancelIoEx
CancelSynchronousIo
CloseHandle
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateSymbolicLinkW
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetNamedPipeHandleStateA
GetNativeSystemInfo
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetVersionExW
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
PeekNamedPipe
PostQueuedCompletionStatus
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
ReOpenFile
ReadConsoleInputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
RegisterWaitForSingleObject
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileCompletionNotificationModes
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleW
WriteFile

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__argv
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_close
_errno
_fmode
_get_osfhandle
_initterm
_localtime64
_lock
_lseeki64
_onexit
_open_osfhandle
_read
_snwprintf
_time64
_umask
_unlock
_wchmod
_wcsdup
_wcsnicmp
_wcsrev
_wmkdir
_write
_wrmdir
abort
atoi
calloc
exit
fprintf
fputc
free
fwrite
getenv
localeconv
malloc
memcpy
memset
printf
puts
qsort
realloc
setvbuf
signal
strchr
strcpy
strerror
strlen
strncmp
strtol
vfprintf
wcschr
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcstombs

psapi

GetProcessMemoryInfo

user32

DispatchMessageA
GetMessageA
GetSystemMetrics
MapVirtualKeyW
TranslateMessage

userenv

GetUserProfileDirectoryW

ws2_32

WSADuplicateSocketW
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
inet_ntop
inet_pton

wsock32

WSAGetLastError
WSASetLastError
WSAStartup
bind
closesocket
connect
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
select
setsockopt
shutdown
socket

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x64/nfapi.dll
.dll windows:6 windows x64

5728c90b74457950666147b0a19f4364

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GetCurrentProcessId
OpenProcess
CancelIo
GetTickCount
GetModuleHandleA
GetProcAddress
WaitForMultipleObjects
CreateFileA
GetVersionExA
DeviceIoControl
GetOverlappedResult
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetDriveTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapFree
HeapAlloc
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineA
GetProcessHeap
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
HeapSize
Sleep
IsDebuggerPresent
GetCurrentThread
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
FatalAppExitA
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
CreateFileW

advapi32

QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceW
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
StartServiceA

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Exports

Exports

?nf_addBindingRule@nfapi@@YA?AW4_NF_STATUS@@PEFAU_NF_BINDING_RULE@1@H@Z
?nf_addFlowCtl@nfapi@@YA?AW4_NF_STATUS@@PEFAU_NF_FLOWCTL_DATA@1@PEAI@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PEFAU_NF_RULE@1@H@Z
?nf_addRuleEx@nfapi@@YA?AW4_NF_STATUS@@PEFAU_NF_RULE_EX@1@H@Z
?nf_adjustProcessPriviledges@nfapi@@YAXXZ
?nf_completeTCPConnectRequest@nfapi@@YA?AW4_NF_STATUS@@_KPEFAU_NF_TCP_CONN_INFO@1@@Z
?nf_completeUDPConnectRequest@nfapi@@YA?AW4_NF_STATUS@@_KPEFAU_NF_UDP_CONN_REQUEST@1@@Z
?nf_deleteBindingRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_deleteFlowCtl@nfapi@@YA?AW4_NF_STATUS@@I@Z
?nf_deleteRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_free@nfapi@@YAXXZ
?nf_getConnCount@nfapi@@YAKXZ
?nf_getDriverType@nfapi@@YAKXZ
?nf_getFlowCtlStat@nfapi@@YA?AW4_NF_STATUS@@IPEFAU_NF_FLOWCTL_STAT@1@@Z
?nf_getProcessNameA@nfapi@@YAHKPEADK@Z
?nf_getProcessNameFromKernel@nfapi@@YAHKPEA_WK@Z
?nf_getProcessNameW@nfapi@@YAHKPEA_WK@Z
?nf_getTCPConnInfo@nfapi@@YA?AW4_NF_STATUS@@_KPEFAU_NF_TCP_CONN_INFO@1@@Z
?nf_getTCPStat@nfapi@@YA?AW4_NF_STATUS@@_KPEFAU_NF_FLOWCTL_STAT@1@@Z
?nf_getUDPConnInfo@nfapi@@YA?AW4_NF_STATUS@@_KPEFAU_NF_UDP_CONN_INFO@1@@Z
?nf_getUDPStat@nfapi@@YA?AW4_NF_STATUS@@_KPEFAU_NF_FLOWCTL_STAT@1@@Z
?nf_init@nfapi@@YA?AW4_NF_STATUS@@PEBDPEAVNF_EventHandler@1@@Z
?nf_ipPostReceive@nfapi@@YA?AW4_NF_STATUS@@PEBDHPEAU_NF_IP_PACKET_OPTIONS@1@@Z
?nf_ipPostSend@nfapi@@YA?AW4_NF_STATUS@@PEBDHPEAU_NF_IP_PACKET_OPTIONS@1@@Z
?nf_modifyFlowCtl@nfapi@@YA?AW4_NF_STATUS@@IPEFAU_NF_FLOWCTL_DATA@1@@Z
?nf_registerDriver@nfapi@@YA?AW4_NF_STATUS@@PEBD@Z
?nf_registerDriverEx@nfapi@@YA?AW4_NF_STATUS@@PEBD0@Z
?nf_setIPEventHandler@nfapi@@YAXPEAVNF_IPEventHandler@1@@Z
?nf_setOptions@nfapi@@YAXKK@Z
?nf_setRules@nfapi@@YA?AW4_NF_STATUS@@PEFAU_NF_RULE@1@H@Z
?nf_setRulesEx@nfapi@@YA?AW4_NF_STATUS@@PEFAU_NF_RULE_EX@1@H@Z
?nf_setTCPFlowCtl@nfapi@@YA?AW4_NF_STATUS@@_KI@Z
?nf_setTCPTimeout@nfapi@@YAKK@Z
?nf_setUDPFlowCtl@nfapi@@YA?AW4_NF_STATUS@@_KI@Z
?nf_tcpClose@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_tcpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_tcpIsProxy@nfapi@@YAHK@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPEBDH@Z
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPEBDH@Z
?nf_tcpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_tcpSetSockOpt@nfapi@@YA?AW4_NF_STATUS@@_KHPEBDH@Z
?nf_udpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPEBEPEBDHPEFAU_NF_UDP_OPTIONS@1@@Z
?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPEBEPEBDHPEFAU_NF_UDP_OPTIONS@1@@Z
?nf_udpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_unRegisterDriver@nfapi@@YA?AW4_NF_STATUS@@PEBD@Z

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/nfapinet.dll
.dll windows:4 windows x64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

nf_addBindingRule
nf_addFlowCtl
nf_addRule
nf_addRuleEx
nf_adjustProcessPriviledges
nf_completeTCPConnectRequest
nf_completeUDPConnectRequest
nf_deleteBindingRules
nf_deleteFlowCtl
nf_deleteRules
nf_free
nf_getConnCount
nf_getDriverType
nf_getFlowCtlStat
nf_getProcessNameA
nf_getProcessNameFromKernel
nf_getProcessNameW
nf_getTCPConnInfo
nf_getTCPStat
nf_getUDPConnInfo
nf_getUDPStat
nf_init
nf_ipPostReceive
nf_ipPostSend
nf_modifyFlowCtl
nf_registerDriver
nf_registerDriverEx
nf_setIPEventHandler
nf_setOptions
nf_setRules
nf_setRulesEx
nf_setTCPFlowCtl
nf_setTCPTimeout
nf_setUDPFlowCtl
nf_tcpClose
nf_tcpDisableFiltering
nf_tcpIsProxy
nf_tcpPostReceive
nf_tcpPostSend
nf_tcpSetConnectionState
nf_tcpSetSockOpt
nf_udpDisableFiltering
nf_udpPostReceive
nf_udpPostSend
nf_udpSetConnectionState
nf_unRegisterDriver

Sections

UPX0
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x64/sysproxy.dll
.dll windows:6 windows x64

dd84a1f65d5ceac7d7c9cdf7a7c591c2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wininet

InternetSetOptionW

rasapi32

RasEnumEntriesW

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
HeapAlloc
GetProcessHeap
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext

vcruntime140

__C_specific_handler
memset
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

free
calloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table
_initialize_narrow_environment

Exports

Exports

SetDIRECT
SetGlobal
SetURL

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/tap-driver/OemVista.inf
x64/tap-driver/OemWin2k.inf
x64/tap-driver/install.bat
x64/tap-driver/tap0901.cat
x64/tap-driver/tap0901.sys
.sys windows:6 windows x64

a13cebc938af36dab20cc614c6fb7e94

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
IoCsqInitialize
IoCsqRemoveNextIrp
IoCsqInsertIrp
MmMapLockedPagesSpecifyCache
IofCompleteRequest
RtlAppendUnicodeStringToString
_vsnprintf
KeAcquireSpinLockRaiseToDpc
RtlFreeAnsiString
KeReleaseSpinLock
RtlUnicodeStringToAnsiString
__C_specific_handler

ndis.sys

NdisCloseConfiguration
NdisAllocateMemoryWithTag
NdisMSendNetBufferListsComplete
NdisAllocateNetBufferAndNetBufferList
NdisSetEvent
NdisAllocateMdl
NdisMIndicateReceiveNetBufferLists
NdisFreeMdl
NdisFreeNetBufferList
NdisRegisterDeviceEx
NdisMIndicateStatusEx
NdisDeregisterDeviceEx
NdisMSetMiniportAttributes
NdisOpenConfigurationEx
NdisReadConfiguration
NdisMRegisterMiniportDriver
NdisMDeregisterMiniportDriver
NdisInitializeReadWriteLock
NdisFreeNetBufferListPool
NdisAllocateMemoryWithTagPriority
NdisInitializeEvent
NdisAcquireReadWriteLock
NdisResetEvent
NdisReleaseReadWriteLock
NdisFreeMemory
NdisAllocateNetBufferListPool
NdisWaitEvent
NdisGetSystemUpTimeEx
NdisGetDataBuffer

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/tap-driver/tapinstall.exe
.exe windows:6 windows x64

4dedaf984510c806d325f29e45ab7ae3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LocalFree
FormatMessageW
FileTimeToSystemTime
GetCurrentProcess
CreateFileW
SetFilePointerEx
HeapReAlloc
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
GetWindowsDirectoryW
GetLastError
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
GetDateFormatW
FindClose
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetConsoleCtrlHandler
GetProcessHeap
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
OutputDebugStringW
OutputDebugStringA
SetStdHandle
GetStringTypeW
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetCurrentThread
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteConsoleW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection

user32

CharNextW
LoadStringW

advapi32

RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegSetValueExW
RegDeleteValueW
RegCloseKey
InitiateSystemShutdownExW

ole32

CLSIDFromString

setupapi

CM_Get_Next_Res_Des_Ex
CM_Get_Res_Des_Data_Ex
CM_Get_First_Log_Conf_Ex
CM_Free_Res_Des_Handle
CM_Free_Log_Conf_Handle
SetupDiGetDriverInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiOpenDevRegKey
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupScanFileQueueW
SetupCloseFileQueue
SetupOpenFileQueue
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoListExW
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Get_DevNode_Status_Ex
CM_Get_Device_ID_ExW
CM_Disconnect_Machine
CM_Connect_MachineW
SetupDiClassGuidsFromNameExW
SetupDiClassNameFromGuidExW
SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiOpenClassRegKeyExW
SetupDiCallClassInstaller
SetupDiGetClassDescriptionExW
SetupDiBuildClassInfoListExW
SetupDiGetINFClassW
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoW
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoList
SetupCopyOEMInfW
CM_Get_Res_Des_Data_Size_Ex

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/tun2socks.exe
.exe windows:6 windows x64

ad4c63f24ec3ca95074247b2321f7b45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextA
CryptGenRandom

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_fmode
_initterm
_onexit
_vsnprintf
abort
atoi
calloc
exit
fflush
fprintf
free
fwrite
islower
isspace
isxdigit
malloc
memcpy
memmove
printf
signal
strlen
strncmp
vfprintf
vprintf

Exports

Exports

_cgo_dummy_export
output
tcpAcceptFn
tcpErrFn
tcpPollFn
tcpRecvFn
tcpSentFn
udpRecvFn

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 764KB - Virtual size: 763KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 578KB - Virtual size: 578KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/vcruntime140.dll
.dll windows:6 windows x64

33da3684eb6a5f91c8d92da28927c116

Code Sign

33:00:00:00:70:f4:18:bf:23:21:fc:50:9d:00:00:00:00:00:70
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-04-2014 17:39

Not After

22-07-2015 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-10-2014 18:11

Not After

01-01-2016 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:50:06:6d:30:78:06:26:39:68:71:df:46:48:ab:c5:b1:0d:1d:ad:9c:8f:58:ea:fd:81:c5:d2:8f:b0:32:df
Signer

Actual PE Digest

23:50:06:6d:30:78:06:26:39:68:71:df:46:48:ab:c5:b1:0d:1d:ad:9c:8f:58:ea:fd:81:c5:d2:8f:b0:32:df

Digest Algorithm

sha256

PE Digest Matches

true

ba:81:52:5d:b2:c7:b9:71:a2:86:90:c1:f3:64:1c:a0:a0:41:39:f0
Signer

Actual PE Digest

ba:81:52:5d:b2:c7:b9:71:a2:86:90:c1:f3:64:1c:a0:a0:41:39:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

abort
terminate

api-ms-win-crt-heap-l1-1-0

_free_base
malloc
free
_calloc_base
_malloc_base

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-convert-l1-1-0

atol

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

advapi32

SystemFunction036

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
IsProcessorFeaturePresent
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
GetModuleHandleW
GetModuleFileNameW
GetSystemTimeAsFileTime
LeaveCriticalSection
RtlUnwindEx
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
DeleteCriticalSection
SetLastError
GetLastError
InitializeCriticalSectionAndSpinCount
GetProcAddress
TlsAlloc
TlsGetValue
FreeLibrary
LoadLibraryExW
TlsSetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/NTT.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/NetchCore.dll
.dll windows:6 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ChangeRoute
CreateRoute
DeleteRoute

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x86/ShadowsocksR.exe
.exe windows:4 windows x86

1257db8a1194c81cdde776ac1755a53e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW
SystemFunction036

kernel32

AddVectoredExceptionHandler
CloseHandle
ConvertFiberToThread
ConvertThreadToFiber
CreateEventA
CreateFiber
CreateSemaphoreA
DeleteCriticalSection
DeleteFiber
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileType
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount64
GetTickCount
GetVersion
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleMode
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SwitchToFiber
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualLock
VirtualProtect
VirtualQuery
VirtualUnlock
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__getmainargs
__initenv
__lconv_init
__p___argv
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_dup2
_endthreadex
_errno
_exit
_fileno
_gmtime64
_initterm
_iob
_isctype
_onexit
_open
_setjmp3
_setmode
_snwprintf
_stat64
_stati64
_strdup
_strdup
_stricmp
_strnicmp
_time64
_ultoa
_vsnprintf
_vsnwprintf
_wfopen
_write
abort
atoi
calloc
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
islower
isspace
isupper
localtime
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
putchar
puts
qsort
raise
rand
realloc
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
time
vfprintf
wcscpy
wcsstr
wcstombs

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

ws2_32

WSAAddressToStringA
WSACleanup
WSAGetLastError
WSARecv
WSASend
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x86/Win-10.sys
.sys windows:6 windows x86

4401fcece3b0aafae4e2821e56096c23

Code Sign

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05-06-2019 18:34

Not After

03-06-2020 18:34

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:7f:7a:5b:67:29:fd:a3:54:72:e4:c4:88:92:c2:9a:8e:a0:ca:a8:de:ab:a7:79:fb:4a:b6:72:b4:af:61:6a
Signer

Actual PE Digest

31:7f:7a:5b:67:29:fd:a3:54:72:e4:c4:88:92:c2:9a:8e:a0:ca:a8:de:ab:a7:79:fb:4a:b6:72:b4:af:61:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fwpkclnt.sys

FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmProviderAdd0
FwpmProviderContextDeleteByKey0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerCreateEnumHandle0
FwpmSubLayerEnum0
FwpmSubLayerDestroyEnumHandle0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsFlowAbort0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsAllocateNetBufferAndNetBufferList0
FwpsFreeNetBufferList0
FwpmTransactionBegin0
FwpsInjectNetworkSendAsync0
FwpsConstructIpHeaderForTransportPacket0
FwpsInjectTransportSendAsync0
FwpsInjectTransportReceiveAsync0
FwpsInjectNetworkReceiveAsync0
FwpsStreamInjectAsync0
FwpsCopyStreamDataToBuffer0
FwpmBfeStateGet0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0
FwpsFlowRemoveContext0
FwpsCompleteClassify0
FwpsRedirectHandleDestroy0
FwpsCloneStreamData0
FwpsDiscardClonedStreamData0
FwpmEngineClose0
FwpmEngineOpen0
FwpmFreeMemory0
FwpsRedirectHandleCreate0
FwpsQueryPacketInjectionState0
FwpsApplyModifiedLayerData0
FwpsAcquireWritableLayerDataPointer0
FwpsReleaseClassifyHandle0
FwpsFlowAssociateContext0
FwpsAcquireClassifyHandle0
FwpsCalloutUnregisterByKey0
FwpsCalloutRegister1
FwpsPendClassify0
FwpsFreeCloneNetBufferList0

ndis.sys

NdisAllocateNetBufferListPool
NdisWaitEvent
NdisInitializeEvent
NdisFreeGenericObject
NdisAllocateGenericObject
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisFreeNetBufferListPool

ntoskrnl.exe

memset
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePoolWithTag
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
memcmp
SeExports
RtlGetVersion
KeQuerySystemTime
_allmul
_aulldiv
_aullrem
RtlCompareMemory
RtlValidSid
RtlUnwind
memcpy
ExUuidCreate
ExAllocatePoolWithTag
swprintf_s

hal

KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
KeAcquireInStackQueuedSpinLock

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/Win-7.sys
.sys windows:6 windows x86

57038502f0601ba9f99e8f3d4355bb56

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:e7:3b:07:6f:69:a2:8f:f5:45:c4:ef
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20-06-2019 08:29

Not After

20-09-2022 08:29

Subject

SERIALNUMBER=313237333200048,CN=Sidorov Vitaly Viktorovich IP,O=Sidorov Vitaly Viktorovich IP,STREET=117A Lunacharskogo Ul.,L=Novotitarovskaya,ST=Krasnodar Krai,C=RU,1.3.6.1.4.1.311.60.2.1.2=#130e4b7261736e6f646172204b726169,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:06:4a:f0:da:90:ea:29:c4:92:42:c9:c9:cd:00:58:bd:19:e2:7b:8b:5c:ba:e9:a6:13:9b:23:b5:80:a6:95
Signer

Actual PE Digest

90:06:4a:f0:da:90:ea:29:c4:92:42:c9:c9:cd:00:58:bd:19:e2:7b:8b:5c:ba:e9:a6:13:9b:23:b5:80:a6:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memcpy
RtlValidSid
IoFreeMdl
RtlUnwind
KeBugCheckEx
RtlCompareMemory
KeTickCount
_allmul
_aulldiv
KeQuerySystemTime
ExUuidCreate
swprintf_s
KeInitializeEvent
PsCreateSystemThread
ZwSetInformationThread
ObReferenceObjectByHandle
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
PsTerminateSystemThread
MmGetSystemRoutineAddress
PsLookupProcessByProcessId
IoAllocateMdl
MmBuildMdlForNonPagedPool
IoReleaseCancelSpinLock
PsGetCurrentProcessId
IofCompleteRequest
IoDeleteSymbolicLink
IoDeleteDevice
KeWaitForSingleObject
ObfDereferenceObject
MmAllocatePagesForMdl
MmMapLockedPagesSpecifyCache
MmFreePagesFromMdl
MmUnmapLockedPages
KeSetEvent
ObOpenObjectByPointer
RtlLengthSid
SeExports
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
ZwSetSecurityObject
ZwQueryValueKey
ExDeleteNPagedLookasideList
ExInitializeNPagedLookasideList
InterlockedPushEntrySList
InterlockedPopEntrySList
_aullrem
ExFreePoolWithTag
memset
ExAllocatePoolWithTag
RtlInitUnicodeString
ZwOpenKey
ZwClose

hal

KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
KeAcquireInStackQueuedSpinLock

fwpkclnt.sys

FwpsStreamInjectAsync0
FwpmEngineOpen0
FwpmProviderAdd0
FwpmSubLayerDeleteByKey0
FwpmProviderContextDeleteByKey0
FwpsAcquireClassifyHandle0
FwpsQueryPacketInjectionState0
FwpsFlowAssociateContext0
FwpmSubLayerAdd0
FwpmSubLayerCreateEnumHandle0
FwpmFreeMemory0
FwpmSubLayerEnum0
FwpmSubLayerDestroyEnumHandle0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpsCalloutRegister1
FwpsCalloutUnregisterByKey0
FwpsPendClassify0
FwpsInjectionHandleCreate0
FwpsCopyStreamDataToBuffer0
FwpsInjectNetworkReceiveAsync0
FwpsAcquireWritableLayerDataPointer0
FwpsApplyModifiedLayerData0
FwpsAllocateNetBufferAndNetBufferList0
FwpsInjectTransportSendAsync0
FwpsConstructIpHeaderForTransportPacket0
FwpsInjectNetworkSendAsync0
FwpsInjectTransportReceiveAsync0
FwpsFreeCloneNetBufferList0
FwpsInjectionHandleDestroy0
FwpsFlowRemoveContext0
FwpsCloneStreamData0
FwpsCompleteClassify0
FwpsReleaseClassifyHandle0
FwpsDiscardClonedStreamData0
FwpsFreeNetBufferList0
FwpmBfeStateGet0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0

ndis.sys

NdisFreeGenericObject
NdisInitializeEvent
NdisFreeNetBufferListPool
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisAllocateNetBufferListPool
NdisAllocateGenericObject
NdisWaitEvent

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/Win-8.sys
.sys windows:6 windows x86

4401fcece3b0aafae4e2821e56096c23

Code Sign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:e7:3b:07:6f:69:a2:8f:f5:45:c4:ef
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20-06-2019 08:29

Not After

20-09-2022 08:29

Subject

SERIALNUMBER=313237333200048,CN=Sidorov Vitaly Viktorovich IP,O=Sidorov Vitaly Viktorovich IP,STREET=117A Lunacharskogo Ul.,L=Novotitarovskaya,ST=Krasnodar Krai,C=RU,1.3.6.1.4.1.311.60.2.1.2=#130e4b7261736e6f646172204b726169,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2018 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:7f:7a:5b:67:29:fd:a3:54:72:e4:c4:88:92:c2:9a:8e:a0:ca:a8:de:ab:a7:79:fb:4a:b6:72:b4:af:61:6a
Signer

Actual PE Digest

31:7f:7a:5b:67:29:fd:a3:54:72:e4:c4:88:92:c2:9a:8e:a0:ca:a8:de:ab:a7:79:fb:4a:b6:72:b4:af:61:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

fwpkclnt.sys

FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmProviderAdd0
FwpmProviderContextDeleteByKey0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmSubLayerCreateEnumHandle0
FwpmSubLayerEnum0
FwpmSubLayerDestroyEnumHandle0
FwpmCalloutAdd0
FwpmFilterAdd0
FwpsFlowAbort0
FwpsInjectionHandleCreate0
FwpsInjectionHandleDestroy0
FwpsAllocateNetBufferAndNetBufferList0
FwpsFreeNetBufferList0
FwpmTransactionBegin0
FwpsInjectNetworkSendAsync0
FwpsConstructIpHeaderForTransportPacket0
FwpsInjectTransportSendAsync0
FwpsInjectTransportReceiveAsync0
FwpsInjectNetworkReceiveAsync0
FwpsStreamInjectAsync0
FwpsCopyStreamDataToBuffer0
FwpmBfeStateGet0
FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0
FwpsFlowRemoveContext0
FwpsCompleteClassify0
FwpsRedirectHandleDestroy0
FwpsCloneStreamData0
FwpsDiscardClonedStreamData0
FwpmEngineClose0
FwpmEngineOpen0
FwpmFreeMemory0
FwpsRedirectHandleCreate0
FwpsQueryPacketInjectionState0
FwpsApplyModifiedLayerData0
FwpsAcquireWritableLayerDataPointer0
FwpsReleaseClassifyHandle0
FwpsFlowAssociateContext0
FwpsAcquireClassifyHandle0
FwpsCalloutUnregisterByKey0
FwpsCalloutRegister1
FwpsPendClassify0
FwpsFreeCloneNetBufferList0

ndis.sys

NdisAllocateNetBufferListPool
NdisWaitEvent
NdisInitializeEvent
NdisFreeGenericObject
NdisAllocateGenericObject
NdisGetDataBuffer
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisFreeNetBufferListPool

ntoskrnl.exe

memset
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePoolWithTag
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
memcmp
SeExports
RtlGetVersion
KeQuerySystemTime
_allmul
_aulldiv
_aullrem
RtlCompareMemory
RtlValidSid
RtlUnwind
memcpy
ExUuidCreate
ExAllocatePoolWithTag
swprintf_s

hal

KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql
KeAcquireInStackQueuedSpinLock

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/ck-client.exe
.exe windows:6 windows x86

f0070935b15a909b9dc00be7997e6112

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 233KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 786B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 465KB - Virtual size: 464KB

IMAGE_SCN_MEM_READ
x86/dns2tcp.exe
.exe windows:4 windows x86

69684637db83663cace772318ec01d14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
FreeSid
GetSecurityInfo
GetUserNameW
OpenProcessToken
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclA
SetSecurityInfo

iphlpapi

GetAdaptersAddresses

kernel32

AssignProcessToJobObject
CancelIo
CancelIoEx
CancelSynchronousIo
CloseHandle
ConnectNamedPipe
CopyFileW
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateHardLinkW
CreateIoCompletionPort
CreateJobObjectW
CreateNamedPipeA
CreateNamedPipeW
CreateProcessW
CreateSemaphoreA
CreateSemaphoreW
CreateSymbolicLinkW
CreateToolhelp32Snapshot
DebugBreak
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetConsoleCursorInfo
GetConsoleMode
GetConsoleScreenBufferInfo
GetConsoleTitleW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetLastError
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNamedPipeHandleStateA
GetNativeSystemInfo
GetNumberOfConsoleInputEvents
GetPriorityClass
GetProcAddress
GetProcessIoCounters
GetProcessTimes
GetQueuedCompletionStatus
GetQueuedCompletionStatusEx
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTickCount
GetVersionExW
GlobalMemoryStatusEx
InitializeConditionVariable
InitializeCriticalSection
IsDBCSLeadByteEx
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LocalFree
MapViewOfFile
MoveFileExW
MultiByteToWideChar
OpenProcess
PeekNamedPipe
PostQueuedCompletionStatus
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserWorkItem
ReOpenFile
ReadConsoleInputW
ReadConsoleW
ReadDirectoryChangesW
ReadFile
RegisterWaitForSingleObject
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetConsoleTitleW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileCompletionNotificationModes
SetFilePointerEx
SetFileTime
SetHandleInformation
SetInformationJobObject
SetLastError
SetNamedPipeHandleState
SetPriorityClass
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SwitchToThread
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnmapViewOfFile
UnregisterWait
UnregisterWaitEx
VerSetConditionMask
VerifyVersionInfoA
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleInputW
WriteConsoleW
WriteFile

msvcrt

__doserrno
__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p___argv
__p__acmdln
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_beginthreadex
_cexit
_close
_close
_errno
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_onexit
_open_osfhandle
_read
_snwprintf
_unlock
_umask
_wchmod
_wcsdup
_wcsnicmp
_wcsrev
_wmkdir
_write
_wrmdir
abort
atoi
calloc
exit
fprintf
fputc
free
fwrite
getenv
localtime
localeconv
malloc
memcpy
memset
printf
puts
qsort
realloc
setlocale
setvbuf
signal
strchr
strcpy
strerror
strlen
strncmp
strtol
time
vfprintf
wcschr
wcscpy
wcslen
wcsncmp
wcsncpy
wcspbrk
wcsrchr
wcstombs

psapi

GetProcessMemoryInfo

user32

DispatchMessageA
GetMessageA
GetSystemMetrics
MapVirtualKeyW
TranslateMessage

userenv

GetUserProfileDirectoryW

ws2_32

WSADuplicateSocketW
WSAIoctl
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
inet_ntop
inet_pton

wsock32

WSAGetLastError
WSASetLastError
WSAStartup
bind
closesocket
connect
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
select
setsockopt
shutdown
socket

Sections

.text
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x86/nfapi.dll
.dll windows:6 windows x86

144166113ab4a5e253b0d586d0c21c38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
GetCurrentProcessId
OpenProcess
CancelIo
GetTickCount
GetModuleHandleA
GetProcAddress
WaitForMultipleObjects
CreateFileA
GetVersionExA
DeviceIoControl
GetOverlappedResult
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
GetDriveTypeW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemInfo
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapFree
HeapAlloc
EncodePointer
DecodePointer
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
RaiseException
RtlUnwind
GetCommandLineA
GetProcessHeap
InterlockedDecrement
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
HeapSize
Sleep
IsDebuggerPresent
InterlockedIncrement
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
FatalAppExitA
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
LoadLibraryW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW
CreateFileW

advapi32

QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceW
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
StartServiceA

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Exports

Exports

?nf_addBindingRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_BINDING_RULE@1@H@Z
?nf_addFlowCtl@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_FLOWCTL_DATA@1@PAI@Z
?nf_addRule@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_addRuleEx@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE_EX@1@H@Z
?nf_adjustProcessPriviledges@nfapi@@YAXXZ
?nf_completeTCPConnectRequest@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_TCP_CONN_INFO@1@@Z
?nf_completeUDPConnectRequest@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_UDP_CONN_REQUEST@1@@Z
?nf_deleteBindingRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_deleteFlowCtl@nfapi@@YA?AW4_NF_STATUS@@I@Z
?nf_deleteRules@nfapi@@YA?AW4_NF_STATUS@@XZ
?nf_free@nfapi@@YAXXZ
?nf_getConnCount@nfapi@@YAKXZ
?nf_getDriverType@nfapi@@YAKXZ
?nf_getFlowCtlStat@nfapi@@YA?AW4_NF_STATUS@@IPAU_NF_FLOWCTL_STAT@1@@Z
?nf_getProcessNameA@nfapi@@YAHKPADK@Z
?nf_getProcessNameFromKernel@nfapi@@YAHKPA_WK@Z
?nf_getProcessNameW@nfapi@@YAHKPA_WK@Z
?nf_getTCPConnInfo@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_TCP_CONN_INFO@1@@Z
?nf_getTCPStat@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_FLOWCTL_STAT@1@@Z
?nf_getUDPConnInfo@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_UDP_CONN_INFO@1@@Z
?nf_getUDPStat@nfapi@@YA?AW4_NF_STATUS@@_KPAU_NF_FLOWCTL_STAT@1@@Z
?nf_init@nfapi@@YA?AW4_NF_STATUS@@PBDPAVNF_EventHandler@1@@Z
?nf_ipPostReceive@nfapi@@YA?AW4_NF_STATUS@@PBDHPAU_NF_IP_PACKET_OPTIONS@1@@Z
?nf_ipPostSend@nfapi@@YA?AW4_NF_STATUS@@PBDHPAU_NF_IP_PACKET_OPTIONS@1@@Z
?nf_modifyFlowCtl@nfapi@@YA?AW4_NF_STATUS@@IPAU_NF_FLOWCTL_DATA@1@@Z
?nf_registerDriver@nfapi@@YA?AW4_NF_STATUS@@PBD@Z
?nf_registerDriverEx@nfapi@@YA?AW4_NF_STATUS@@PBD0@Z
?nf_setIPEventHandler@nfapi@@YAXPAVNF_IPEventHandler@1@@Z
?nf_setOptions@nfapi@@YAXKK@Z
?nf_setRules@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE@1@H@Z
?nf_setRulesEx@nfapi@@YA?AW4_NF_STATUS@@PAU_NF_RULE_EX@1@H@Z
?nf_setTCPFlowCtl@nfapi@@YA?AW4_NF_STATUS@@_KI@Z
?nf_setTCPTimeout@nfapi@@YAKK@Z
?nf_setUDPFlowCtl@nfapi@@YA?AW4_NF_STATUS@@_KI@Z
?nf_tcpClose@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_tcpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_tcpIsProxy@nfapi@@YAHK@Z
?nf_tcpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_tcpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBDH@Z
?nf_tcpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_tcpSetSockOpt@nfapi@@YA?AW4_NF_STATUS@@_KHPBDH@Z
?nf_udpDisableFiltering@nfapi@@YA?AW4_NF_STATUS@@_K@Z
?nf_udpPostReceive@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_udpPostSend@nfapi@@YA?AW4_NF_STATUS@@_KPBEPBDHPAU_NF_UDP_OPTIONS@1@@Z
?nf_udpSetConnectionState@nfapi@@YA?AW4_NF_STATUS@@_KH@Z
?nf_unRegisterDriver@nfapi@@YA?AW4_NF_STATUS@@PBD@Z

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/nfapinet.dll
.dll windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

nf_addBindingRule
nf_addFlowCtl
nf_addRule
nf_addRuleEx
nf_adjustProcessPriviledges
nf_completeTCPConnectRequest
nf_completeUDPConnectRequest
nf_deleteBindingRules
nf_deleteFlowCtl
nf_deleteRules
nf_free
nf_getConnCount
nf_getDriverType
nf_getFlowCtlStat
nf_getProcessNameA
nf_getProcessNameFromKernel
nf_getProcessNameW
nf_getTCPConnInfo
nf_getTCPStat
nf_getUDPConnInfo
nf_getUDPStat
nf_init
nf_ipPostReceive
nf_ipPostSend
nf_modifyFlowCtl
nf_registerDriver
nf_registerDriverEx
nf_setIPEventHandler
nf_setOptions
nf_setRules
nf_setRulesEx
nf_setTCPFlowCtl
nf_setTCPTimeout
nf_setUDPFlowCtl
nf_tcpClose
nf_tcpDisableFiltering
nf_tcpIsProxy
nf_tcpPostReceive
nf_tcpPostSend
nf_tcpSetConnectionState
nf_tcpSetSockOpt
nf_udpDisableFiltering
nf_udpPostReceive
nf_udpPostSend
nf_udpSetConnectionState
nf_unRegisterDriver

Sections

UPX0
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 55KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x86/sysproxy.dll
.dll windows:6 windows x86

3e750b1e26bc83ed2cd466b6890b8e71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetSetOptionW

rasapi32

RasEnumEntriesW

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead

vcruntime140

__std_type_info_destroy_list
memset
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

free
calloc

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_onexit_table

Exports

Exports

SetDIRECT
SetGlobal
SetURL

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/tap-driver/OemWin2k.inf
x86/tap-driver/install.bat
x86/tap-driver/tap0901.cat
x86/tap-driver/tap0901.sys
.sys windows:6 windows x86

7bc0e747b3ccfdebdacc897735028b04

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:9f:ed:ed:cb:79:5b:8d:ed:32:0c:89:19:f0:36:89
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

21-05-2013 00:00

Not After

04-06-2014 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:58:7a:a4:bc:eb:8d:a5:61:ca:0c:5b:ca:96:4f:b2
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-08-2013 00:00

Not After

02-09-2016 12:00

Subject

CN=OpenVPN Technologies\, Inc.,O=OpenVPN Technologies\, Inc.,L=Pleasanton,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:03:12:b3:2a:4f:df:48:c0:cc:8f:e1:86:58:a2:d0:73:7c:c2:03
Signer

Actual PE Digest

6e:03:12:b3:2a:4f:df:48:c0:cc:8f:e1:86:58:a2:d0:73:7c:c2:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

RtlFreeAnsiString
memcpy
KeRemoveQueueDpc
KeBugCheckEx
KeTickCount
RtlUnicodeStringToAnsiString
RtlAnsiStringToUnicodeString
KeInitializeDpc
MmMapLockedPagesSpecifyCache
MmMapLockedPages
RtlCreateSecurityDescriptor
ZwOpenFile
ZwSetSecurityObject
ZwClose
KeInsertQueueDpc
IoReleaseCancelSpinLock
IofCompleteRequest
memset
RtlFreeUnicodeString
RtlUnwind
RtlUnicodeToMultiByteN

hal

KfAcquireSpinLock
KfReleaseSpinLock
KeGetCurrentIrql

ndis.sys

NdisMRegisterMiniport
NdisTerminateWrapper
NdisMRegisterUnloadHandler
NdisMSetAttributesEx
NdisMRegisterAdapterShutdownHandler
NdisOpenConfiguration
NdisReadConfiguration
NdisCloseConfiguration
NdisMRegisterDevice
NdisMIndicateStatus
NdisMIndicateStatusComplete
NdisMDeregisterDevice
NdisMDeregisterAdapterShutdownHandler
NdisMSleep
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisInitializeWrapper

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 896B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/tap-driver/tapinstall.exe
.exe windows:5 windows x86

85b7d4dcb4b574dd1bbe4544947006ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
LocalFree
FileTimeToSystemTime
FormatMessageW
CreateFileW
WriteConsoleW
GetCurrentProcess
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
GetLastError
GetFileAttributesW
FindClose
FindNextFileW
GetFullPathNameW
GetDateFormatW
FindFirstFileW
SetFilePointerEx
HeapReAlloc
HeapSize
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetStdHandle
GetStringTypeW
GetFileType
LCMapStringW
CompareStringW
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
DecodePointer
TlsFree
TlsSetValue
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue

user32

CharNextW
LoadStringW

advapi32

AdjustTokenPrivileges
OpenProcessToken
InitiateSystemShutdownExW
RegQueryValueExW
RegCloseKey
CloseServiceHandle
OpenSCManagerW
RegSetValueExW
RegDeleteValueW
OpenServiceW
LookupPrivilegeValueW

ole32

CLSIDFromString

setupapi

SetupDiGetDriverInstallParamsW
SetupFindFirstLineW
SetupDiSetDeviceInstallParamsW
CM_Free_Res_Des_Handle
SetupOpenInfFileW
SetupGetStringFieldW
SetupDiBuildDriverInfoList
CM_Get_Res_Des_Data_Size_Ex
SetupDiGetDriverInfoDetailW
CM_Get_First_Log_Conf_Ex
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupCloseFileQueue
SetupDiDestroyDriverInfoList
SetupDiOpenDevRegKey
CM_Get_Res_Des_Data_Ex
SetupCloseInfFile
CM_Get_Next_Res_Des_Ex
SetupOpenFileQueue
SetupScanFileQueueW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoListExW
SetupDiClassNameFromGuidExW
SetupCopyOEMInfW
SetupDiOpenClassRegKeyExW
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Connect_MachineW
SetupDiCallClassInstaller
SetupDiGetDeviceInfoListDetailW
SetupDiSetClassInstallParamsW
SetupDiGetClassDevsExW
SetupDiGetDeviceInstallParamsW
CM_Locate_DevNode_ExW
CM_Disconnect_Machine
CM_Get_Device_ID_ExW
CM_Reenumerate_DevNode_Ex
SetupDiSetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameExW
CM_Get_DevNode_Status_Ex
SetupDiBuildClassInfoListExW
SetupDiGetClassDescriptionExW
SetupDiCreateDeviceInfoW
SetupDiDestroyDeviceInfoList
CM_Free_Log_Conf_Handle

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/tun2socks.exe
.exe windows:4 windows x86

a41f14dddbaa9ffbfbc83cb5eedd765e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatus
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SwitchToThread
TerminateProcess
TlsAlloc
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WriteConsoleW
WriteFile

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_cexit
_errno
_fmode
_initterm
_iob
_lock
_onexit
calloc
exit
fflush
fprintf
free
fwrite
islower
isspace
isxdigit
malloc
memcpy
memmove
memset
printf
signal
strlen
strncmp
_unlock
abort
atoi
vfprintf
vprintf
_vsnprintf

winmm

timeBeginPeriod
timeEndPeriod

ws2_32

WSAGetOverlappedResult

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
x86/vcruntime140.dll
.dll windows:6 windows x86

bce6cb8176b668cdcb2d40cc40633f64

Code Sign

33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

20-03-2015 17:32

Not After

20-06-2016 17:32

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-04-2014 17:39

Not After

22-07-2015 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:38:8d:23:6d:16:27:a3:26:e0:00:00:00:00:00:38
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-10-2014 18:11

Not After

01-01-2016 18:11

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:19:8e:59:f2:48:ad:cf:a3:aa:50:66:db:33:01:36:70:33:75:22:84:51:89:97:53:3c:47:05:85:6a:32:38
Signer

Actual PE Digest

2b:19:8e:59:f2:48:ad:cf:a3:aa:50:66:db:33:01:36:70:33:75:22:84:51:89:97:53:3c:47:05:85:6a:32:38

Digest Algorithm

sha256

PE Digest Matches

true

79:73:60:27:0f:54:3b:e8:da:d0:60:57:b8:27:f4:7f:41:a3:04:4c
Signer

Actual PE Digest

79:73:60:27:0f:54:3b:e8:da:d0:60:57:b8:27:f4:7f:41:a3:04:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

abort
terminate

api-ms-win-crt-heap-l1-1-0

_free_base
malloc
free
_calloc_base
_malloc_base

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-convert-l1-1-0

atol

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

advapi32

SystemFunction036

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
TlsFree
TlsSetValue
LoadLibraryExW
QueryPerformanceCounter
DeleteCriticalSection
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetLastError
InitializeCriticalSectionAndSpinCount
GetProcAddress
TlsAlloc
TlsGetValue
FreeLibrary

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 320KB

UPX1 Size: 161KB - Virtual size: 164KB

.rsrc Size: 7KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 272KB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 89KB - Virtual size: 88KB

.bss Size: - Virtual size: 11KB

.edata Size: 13KB - Virtual size: 13KB

.idata Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 15KB - Virtual size: 14KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 13KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

0d6d5ccb6e23035a00d7f1488cce2876

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

iphlpapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 432B

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 24B

5ef55f47a0ed40a7f8947818d4f3f247

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ws2_32

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.data Size: 8KB - Virtual size: 8KB

.rdata Size: 581KB - Virtual size: 581KB

.pdata Size: 74KB - Virtual size: 74KB

.xdata Size: 65KB - Virtual size: 64KB

.bss Size: - Virtual size: 34KB

.idata Size: 9KB - Virtual size: 8KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

c089b867a4b799a2ece4dca0900e084b

Code Sign

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31Certificate

UPX0
Size: - Virtual size: 320KB

UPX1
Size: 161KB - Virtual size: 164KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 272KB - Virtual size: 272KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 89KB - Virtual size: 88KB

.bss
Size: - Virtual size: 11KB

.edata
Size: 13KB - Virtual size: 13KB

.idata
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 15KB - Virtual size: 14KB

.text
Size: 13KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 432B

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 24B

.text
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 8KB - Virtual size: 8KB

.rdata
Size: 581KB - Virtual size: 581KB

.pdata
Size: 74KB - Virtual size: 74KB

.xdata
Size: 65KB - Virtual size: 64KB

.bss
Size: - Virtual size: 34KB

.idata
Size: 9KB - Virtual size: 8KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

33:00:00:00:31:94:79:a3:18:f5:52:2d:06:00:00:00:00:00:31
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

f7:00:95:80:ed:e9:c6:15:25:87:11:28:3e:1d:bc:d2:ce:3c:82:17:3e:83:b5:8a:0c:a8:55:28:3f:e7:53:8a
Signer

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 2KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 516B

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

68:e7:3b:07:6f:69:a2:8f:f5:45:c4:ef
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

89:99:ae:10:6d:da:bd:32:5e:20:1b:8d:c4:f5:8d:86:3f:93:04:b6:f9:29:90:ff:e7:60:6a:17:48:fe:a0:4f
Signer

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 1KB

INIT
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 512B - Virtual size: 494B

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

68:e7:3b:07:6f:69:a2:8f:f5:45:c4:ef
Certificate

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate