Extracted

Extracted

• 290a33cc02ba7d6fdf0b7bab886749a4b89702686f7b614fcc806b8eefff2421

  .exe windows:5 windows x86

  dc60334e078658371c0b32acacaf2238

  
  

  Code Sign

  08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  29/04/2021, 00:00

  Not After

  28/04/2036, 23:59

  Subject

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0

  Certificate

  Issuer

  CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

  Not Before

  27/10/2021, 00:00

  Not After

  23/10/2024, 23:59

  Subject

  SERIALNUMBER=91330000788831167A,CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a

  Certificate

  Issuer

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Not Before

  21/09/2022, 00:00

  Not After

  21/11/2033, 23:59

  Subject

  CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b

  Certificate

  Issuer

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  23/03/2022, 00:00

  Not After

  22/03/2037, 23:59

  Subject

  CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a

  Certificate

  Issuer

  CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

  Not Before

  01/08/2022, 00:00

  Not After

  09/11/2031, 23:59

  Subject

  CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  76:b2:79:b7:2a:e4:4c:63:11:03:75:53:7e:d1:84:4f:47:a3:98:2e:dd:b7:e0:97:4a:6e:3c:4f:b8:5f:89:c4

  Signer

  Actual PE Digest

  76:b2:79:b7:2a:e4:4c:63:11:03:75:53:7e:d1:84:4f:47:a3:98:2e:dd:b7:e0:97:4a:6e:3c:4f:b8:5f:89:c4

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  advapi32

  CreateProcessAsUserW

  RegQueryValueExW

  RegOpenKeyExW

  RegCreateKeyExW

  RegCloseKey

  SystemFunction036

  OpenProcessToken

  GetAce

  GetKernelObjectSecurity

  GetLengthSid

  GetSecurityDescriptorSacl

  SetKernelObjectSecurity

  SetTokenInformation

  SetSecurityInfo

  ConvertStringSidToSidW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RevertToSelf

  RegDisablePredefinedCache

  CopySid

  CreateWellKnownSid

  CreateRestrictedToken

  DuplicateToken

  DuplicateTokenEx

  EqualSid

  GetTokenInformation

  LookupPrivilegeValueW

  SetThreadToken

  ConvertSidToStringSidW

  SetEntriesInAclW

  GetSecurityInfo

  RegisterTraceGuidsW

  GetTraceEnableLevel

  GetTraceEnableFlags

  GetTraceLoggerHandle

  TraceEvent

  UnregisterTraceGuids

  iphlpapi

  GetAdaptersAddresses

  GetAdaptersInfo

  psapi

  GetMappedFileNameW

  user32

  GetActiveWindow

  CharUpperW

  CloseDesktop

  RegisterWindowMessageW

  CloseWindowStation

  CreateDesktopW

  GetThreadDesktop

  CreateWindowStationW

  SetProcessWindowStation

  GetProcessWindowStation

  GetUserObjectInformationW

  SendMessageTimeoutW

  FindWindowW

  userenv

  CreateEnvironmentBlock

  DestroyEnvironmentBlock

  ws2_32

  gethostbyname

  inet_ntoa

  WSAGetLastError

  WSAStartup

  gethostname

  wininet

  InternetConnectW

  InternetOpenW

  InternetSetOptionW

  FtpPutFileW

  InternetCloseHandle

  version

  VerQueryValueW

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  winmm

  timeGetTime

  shlwapi

  PathFindFileNameW

  kernel32

  RtlCaptureStackBackTrace

  HeapSize

  SetEnvironmentVariableA

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineA

  GetOEMCP

  IsValidCodePage

  GetProcessHeap

  WriteConsoleW

  GetTimeZoneInformation

  EnumSystemLocalesW

  IsValidLocale

  ReadConsoleW

  GetACP

  HeapReAlloc

  CloseHandle

  GetLastError

  CreateMutexW

  CreateDirectoryW

  lstrcpyW

  lstrlenW

  GetCurrentProcess

  GetModuleHandleW

  FreeLibrary

  GetProcAddress

  LoadLibraryExW

  SetLastError

  GetCurrentProcessId

  GetSystemInfo

  CreateFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  WriteFile

  OutputDebugStringA

  GetModuleFileNameW

  CreateFileW

  DeleteFileW

  FormatMessageA

  GetTickCount

  GetCommandLineW

  LocalFree

  ReadFile

  QueryDosDeviceW

  GetLongPathNameW

  RemoveDirectoryW

  GetTempPathW

  GetFileAttributesW

  SetFileAttributesW

  GetFileAttributesExW

  GetCurrentDirectoryW

  MoveFileExW

  CopyFileW

  GetTempFileNameW

  SetThreadPriority

  Sleep

  GetCurrentThread

  QueryPerformanceFrequency

  GetThreadPriority

  GetSystemTimeAsFileTime

  QueryPerformanceCounter

  GetUserDefaultLangID

  TerminateProcess

  WaitForSingleObject

  DuplicateHandle

  OpenProcess

  GetExitCodeProcess

  SetInformationJobObject

  SetHandleInformation

  GetStdHandle

  AssignProcessToJobObject

  ResumeThread

  CreateProcessW

  GetFileSizeEx

  SetEndOfFile

  SetFilePointerEx

  FlushFileBuffers

  GetCurrentThreadId

  GetVersionExW

  GetNativeSystemInfo

  IsDebuggerPresent

  RaiseException

  CreateThread

  FindFirstFileW

  FindFirstFileExW

  FindNextFileW

  FindClose

  GetProcessId

  EnterCriticalSection

  InitializeCriticalSectionAndSpinCount

  LeaveCriticalSection

  DeleteCriticalSection

  GetSystemDirectoryW

  GetWindowsDirectoryW

  ExpandEnvironmentStringsW

  GetModuleHandleA

  CreateEventW

  GetModuleHandleExW

  SetEnvironmentVariableW

  GetEnvironmentVariableW

  RegisterWaitForSingleObject

  UnregisterWaitEx

  TlsSetValue

  TlsAlloc

  TlsGetValue

  TlsFree

  GetQueuedCompletionStatus

  PostQueuedCompletionStatus

  CreateIoCompletionPort

  LoadLibraryW

  GlobalMemoryStatusEx

  HeapSetInformation

  WaitForMultipleObjects

  SetEvent

  ResetEvent

  VirtualQueryEx

  RtlCaptureContext

  ReleaseSemaphore

  InitializeCriticalSection

  SuspendThread

  TerminateThread

  GetThreadContext

  CreateSemaphoreW

  SetUnhandledExceptionFilter

  GetDriveTypeW

  VirtualAlloc

  VirtualFree

  ReleaseMutex

  SwitchToThread

  VirtualAllocEx

  VirtualProtectEx

  WriteProcessMemory

  TerminateJobObject

  GetUserDefaultLCID

  GetFileType

  ProcessIdToSessionId

  GetProcessHandleCount

  SignalObjectAndWait

  VirtualFreeEx

  CreateJobObjectW

  CreateNamedPipeW

  ReadProcessMemory

  DebugBreak

  SearchPathW

  HeapFree

  HeapAlloc

  ExitProcess

  SetStdHandle

  GetFullPathNameW

  GetConsoleMode

  GetConsoleCP

  RtlUnwind

  InitializeSListHead

  GetStartupInfoW

  IsProcessorFeaturePresent

  FileTimeToSystemTime

  UnhandledExceptionFilter

  GetCPInfo

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  DecodePointer

  EncodePointer

  GetStringTypeW

  MultiByteToWideChar

  WideCharToMultiByte

  LoadLibraryExA

  VirtualQuery

  VirtualProtect

  ole32

  CoTaskMemFree

  winhttp

  WinHttpCrackUrl

  WinHttpCloseHandle

  WinHttpConnect

  WinHttpQueryHeaders

  WinHttpReceiveResponse

  WinHttpReadData

  WinHttpOpenRequest

  WinHttpSendRequest

  WinHttpOpen

  Exports

  Exports

  GetHandleVerifier

  IsSandboxedProcess

  Sections

  .text

  Size: 443KB - Virtual size: 443KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 164KB - Virtual size: 164KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 1024B - Virtual size: 552B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 61KB - Virtual size: 61KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 19KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ