Spotify[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Spotify.exe
Size

27.0MB
MD5

680bb2834f3ebd6a6f513069f30c53ec
SHA1

bf20b3bcf60c0f649f67b09b06dcdbd9e7a727ff
SHA256

b14b1ced69cdd8ad0be5b20129b22e43e73ab397f4adf949c5bd7d957888e16c
SHA512

149512c39793d8dc6d0ec40b3467c2266e51baf5cba825e681e627420b4ed079797cdea04f192d92ab90dfcb7675d139d094c9d5cbab2fb5cc642e93a363ff4e
SSDEEP

196608:iOTHSWSBsMWmiXqn2XYldjFtlWxOnFXx2rKWQwFejH93g3cU4GX6wz+/05t++tbX:z7l9FeRgQw15tpqvi

Score

1^/10

Malware Config

Signatures

Files

Spotify.exe
.exe windows:6 windows x64

910d5f000b30415d389174f30b22fd0e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:c5:30:70:3a:21:0e:c1:d6:f8:3c:b4:fe:11:18:c5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/09/2022, 00:00

Not After

19/10/2023, 23:59

Subject

SERIALNUMBER=5567037485,CN=Spotify AB,O=Spotify AB,L=Stockholm,C=SE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025345

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:9b:25:4b:c0:67:00:37:7e:11:d1:de:f1:61:fc:d3:a8:19:2f:6a:b3:b3:41:78:cf:3a:43:87:8f:07:34:75
Signer

Actual PE Digest

0a:9b:25:4b:c0:67:00:37:7e:11:d1:de:f1:61:fc:d3:a8:19:2f:6a:b3:b3:41:78:cf:3a:43:87:8f:07:34:75

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord410
ord380
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ord413
ord412
ImageList_Add

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

uxtheme

SetWindowThemeAttribute

gdiplus

GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillEllipse
GdipSetTextRenderingHint
GdipDeleteStringFormat
GdipDeleteGraphics
GdipCreateHICONFromBitmap
GdipCloneStringFormat
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipSetStringFormatAlign
GdipCloneImage
GdipSetStringFormatLineAlign
GdipStringFormatGetGenericDefault
GdipCreateBitmapFromStream
GdipDeleteBrush
GdipBitmapLockBits
GdipCloneBrush
GdipFree
GdipAlloc
GdipBitmapUnlockBits
GdipSetInterpolationMode
GdiplusShutdown
GdipDrawImageRectRectI
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStream
GdipCreateSolidFill
GdipSetSmoothingMode

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoInitialize

ws2_32

getprotobyname
gethostbyname
inet_addr
WSACreateEvent
WSAStringToAddressW
WSARecv
WSASetEvent
WSAEnumNetworkEvents
WSACleanup
WSAWaitForMultipleEvents
getsockopt
htonl
ntohl
ntohs
bind
shutdown
closesocket
ioctlsocket
sendto
htons
getsockname
select
socket
WSAEventSelect
setsockopt
WSASetLastError
WSAGetLastError
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAAddressToStringW
WSAIoctl
__WSAFDIsSet
getpeername
getaddrinfo
accept
send
recvfrom
recv
WSAStartup
connect
WSACloseEvent
freeaddrinfo
listen

advapi32

GetNamedSecurityInfoW
GetTokenInformation
RegDeleteKeyValueW
RegDeleteTreeW
LookupAccountNameW
GetCurrentHwProfileW
ConvertSidToStringSidW
SystemFunction036
SetEntriesInAclW
BuildTrusteeWithSidW
AddMandatoryAce
InitializeAcl
IsValidAcl
AccessCheck
MapGenericMask
SetSecurityInfo
GetSecurityInfo
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
RegSetKeyValueA
RegGetValueA
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
IsValidSecurityDescriptor
EqualSid
ConvertStringSidToSidW
GetLengthSid
IsValidSid
FreeSid
SetThreadToken
CreateProcessAsUserW
AdjustTokenPrivileges
CreateRestrictedToken
GetAce
LookupPrivilegeValueW
SetTokenInformation
OpenThreadToken
DuplicateTokenEx
RegDisablePredefinedCache
RevertToSelf
CryptEnumProvidersA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken

dbghelp

SymGetSearchPathW
SymSetOptions
SymCleanup
SymFromAddr
SymInitialize
SymGetLineFromAddr64
SymSetSearchPathW

ntdll

RtlCaptureStackBackTrace
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
VerSetConditionMask
RtlInitUnicodeString

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantClear
GetErrorInfo
SetErrorInfo

propsys

PropVariantToString
PSStringFromPropertyKey

shell32

SHChangeNotify
SHGetFolderPathW
ord155
SHFileOperationW
SHGetPathFromIDListW
SHOpenFolderAndSelectItems
SHBrowseForFolderW
Shell_NotifyIconW
CommandLineToArgvW
ord190
ShellExecuteW
ord195
ShellExecuteExW

userenv

DeriveAppContainerSidFromAppContainerName
CreateAppContainerProfile

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
ExitProcess
GetCurrentThread
TlsSetValue
TlsGetValue
TlsAlloc
UpdateProcThreadAttribute
GetStartupInfoW
GetCurrentThreadId
TerminateProcess
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
GetCurrentProcessId
CreateProcessW
ExitThread
CreateRemoteThread
GetProcessTimes
GetThreadId
QueueUserAPC
TerminateThread
CreateThread
SetThreadPriority
SwitchToThread
GetExitCodeProcess
ResumeThread
GetExitCodeThread
TlsFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetLocalTime
GetWindowsDirectoryW
GetSystemTime
GetSystemDirectoryW
GetSystemInfo
GetVersion
GetVersionExW
GetTickCount64

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedPushEntrySList

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-processthreads-l1-1-1

GetProcessHandleCount
GetProcessMitigationPolicy
GetCurrentProcessorNumber
SetProcessMitigationPolicy
OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LockResource
LoadStringW
LoadResource
FreeLibraryAndExitThread
SizeofResource
GetModuleHandleA
SetDefaultDllDirectories
LoadLibraryExA
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
GetModuleHandleExW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockShared
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenEventA
CreateMutexA
CreateEventExW
WaitForMultipleObjectsEx
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseSRWLockShared
CreateEventA
ReleaseSemaphore
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
CreateMutexW
OpenMutexW
InitializeCriticalSection
SetEvent
WaitForSingleObject
SleepEx
CreateEventW
SetWaitableTimer

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-processenvironment-l1-1-0

SetCurrentDirectoryW
GetCurrentDirectoryW
GetEnvironmentVariableW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetStdHandle
ExpandEnvironmentStringsW

api-ms-win-core-file-l1-1-0

LockFile
RemoveDirectoryW
FlushFileBuffers
UnlockFile
GetFileType
GetFullPathNameW
GetFileAttributesExW
GetVolumePathNameW
FindNextFileW
FindFirstFileExW
FindClose
GetFileAttributesW
GetFileSizeEx
SetFilePointerEx
ReadFile
WriteFile
CreateFileW
GetDiskFreeSpaceExW
GetLongPathNameW
GetFileTime
SetEndOfFile
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetDriveTypeW
SetFileAttributesW
GetFileInformationByHandle
FindFirstFileW
GetFileSize

api-ms-win-core-heap-l1-1-0

GetProcessHeaps
HeapDestroy
HeapAlloc
HeapSetInformation
HeapReAlloc
HeapSize
GetProcessHeap
HeapFree

api-ms-win-core-localization-l1-2-0

IsValidLocale
GetOEMCP
FormatMessageA
GetUserDefaultLocaleName
GetLocaleInfoW
GetACP
IsValidCodePage
GetUserPreferredUILanguages
GetUserDefaultLangID
GetUserDefaultLCID
LCMapStringW
LCMapStringEx
EnumSystemLocalesW
GetCPInfo
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
CompareStringEx
WideCharToMultiByte
GetStringTypeW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-fibers-l1-1-0

FlsAlloc
FlsGetValue
FlsFree
FlsSetValue

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-console-l1-1-0

WriteConsoleW
WriteConsoleA
GetConsoleOutputCP
GetConsoleMode
SetConsoleCtrlHandler
AllocConsole
ReadConsoleW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
SetHandleInformation
CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
GlobalFree
LocalAlloc

api-ms-win-core-file-l2-1-0

ReadDirectoryChangesW
ReplaceFileW
CreateDirectoryExW
MoveFileExW
CopyFileExW

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromCLSID
PropVariantClear
CoGetApartmentType
CoInitializeEx
CoSetProxyBlanket
CoTaskMemAlloc
CoInitializeSecurity
CoGetObjectContext
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoUninitialize

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
SystemParametersInfoW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW
FindResourceW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock
GlobalSize

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-io-l1-1-0

DeviceIoControl
CancelIoEx
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateWaitableTimerW

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-io-l1-1-1

CancelIo

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

api-ms-win-core-kernel32-legacy-l1-1-0

UnregisterWait
GetSystemPowerStatus
GetComputerNameW
RegisterWaitForSingleObject
MoveFileW
CreateFileMappingA

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot
Process32NextW
Process32FirstW

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW
K32GetProcessMemoryInfo
K32GetModuleInformation

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
WakeConditionVariable
InitOnceBeginInitialize
SleepConditionVariableSRW
Sleep
InitOnceComplete
InitializeConditionVariable

mswsock

AcceptEx
GetAcceptExSockaddrs

api-ms-win-core-memory-l1-1-0

ReadProcessMemory
VirtualProtectEx
VirtualQuery
VirtualFree
WriteProcessMemory
VirtualFreeEx
CreateFileMappingW
VirtualProtect
VirtualAllocEx
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-synch-ansi-l1-1-0

OpenMutexA
CreateSemaphoreA

api-ms-win-core-kernel32-legacy-l1-1-2

OpenFileMappingA

api-ms-win-core-console-l1-2-0

AttachConsole

api-ms-win-core-console-l3-2-0

GetCurrentConsoleFont

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject
CreateJobObjectW
SetInformationJobObject

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo
GetNativeSystemInfo

winhttp

WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpSetStatusCallback
WinHttpGetProxyForUrl
WinHttpSendRequest
WinHttpSetCredentials
WinHttpSetOption
WinHttpReceiveResponse

api-ms-win-core-file-l1-2-2

GetTempPathA
AreFileApisANSI

iphlpapi

GetAdaptersAddresses

crypt32

CertGetNameStringA

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo

api-ms-win-core-localization-l1-2-1

EnumSystemLocalesEx

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-processthreads-l1-1-2

SetThreadInformation

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask

api-ms-win-mm-time-l1-1-0

timeGetTime

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW

kernel32

RegisterApplicationRestart
QueryDosDeviceW
QueryInformationJobObject
PowerClearRequest
PowerCreateRequest
TerminateJobObject
K32EnumProcessModules
PowerSetRequest

user32

MessageBoxA
MessageBoxW
MessageBoxExA
SendMessageW
OpenClipboard
GetActiveWindow
SetClipboardData
GetClipboardData
EmptyClipboard
MessageBoxExW
UnregisterClassW
SetWindowTextW
GetAncestor
GetMessageW
TranslateMessage
DestroyWindow
CreateWindowExA
CloseClipboard
SendMessageTimeoutA
DispatchMessageW
PostThreadMessageW
RegisterDeviceNotificationW
InsertMenuW
GetUserObjectInformationW
CreateDesktopW
SetProcessWindowStation
CreateWindowStationW
GetProcessWindowStation
GetThreadDesktop
CloseWindowStation
CloseDesktop
UnregisterDeviceNotification
GetWindowLongPtrA
SetWindowLongPtrA
DefWindowProcW
RegisterClassExW
CreateWindowExW
SetLayeredWindowAttributes
SetWindowPos
EnableWindow
BeginPaint
GetMenuItemCount
GetSystemMenu
GetCursorPos
SetForegroundWindow
TrackPopupMenu
AppendMenuW
LoadImageW
GetDoubleClickTime
CreatePopupMenu
DestroyIcon
DeregisterShellHookWindow
RegisterShellHookWindow
ReleaseCapture
SetCapture
GetCapture
GetWindowPlacement
RegisterWindowMessageA
SetWindowLongPtrW
GetWindowLongPtrW
FillRect
MapWindowPoints
AdjustWindowRectEx
GetClientRect
EndPaint
GetMenuItemInfoW
SetMenuItemInfoW
ClientToScreen
LoadIconW
LoadCursorW
GetWindowLongW
AdjustWindowRect
GetDesktopWindow
FindWindowA
AllowSetForegroundWindow
GetWindowThreadProcessId
UpdateWindow
KillTimer
PostMessageW
ShowWindow
SetTimer

gdi32

DeleteObject
GetStockObject

ole32

CoInitialize

shlwapi

PathIsNetworkPathW
ord225
ord12

dsound

ord11
ord2

avrt

AvRevertMmThreadCharacteristics
AvSetMmThreadPriority
AvSetMmThreadCharacteristicsW

msacm32

acmStreamConvert
acmDriverID
acmDriverDetailsW
acmStreamOpen
acmStreamClose
acmStreamSize
acmStreamPrepareHeader
acmStreamUnprepareHeader

api-ms-win-core-threadpool-l1-2-0

FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
TrySubmitThreadpoolCallback
SubmitThreadpoolWork
CloseThreadpoolWork

Exports

Exports

GetHandleVerifier
IsSandboxedProcess

Sections

.text
Size: 15.9MB - Virtual size: 15.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6.5MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 825KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

910d5f000b30415d389174f30b22fd0e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:c5:30:70:3a:21:0e:c1:d6:f8:3c:b4:fe:11:18:c5Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0a:9b:25:4b:c0:67:00:37:7e:11:d1:de:f1:61:fc:d3:a8:19:2f:6a:b3:b3:41:78:cf:3a:43:87:8f:07:34:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

wtsapi32

uxtheme

gdiplus

api-ms-win-core-winrt-l1-1-0

ws2_32

advapi32

dbghelp

ntdll

oleaut32

propsys

shell32

userenv

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-fibers-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-ntuser-sysparams-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-io-l1-1-1

bcrypt

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-synch-l1-2-0

mswsock

api-ms-win-core-memory-l1-1-0

api-ms-win-core-synch-ansi-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-2

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:c5:30:70:3a:21:0e:c1:d6:f8:3c:b4:fe:11:18:c5
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0a:9b:25:4b:c0:67:00:37:7e:11:d1:de:f1:61:fc:d3:a8:19:2f:6a:b3:b3:41:78:cf:3a:43:87:8f:07:34:75
Signer

.text
Size: 15.9MB - Virtual size: 15.9MB

.rdata
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 6.5MB - Virtual size: 6.7MB

.pdata
Size: 825KB - Virtual size: 824KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 58KB - Virtual size: 58KB