Nevermore v0[.]1[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Nevermore v0.1.rar
Size

52.2MB
MD5

7b2ab93c6b252de9803f607752bf1bed
SHA1

47881855ab860eada213eab045036558ecbe6fbe
SHA256

e74b7a3197192d28a7e43099eabaeb947c0830834ebe2ad80e52c3339ca8a2c3
SHA512

3a520490e272df6d02cc8589dd7e1f6ac95cc2afe2f12f980bdf3569efc03ae517e2ea9ee492616701b2dc782999e0cc94dfdc763b09066681895a8ae49c76e9
SSDEEP

1572864:32hpwumqmdluCQGi8ac1F3nssU3kbTKhTMIqnA:3UpItdlqGiqQcKae

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nevermore v0.1/Nevermore.exe

Files

Nevermore v0.1.rar
.rar

Password: onniforums.com
Nevermore v0.1/D3DCompiler_47_cor3.dll
.dll windows:10 windows x86

Password: onniforums.com

7f269ea2d96d8d376f2c7642ddadc7bc

Code Sign

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:47

Not After

11/05/2023, 20:47

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:2f:2c:ef:c1:ff:cb:1d:a4:74:54:24:92:77:1b:44:ab:2a:fc:2e:3a:f7:4c:b7:7c:28:32:f4:57:06:82:80
Signer

Actual PE Digest

c5:2f:2c:ef:c1:ff:cb:1d:a4:74:54:24:92:77:1b:44:ab:2a:fc:2e:3a:f7:4c:b7:7c:28:32:f4:57:06:82:80

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
FreeLibrary
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
GetSystemInfo
GetProcAddress
LoadLibraryExW
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
RaiseException
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleW
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetEnvironmentStringsW
ReadFile
SetEnvironmentVariableW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
ReadConsoleW
HeapSize
HeapReAlloc
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwind
InterlockedFlushSList
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
LocalAlloc
LocalFree
GetFileSizeEx
GetLastError
CreateFileW
HeapFree
GetProcessHeap
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetFileAttributesW
SetFileAttributesW
DeleteFileW
SetEndOfFile
DeviceIoControl
MapViewOfFileEx
CreateFileMappingA
ExpandEnvironmentStringsW
HeapAlloc
OutputDebugStringA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
HeapCreate
GetModuleFileNameA
CreateFileA
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetCurrentDirectoryW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
MultiByteToWideChar
FreeEnvironmentStringsW
DisableThreadLibraryCalls

advapi32

CryptDestroyHash
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
CryptGetHashParam
CryptCreateHash
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nevermore v0.1/Examples/Examples.txt
Nevermore v0.1/Examples/chrome_icon_example.png
.png
Nevermore v0.1/Magick.Native-Q16-x86.dll
.dll windows:6 windows x86

Password: onniforums.com

5b1bd215473769a8e20ac301e8e4b2f9

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:24:b6:4c:66:e5:e9:e4:77:56:08:ac:4c:4a:41:3d
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

27/10/2022, 00:00

Not After

27/10/2023, 23:59

Subject

CN=ImageMagick Studio LLC,O=ImageMagick Studio LLC,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:f9:c2:ee:46:d0:3a:ec:63:95:33:01:8c:07:9e:63:92:19:4c:20:95:a2:1a:b5:6d:42:9b:04:0f:6d:ac:6d
Signer

Actual PE Digest

8a:f9:c2:ee:46:d0:3a:ec:63:95:33:01:8c:07:9e:63:92:19:4c:20:95:a2:1a:b5:6d:42:9b:04:0f:6d:ac:6d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetConsoleMode
SetFilePointerEx
CreateFileW
GetFileType
ReadConsoleW
SetStdHandle
GetTimeZoneInformation
GetFileAttributesExW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
DeleteFileW
FlushFileBuffers
GetFullPathNameW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
HeapAlloc
HeapFree
SetEnvironmentVariableW
HeapReAlloc
GetFileSizeEx
GetStdHandle
HeapSize
DecodePointer
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetCPInfo
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
WriteFile
GetCurrentDirectoryW
CreateDirectoryW
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
EncodePointer
SetLastError
RtlUnwind
InterlockedFlushSList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThread
DuplicateHandle
CreateMutexA
ReleaseMutex
GetDriveTypeA
ReadDirectoryChangesW
GetLongPathNameW
GetSystemDirectoryA
GetVolumePathNameW
GetVolumeInformationW
InitializeCriticalSection
GetPhysicallyInstalledSystemMemory
GetTempFileNameA
GetTempPathA
SignalObjectAndWait
GetConsoleOutputCP
GetModuleHandleExW
ExitProcess
GetLogicalDrives
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringA
LoadLibraryA
GetCurrentThreadId
RaiseException
Sleep
SystemTimeToFileTime
FindResourceA
GetStartupInfoA
CreateFileMappingA
FormatMessageA
LocalFree
SizeofResource
LockResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetModuleFileNameA
FreeResource
FreeLibrary
UnmapViewOfFile
MapViewOfFile
GetVersionExA
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GlobalAlloc
GlobalSize
GlobalUnlock
GlobalLock
GlobalFree
SetEnvironmentVariableA
TryEnterCriticalSection
FormatMessageW
LoadLibraryW
GetFileInformationByHandleEx
SetConsoleMode
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TryAcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
SetThreadPriority
GetThreadPriority
IsDBCSLeadByteEx
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DebugBreak
GetSystemDirectoryW
GetWindowsDirectoryW
CreateEventA
GetVersion
GetLocaleInfoA
GetThreadLocale
SetEvent
WaitForSingleObjectEx
WaitForMultipleObjectsEx
CreateEventW
WaitForMultipleObjects
GetExitCodeThread
ResetEvent
GetFileAttributesW
ReadConsoleInputA
PeekConsoleInputA
DeviceIoControl
MoveFileExW
ReleaseSemaphore
CreateSemaphoreA
SetFileAttributesW
GetTickCount
GetFileTime
RemoveDirectoryW
GetNumberOfConsoleInputEvents
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
SwitchToThread
InitializeCriticalSectionEx
GetLocaleInfoEx
LCMapStringEx
SleepConditionVariableCS
CompareStringEx
GlobalMemoryStatusEx
CreateProcessA
GetExitCodeProcess
GetCurrentProcess
GetProcessTimes
WaitForSingleObject
QueryPerformanceFrequency
QueryPerformanceCounter
PeekNamedPipe
CreatePipe
SetErrorMode
GetLastError
SetHandleInformation
CloseHandle
SetEndOfFile
ReadFile
FindNextFileW
FindFirstFileW
FindClose
GetShortPathNameW
WideCharToMultiByte
GetDiskFreeSpaceExW
MultiByteToWideChar

user32

SystemParametersInfoA
EnumDisplayDevicesA
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
PostMessageA
PeekMessageA
MessageBoxA
MsgWaitForMultipleObjectsEx
FillRect
ReleaseDC
GetDC

advapi32

RegNotifyChangeKeyValue
DeregisterEventSource
RegisterEventSourceA
RegSetValueExW
ReportEventA
RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegEnumValueW
RegCreateKeyExW
LookupAccountSidW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetFileSecurityW
RegEnumKeyExW
GetSecurityInfo
RegGetValueW
RegLoadMUIStringW
RegOpenKeyExW
GetUserNameW
RegDeleteValueW

urlmon

URLDownloadToFileA

ws2_32

WSAStartup
WSASetLastError
gethostbyname
gethostbyaddr
inet_ntoa
ntohl
getservbyport
closesocket
ioctlsocket
recv
send
inet_addr
WSAGetLastError
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSASetEvent
htons
inet_ntop
inet_pton
getservbyname
ntohs
htonl

gdiplus

GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipDrawImageRectI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptDestroyKey
BCryptDestroyHash
BCryptGenRandom
BCryptDeriveKeyPBKDF2
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptGetProperty
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptEncrypt

gdi32

GetClipRgn
GetGraphicsMode
IntersectClipRect
SelectClipRgn
ExtSelectClipRgn
GetWorldTransform
GdiFlush
ExtTextOutW
StretchDIBits
EnumFontFamiliesExW
GetGlyphOutlineA
ExtCreateRegion
ModifyWorldTransform
SetWorldTransform
GetTextMetricsA
SetTextAlign
CreateCompatibleBitmap
CreateRectRgn
GetClipBox
CreateDIBSection
SetTextColor
SetMapMode
SetGraphicsMode
SetBkMode
SaveDC
RestoreDC
GetGlyphIndicesW
GetFontUnicodeRanges
GetOutlineTextMetricsA
GetGlyphOutlineW
GetFontData
GetCharWidth32A
BitBlt
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
CreateSolidBrush
CreateFontIndirectW

shell32

SHFileOperationW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW

ole32

CoTaskMemFree
CoGetApartmentType
CoGetObjectContext

dnsapi

DnsQuery_A
DnsFree

iphlpapi

NotifyRouteChange2
CancelMibChangeNotify2
GetIpForwardTable2

Exports

Exports

ChannelMoments_Centroid_Get
ChannelMoments_EllipseAngle_Get
ChannelMoments_EllipseAxis_Get
ChannelMoments_EllipseEccentricity_Get
ChannelMoments_EllipseIntensity_Get
ChannelMoments_GetHuInvariants
ChannelPerceptualHash_GetHclpHuPhash
ChannelPerceptualHash_GetSrgbHuPhash
ChannelStatistics_Depth_Get
ChannelStatistics_Entropy_Get
ChannelStatistics_Kurtosis_Get
ChannelStatistics_Maximum_Get
ChannelStatistics_Mean_Get
ChannelStatistics_Minimum_Get
ChannelStatistics_Skewness_Get
ChannelStatistics_StandardDeviation_Get
ConnectedComponent_DisposeList
ConnectedComponent_GetArea
ConnectedComponent_GetCentroid
ConnectedComponent_GetColor
ConnectedComponent_GetHeight
ConnectedComponent_GetId
ConnectedComponent_GetInstance
ConnectedComponent_GetWidth
ConnectedComponent_GetX
ConnectedComponent_GetY
DoubleMatrix_Create
DoubleMatrix_Dispose
DrawingSettings_BorderColor_Get
DrawingSettings_BorderColor_Set
DrawingSettings_Create
DrawingSettings_Dispose
DrawingSettings_FillColor_Get
DrawingSettings_FillColor_Set
DrawingSettings_FillRule_Get
DrawingSettings_FillRule_Set
DrawingSettings_FontFamily_Get
DrawingSettings_FontFamily_Set
DrawingSettings_FontPointsize_Get
DrawingSettings_FontPointsize_Set
DrawingSettings_FontStyle_Get
DrawingSettings_FontStyle_Set
DrawingSettings_FontWeight_Get
DrawingSettings_FontWeight_Set
DrawingSettings_Font_Get
DrawingSettings_Font_Set
DrawingSettings_SetAffine
DrawingSettings_SetFillPattern
DrawingSettings_SetStrokeDashArray
DrawingSettings_SetStrokePattern
DrawingSettings_SetText
DrawingSettings_StrokeAntiAlias_Get
DrawingSettings_StrokeAntiAlias_Set
DrawingSettings_StrokeColor_Get
DrawingSettings_StrokeColor_Set
DrawingSettings_StrokeDashOffset_Get
DrawingSettings_StrokeDashOffset_Set
DrawingSettings_StrokeLineCap_Get
DrawingSettings_StrokeLineCap_Set
DrawingSettings_StrokeLineJoin_Get
DrawingSettings_StrokeLineJoin_Set
DrawingSettings_StrokeMiterLimit_Get
DrawingSettings_StrokeMiterLimit_Set
DrawingSettings_StrokeWidth_Get
DrawingSettings_StrokeWidth_Set
DrawingSettings_TextAntiAlias_Get
DrawingSettings_TextAntiAlias_Set
DrawingSettings_TextDirection_Get
DrawingSettings_TextDirection_Set
DrawingSettings_TextEncoding_Get
DrawingSettings_TextEncoding_Set
DrawingSettings_TextGravity_Get
DrawingSettings_TextGravity_Set
DrawingSettings_TextInterlineSpacing_Get
DrawingSettings_TextInterlineSpacing_Set
DrawingSettings_TextInterwordSpacing_Get
DrawingSettings_TextInterwordSpacing_Set
DrawingSettings_TextKerning_Get
DrawingSettings_TextKerning_Set
DrawingSettings_TextUnderColor_Get
DrawingSettings_TextUnderColor_Set
DrawingWand_Affine
DrawingWand_Alpha
DrawingWand_Arc
DrawingWand_Bezier
DrawingWand_BorderColor
DrawingWand_Circle
DrawingWand_ClipPath
DrawingWand_ClipRule
DrawingWand_ClipUnits
DrawingWand_Color
DrawingWand_Composite
DrawingWand_Create
DrawingWand_Density
DrawingWand_Dispose
DrawingWand_Ellipse
DrawingWand_FillColor
DrawingWand_FillOpacity
DrawingWand_FillPatternUrl
DrawingWand_FillRule
DrawingWand_Font
DrawingWand_FontFamily
DrawingWand_FontPointSize
DrawingWand_FontTypeMetrics
DrawingWand_Gravity
DrawingWand_Line
DrawingWand_PathArcAbs
DrawingWand_PathArcRel
DrawingWand_PathClose
DrawingWand_PathCurveToAbs
DrawingWand_PathCurveToRel
DrawingWand_PathFinish
DrawingWand_PathLineToAbs
DrawingWand_PathLineToHorizontalAbs
DrawingWand_PathLineToHorizontalRel
DrawingWand_PathLineToRel
DrawingWand_PathLineToVerticalAbs
DrawingWand_PathLineToVerticalRel
DrawingWand_PathMoveToAbs
DrawingWand_PathMoveToRel
DrawingWand_PathQuadraticCurveToAbs
DrawingWand_PathQuadraticCurveToRel
DrawingWand_PathSmoothCurveToAbs
DrawingWand_PathSmoothCurveToRel
DrawingWand_PathSmoothQuadraticCurveToAbs
DrawingWand_PathSmoothQuadraticCurveToRel
DrawingWand_PathStart
DrawingWand_Point
DrawingWand_Polygon
DrawingWand_Polyline
DrawingWand_PopClipPath
DrawingWand_PopGraphicContext
DrawingWand_PopPattern
DrawingWand_PushClipPath
DrawingWand_PushGraphicContext
DrawingWand_PushPattern
DrawingWand_Rectangle
DrawingWand_Render
DrawingWand_Rotation
DrawingWand_RoundRectangle
DrawingWand_Scaling
DrawingWand_SkewX
DrawingWand_SkewY
DrawingWand_StrokeAntialias
DrawingWand_StrokeColor
DrawingWand_StrokeDashArray
DrawingWand_StrokeDashOffset
DrawingWand_StrokeLineCap
DrawingWand_StrokeLineJoin
DrawingWand_StrokeMiterLimit
DrawingWand_StrokeOpacity
DrawingWand_StrokePatternUrl
DrawingWand_StrokeWidth
DrawingWand_Text
DrawingWand_TextAlignment
DrawingWand_TextAntialias
DrawingWand_TextDecoration
DrawingWand_TextDirection
DrawingWand_TextEncoding
DrawingWand_TextInterlineSpacing
DrawingWand_TextInterwordSpacing
DrawingWand_TextKerning
DrawingWand_TextUnderColor
DrawingWand_Translation
DrawingWand_Viewbox
Environment_GetEnv
Environment_Initialize
Environment_SetEnv
JpegOptimizer_CompressFile
JpegOptimizer_CompressStream
MagickColorCollection_DisposeList
MagickColorCollection_GetInstance
MagickColor_Alpha_Get
MagickColor_Alpha_Set
MagickColor_Black_Get
MagickColor_Black_Set
MagickColor_Blue_Get
MagickColor_Blue_Set
MagickColor_Clone
MagickColor_Count_Get
MagickColor_Create
MagickColor_Dispose
MagickColor_FuzzyEquals
MagickColor_Green_Get
MagickColor_Green_Set
MagickColor_Initialize
MagickColor_IsCMYK_Get
MagickColor_IsCMYK_Set
MagickColor_Red_Get
MagickColor_Red_Set
MagickExceptionHelper_Description
MagickExceptionHelper_Dispose
MagickExceptionHelper_Message
MagickExceptionHelper_Related
MagickExceptionHelper_RelatedCount
MagickExceptionHelper_Severity
MagickFormatInfo_CanReadMultithreaded_Get
MagickFormatInfo_CanWriteMultithreaded_Get
MagickFormatInfo_CreateList
MagickFormatInfo_Description_Get
MagickFormatInfo_DisposeList
MagickFormatInfo_Format_Get
MagickFormatInfo_GetInfo
MagickFormatInfo_GetInfoByName
MagickFormatInfo_GetInfoWithBlob
MagickFormatInfo_MimeType_Get
MagickFormatInfo_Module_Get
MagickFormatInfo_SupportsMultipleFrames_Get
MagickFormatInfo_SupportsReading_Get
MagickFormatInfo_SupportsWriting_Get
MagickFormatInfo_Unregister
MagickGeometry_Create
MagickGeometry_Dispose
MagickGeometry_Height_Get
MagickGeometry_Initialize
MagickGeometry_Width_Get
MagickGeometry_X_Get
MagickGeometry_Y_Get
MagickImageCollection_Append
MagickImageCollection_Coalesce
MagickImageCollection_Combine
MagickImageCollection_Complex
MagickImageCollection_Deconstruct
MagickImageCollection_Dispose
MagickImageCollection_Evaluate
MagickImageCollection_Fx
MagickImageCollection_Map
MagickImageCollection_Merge
MagickImageCollection_Montage
MagickImageCollection_Morph
MagickImageCollection_Optimize
MagickImageCollection_OptimizePlus
MagickImageCollection_OptimizeTransparency
MagickImageCollection_Polynomial
MagickImageCollection_Quantize
MagickImageCollection_ReadBlob
MagickImageCollection_ReadFile
MagickImageCollection_ReadStream
MagickImageCollection_Smush
MagickImageCollection_WriteFile
MagickImageCollection_WriteStream
MagickImage_AdaptiveBlur
MagickImage_AdaptiveResize
MagickImage_AdaptiveSharpen
MagickImage_AdaptiveThreshold
MagickImage_AddNoise
MagickImage_AffineTransform
MagickImage_AnimationDelay_Get
MagickImage_AnimationDelay_Set
MagickImage_AnimationIterations_Get
MagickImage_AnimationIterations_Set
MagickImage_AnimationTicksPerSecond_Get
MagickImage_AnimationTicksPerSecond_Set
MagickImage_Annotate
MagickImage_AnnotateGravity
MagickImage_AutoGamma
MagickImage_AutoLevel
MagickImage_AutoOrient
MagickImage_AutoThreshold
MagickImage_BackgroundColor_Get
MagickImage_BackgroundColor_Set
MagickImage_BaseHeight_Get
MagickImage_BaseWidth_Get
MagickImage_BilateralBlur
MagickImage_BlackPointCompensation_Get
MagickImage_BlackPointCompensation_Set
MagickImage_BlackThreshold
MagickImage_BlueShift
MagickImage_Blur
MagickImage_Border
MagickImage_BorderColor_Get
MagickImage_BorderColor_Set
MagickImage_BoundingBox_Get
MagickImage_BrightnessContrast
MagickImage_CannyEdge
MagickImage_ChannelCount_Get
MagickImage_ChannelOffset
MagickImage_Charcoal
MagickImage_Chop
MagickImage_ChromaBluePrimary_Get
MagickImage_ChromaBluePrimary_Set
MagickImage_ChromaGreenPrimary_Get
MagickImage_ChromaGreenPrimary_Set
MagickImage_ChromaRedPrimary_Get
MagickImage_ChromaRedPrimary_Set
MagickImage_ChromaWhitePoint_Get
MagickImage_ChromaWhitePoint_Set
MagickImage_Clahe
MagickImage_Clamp
MagickImage_ClassType_Get
MagickImage_ClassType_Set
MagickImage_ClipPath
MagickImage_Clone
MagickImage_CloneArea
MagickImage_Clut
MagickImage_ColorDecisionList
MagickImage_ColorFuzz_Get
MagickImage_ColorFuzz_Set
MagickImage_ColorMatrix
MagickImage_ColorSpace_Get
MagickImage_ColorSpace_Set
MagickImage_ColorThreshold
MagickImage_ColorType_Get
MagickImage_ColorType_Set
MagickImage_Colorize
MagickImage_ColormapSize_Get
MagickImage_ColormapSize_Set
MagickImage_Compare
MagickImage_CompareDistortion
MagickImage_Compose_Get
MagickImage_Compose_Set
MagickImage_Composite
MagickImage_CompositeGravity
MagickImage_Compression_Get
MagickImage_Compression_Set
MagickImage_ConnectedComponents
MagickImage_Contrast
MagickImage_ContrastStretch
MagickImage_ConvexHull
MagickImage_Convolve
MagickImage_CopyPixels
MagickImage_Create
MagickImage_Crop
MagickImage_CropToTiles
MagickImage_CycleColormap
MagickImage_Decipher
MagickImage_Depth_Get
MagickImage_Depth_Set
MagickImage_Deskew
MagickImage_Despeckle
MagickImage_DetermineBitDepth
MagickImage_DetermineColorType
MagickImage_Dispose
MagickImage_Distort
MagickImage_Edge
MagickImage_Emboss
MagickImage_Encipher
MagickImage_EncodingGeometry_Get
MagickImage_Endian_Get
MagickImage_Endian_Set
MagickImage_Enhance
MagickImage_Equalize
MagickImage_Equals
MagickImage_EvaluateFunction
MagickImage_EvaluateGeometry
MagickImage_EvaluateOperator
MagickImage_Extent
MagickImage_FileName_Get
MagickImage_FileName_Set
MagickImage_FilterType_Get
MagickImage_FilterType_Set
MagickImage_Flip
MagickImage_FloodFill
MagickImage_Flop
MagickImage_FontTypeMetrics
MagickImage_FormatExpression
MagickImage_Format_Get
MagickImage_Format_Set
MagickImage_Frame
MagickImage_Fx
MagickImage_GammaCorrect
MagickImage_Gamma_Get
MagickImage_GaussianBlur
MagickImage_GetArtifact
MagickImage_GetAttribute
MagickImage_GetColormapColor
MagickImage_GetNext
MagickImage_GetNextArtifactName
MagickImage_GetNextAttributeName
MagickImage_GetNextProfileName
MagickImage_GetProfile
MagickImage_GetReadMask
MagickImage_GetWriteMask
MagickImage_GifDisposeMethod_Get
MagickImage_GifDisposeMethod_Set
MagickImage_Grayscale
MagickImage_HaldClut
MagickImage_HasAlpha_Get
MagickImage_HasAlpha_Set
MagickImage_HasChannel
MagickImage_HasProfile
MagickImage_Height_Get
MagickImage_Histogram
MagickImage_HoughLine
MagickImage_Implode
MagickImage_ImportPixels
MagickImage_Integral
MagickImage_Interlace_Get
MagickImage_Interlace_Set
MagickImage_Interpolate_Get
MagickImage_Interpolate_Set
MagickImage_InterpolativeResize
MagickImage_IsOpaque_Get
MagickImage_Kmeans
MagickImage_Kuwahara
MagickImage_Level
MagickImage_LevelColors
MagickImage_Levelize
MagickImage_LinearStretch
MagickImage_LiquidRescale
MagickImage_LocalContrast
MagickImage_Magnify
MagickImage_Map
MagickImage_MatteColor_Get
MagickImage_MatteColor_Set
MagickImage_MeanErrorPerPixel_Get
MagickImage_MeanShift
MagickImage_Minify
MagickImage_MinimumBoundingBox
MagickImage_Modulate
MagickImage_Moments
MagickImage_Morphology
MagickImage_MotionBlur
MagickImage_Negate
MagickImage_Normalize
MagickImage_NormalizedMaximumError_Get
MagickImage_NormalizedMeanError_Get
MagickImage_OilPaint
MagickImage_Opaque
MagickImage_OrderedDither
MagickImage_Orientation_Get
MagickImage_Orientation_Set
MagickImage_Page_Get
MagickImage_Page_Set
MagickImage_Perceptible
MagickImage_PerceptualHash
MagickImage_Polaroid
MagickImage_Posterize
MagickImage_Quality_Get
MagickImage_Quality_Set
MagickImage_Quantize
MagickImage_RaiseOrLower
MagickImage_RandomThreshold
MagickImage_RangeThreshold
MagickImage_ReadBlob
MagickImage_ReadFile
MagickImage_ReadPixels
MagickImage_ReadStream
MagickImage_RegionMask
MagickImage_RemoveArtifact
MagickImage_RemoveAttribute
MagickImage_RemoveProfile
MagickImage_RenderingIntent_Get
MagickImage_RenderingIntent_Set
MagickImage_Resample
MagickImage_ResetArtifactIterator
MagickImage_ResetAttributeIterator
MagickImage_ResetProfileIterator
MagickImage_Resize
MagickImage_ResolutionUnits_Get
MagickImage_ResolutionUnits_Set
MagickImage_ResolutionX_Get
MagickImage_ResolutionX_Set
MagickImage_ResolutionY_Get
MagickImage_ResolutionY_Set
MagickImage_Roll
MagickImage_Rotate
MagickImage_RotationalBlur
MagickImage_Sample
MagickImage_Scale
MagickImage_Segment
MagickImage_SelectiveBlur
MagickImage_Separate
MagickImage_SepiaTone
MagickImage_SetAlpha
MagickImage_SetArtifact
MagickImage_SetAttribute
MagickImage_SetBitDepth
MagickImage_SetColorMetric
MagickImage_SetColormapColor
MagickImage_SetNext
MagickImage_SetProfile
MagickImage_SetProgressDelegate
MagickImage_SetReadMask
MagickImage_SetWriteMask
MagickImage_Shade
MagickImage_Shadow
MagickImage_Sharpen
MagickImage_Shave
MagickImage_Shear
MagickImage_SigmoidalContrast
MagickImage_Signature_Get
MagickImage_Sketch
MagickImage_Solarize
MagickImage_SortPixels
MagickImage_SparseColor
MagickImage_Splice
MagickImage_Spread
MagickImage_Statistic
MagickImage_Statistics
MagickImage_Stegano
MagickImage_Stereo
MagickImage_Strip
MagickImage_SubImageSearch
MagickImage_Swirl
MagickImage_Texture
MagickImage_Threshold
MagickImage_Thumbnail
MagickImage_Tint
MagickImage_TotalColors_Get

Sections

.text
Size: 11.4MB - Virtual size: 11.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 361KB - Virtual size: 735KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nevermore v0.1/Nevermore.dll.config
.xml
Nevermore v0.1/Nevermore.exe
.exe windows:6 windows x86

Password: onniforums.com

eee12c6e6a3ca14e4c9bbbb48ad87f88

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
GetTickCount64
DuplicateHandle
QueueUserAPC
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
ResumeThread
GetCurrentThreadId
Sleep
TlsAlloc
GetCurrentThread
CreateThread
WaitForMultipleObjectsEx
SignalObjectAndWait
SetThreadStackGuarantee
VirtualQuery
GetStdHandle
WideCharToMultiByte
GetConsoleOutputCP
MapViewOfFileEx
UnmapViewOfFile
GetStringTypeExW
SetEvent
GetCurrentProcessorNumber
GlobalMemoryStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
SleepEx
GetQueuedCompletionStatus
InterlockedPopEntrySList
GetCurrentProcessorNumberEx
ExitProcess
CreateMemoryResourceNotification
GetProcessAffinityMask
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx
GetLargePageMinimum
VirtualUnlock
ResetWriteWatch
GetWriteWatch
GetLogicalProcessorInformation
SetThreadGroupAffinity
SetThreadAffinityMask
IsProcessInJob
QueryInformationJobObject
K32GetProcessMemoryInfo
VirtualAlloc
VirtualFree
VirtualProtect
SwitchToThread
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
GetFileSize
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateEventW
ResetEvent
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
GetThreadContext
SuspendThread
SetThreadContext
GetEnabledXStateFeatures
InitializeContext
CopyContext
GetSystemDefaultLCID
GetUserDefaultLCID
OutputDebugStringA
RtlUnwind
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
GetACP
LCMapStringEx
LocalFree
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
FindClose
GetModuleFileNameW
FindNextFileW
QueryThreadCycleTime
VirtualAllocExNuma
GetNumaProcessorNodeEx
GetNumaHighestNodeNumber
GetSystemTimes
GetSystemTimeAsFileTime
CreateProcessW
GetCPInfo
LoadLibraryExW
CreateFileW
GetFileAttributesExW
GetTempPathW
GetCurrentDirectoryW
FindFirstFileExW
GetFullPathNameW
OpenProcess
LoadLibraryExA
OpenEventW
ExitThread
HeapReAlloc
CreateNamedPipeA
WaitForMultipleObjects
DisconnectNamedPipe
CreateFileA
CancelIoEx
GetOverlappedResult
ConnectNamedPipe
FlushFileBuffers
CreateFileMappingW
MapViewOfFile
GetActiveProcessorGroupCount
GetSystemTime
SetConsoleCtrlHandler
GetLocaleInfoEx
GetUserDefaultLocaleName
CreateDirectoryW
RemoveDirectoryW
GetFileSizeEx
LoadLibraryA
InitializeCriticalSectionAndSpinCount
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
RaiseFailFastException
FreeLibrary
RaiseException
WaitForSingleObject
TlsSetValue
TlsGetValue
GetSystemInfo
ReadProcessMemory
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetProcessTimes
GetCommandLineW
ReadFile
SetFilePointer
GetProcAddress
GetModuleHandleExW
SetErrorMode
CloseHandle
GetCurrentProcess
FlushProcessWriteBuffers
SetLastError
GetLastError
OutputDebugStringW
SetXStateFeaturesMask
DebugBreak
DecodePointer
GetStringTypeW
IsProcessorFeaturePresent
EncodePointer
TlsFree
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetExitCodeThread
CreateFileMappingA

advapi32

RegGetValueW
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
SetThreadToken
RevertToSelf
OpenThreadToken
EventWriteTransfer
EventWrite

ole32

CoRegisterInitializeSpy
CoInitializeEx
CoCreateGuid
CoTaskMemAlloc
CoRevokeInitializeSpy
CoWaitForMultipleHandles
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoReleaseMarshalData
IIDFromString
CLSIDFromProgID
CoGetMarshalSizeMax
CoMarshalInterface
CoUnmarshalInterface
CreateStreamOnHGlobal
CoGetContextToken
CoGetClassObject
CoCreateFreeThreadedMarshaler
CoGetObjectContext

oleaut32

SafeArrayAllocDescriptorEx
GetRecordInfoFromTypeInfo
SafeArraySetRecordInfo
SafeArrayAllocData
SafeArrayGetElemsize
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
VariantInit
VariantClear
VarCyFromDec
VariantChangeType
SafeArrayGetVartype
LoadTypeLibEx
QueryPathOfRegTypeLi
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetDim
SysAllocStringLen
SysStringLen
SysAllocString
SetErrorInfo
GetErrorInfo
SysFreeString
VariantChangeTypeEx

user32

LoadStringW
MessageBoxW

shell32

ShellExecuteW

api-ms-win-crt-string-l1-1-0

tolower
iswascii
towupper
strcspn
strncmp
wcscat_s
_strnicmp
strncpy_s
_stricmp
wcsncmp
iswupper
towlower
isalpha
isdigit
wcstok_s
strcat_s
strtok_s
isspace
_strdup
isupper
wcscpy_s
strcpy_s
_wcsdup
wcsnlen
strlen
strcmp
islower
iswspace
_wcsnicmp
strncat_s
wcsncat_s
__strncnt
_wcsicmp
strnlen
wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fgets
fclose
_wfopen
fgetc
__stdio_common_vswprintf
__stdio_common_vsscanf
__p__commode
fputws
fputwc
__stdio_common_vfwprintf
_get_stream_buffer_pointers
_fseeki64
__stdio_common_vsnwprintf_s
fread
fputs
fsetpos
fopen
__stdio_common_vsnprintf_s
fwrite
__stdio_common_vfprintf
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
ungetc
__acrt_iob_func
fflush
_wfsopen
_putws
_flushall
setvbuf
_setmode
_dup
_fileno
ftell
fseek
fputc
fgetpos

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
_wcserror
_initialize_wide_environment
_beginthreadex
terminate
_controlfp_s
_invalid_parameter_noinfo
_register_thread_local_exe_atexit_callback
_c_exit
__p___wargv
__p___argc
abort
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_exit
_configure_wide_argv
_initterm_e
_get_initial_wide_environment
_initterm

api-ms-win-crt-convert-l1-1-0

atol
atoi
strtoull
_itow_s
_wtoi
_ltow_s
strtoul
wcstoul
_wcstoui64

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
malloc
calloc
realloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

_CIfmod
_CIcosh
_CIatan2
_CItanh
_libm_sse2_log_precise
_libm_sse2_pow_precise
__libm_sse2_acos
__libm_sse2_asin
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_cos
log2
__libm_sse2_sin
__libm_sse2_exp
ilogb
cbrt
asinh
asinhf
ilogbf
atanhf
cbrtf
acoshf
log2f
_copysign
_libm_sse2_sin_precise
modf
_libm_sse2_log10_precise
_isnan
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
ceil
floor
fma
_fdopen
fmaf
__libm_sse2_log
_finite
_CIsinh
__libm_sse2_log10
_libm_sse2_exp_precise
__libm_sse2_pow
_libm_sse2_cos_precise
frexp
__libm_sse2_tan
_libm_sse2_acos_precise
acosh
_libm_sse2_atan_precise
__setusermatherr
atanh
_libm_sse2_asin_precise

api-ms-win-crt-time-l1-1-0

_time64
wcsftime
_gmtime64_s

api-ms-win-crt-locale-l1-1-0

setlocale
_configthreadlocale
localeconv
__pctype_func
_lock_locales
_unlock_locales
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func

api-ms-win-crt-filesystem-l1-1-0

_wremove
_wrename
_lock_file
_unlock_file

Exports

Exports

CLRJitAttachState
DotNetRuntimeInfo
MetaDataGetDispenser
g_CLREngineMetrics

Sections

.text
Size: 5.3MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CLR_UEF
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nevermore v0.1/PenImc_cor3.dll
.dll regsvr32 windows:6 windows x86

Password: onniforums.com

3aaebb2ecc4766ff962e758eeca44fac

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/05/2023, 19:03

Not After

08/05/2024, 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:13:0a:48:76:6f:62:80:cb:4f:38:4a:cc:7d:40:73:c4:58:82:c5:2a:b6:d2:9d:dc:90:c1:0a:38:4b:c8:64
Signer

Actual PE Digest

88:13:0a:48:76:6f:62:80:cb:4f:38:4a:cc:7d:40:73:c4:58:82:c5:2a:b6:d2:9d:dc:90:c1:0a:38:4b:c8:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetThreadLocale
DeleteCriticalSection
RaiseException
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
CreateEventW
GetCurrentProcessId
OpenEventW
OpenMutexW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEvent
LocalFree
SignalObjectAndWait
IsWow64Process
GetCurrentProcess
OutputDebugStringW
GetThreadLocale
CreateThread
QueueUserAPC
SetWaitableTimer
CancelWaitableTimer
CreateActCtxW
ActivateActCtx
VerSetConditionMask
LoadLibraryW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedFlushSList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateMutexW
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
CreateWaitableTimerW
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwind
GetCurrentThreadId

user32

MsgWaitForMultipleObjectsEx
CharNextW
GetWindowRect
EqualRect
CallNextHookEx
IsWindow
SetWindowsHookExW
MonitorFromWindow
GetParent
GetWindowThreadProcessId
GetDesktopWindow
PeekMessageW
GetMonitorInfoW
UnhookWindowsHookEx
GetSystemMetrics
GetWindow

advapi32

ConvertSidToStringSidW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

ShellExecuteExW

ole32

CoLockObjectExternal
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoGetApartmentType

oleaut32

SysStringLen
RegisterTypeLi
SysFreeString
LoadTypeLi
SysAllocString
VarUI4FromStr
UnRegisterTypeLi

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s
wcscat_s
wcscpy_s
wcsncpy_s

api-ms-win-crt-heap-l1-1-0

_recalloc
realloc
calloc
free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
abort
_invalid_parameter_noinfo
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
terminate
_initialize_narrow_environment
_errno
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

rpcrt4

CStdStubBuffer_AddRef
IUnknown_Release_Proxy
NdrDllUnregisterProxy
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
CStdStubBuffer_QueryInterface
NdrOleAllocate
CStdStubBuffer_DebugServerRelease
NdrDllRegisterProxy
NdrDllGetClassObject
CStdStubBuffer_Disconnect
IUnknown_QueryInterface_Proxy
CStdStubBuffer_IsIIDSupported
NdrDllCanUnloadNow
CStdStubBuffer_Connect
NdrCStdStubBuffer_Release
CStdStubBuffer_CountRefs

Exports

Exports

CreateResetEvent
DestroyResetEvent
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetLastSystemEventData
GetPenEvent
GetPenEventMultiple
GetProxyDllInfo
LockWispObjectFromGit
RaiseResetEvent
RegisterDllForSxSCOM
UnlockWispObjectFromGit

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nevermore v0.1/PresentationNative_cor3.dll
.dll windows:6 windows x86

Password: onniforums.com

7f0988fd4ed27c9c5e802e628d498c87

Code Sign

33:00:00:03:7b:a1:0a:3e:cb:66:e9:01:c0:00:00:00:00:03:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/05/2023, 19:03

Not After

08/05/2024, 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:45:fb:a8:e1:25:0c:15:0a:aa:a1:e9:cf:b4:c2:6c:e7:da:32:df:9c:bd:70:50:11:c9:ff:cb:2b:ee:b4:61
Signer

Actual PE Digest

e8:45:fb:a8:e1:25:0c:15:0a:aa:a1:e9:cf:b4:c2:6c:e7:da:32:df:9c:bd:70:50:11:c9:ff:cb:2b:ee:b4:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
IsProcessorFeaturePresent
LoadLibraryW
GetProcAddress
VerSetConditionMask
SetUnhandledExceptionFilter
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
UnhandledExceptionFilter
GetCurrentProcess
DeleteCriticalSection
DisableThreadLibraryCalls
FreeLibrary
InitializeCriticalSection
OutputDebugStringW
GetCurrentThread
TerminateThread
InitializeCriticalSectionEx
GlobalDeleteAtom
OutputDebugStringA
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedFlushSList
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
GetLastError

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm

api-ms-win-crt-heap-l1-1-0

malloc
free
calloc

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp
iswpunct

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

ntdll

DbgPrompt
NtQuerySystemInformation
DbgPrintEx
DbgBreakPoint
RtlUnwind

user32

GetKeyboardLayoutList
SetWindowLongW
SetScrollPos
SetFocus
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
GetWindowLongW
GetWindow
GetParent
GetMenuBarInfo
GetAncestor
FindWindowExW
EnableWindow

gdi32

GetTextExtentPoint32W

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear

Exports

Exports

CreateDocContext
CreateInstalledObjectsInfo
CreateTextAnalysisSink
CreateTextAnalysisSource
DestroyDocContext
DestroyInstalledObjectsInfo
EnableWindowWrapper
FindWindowExWrapper
FsAddFigureObstacle
FsClearUpdateInfoInPage
FsClearUpdateInfoInSubpage
FsClearUpdateInfoInSubtrack
FsClearUpdateInfoInTableSrv
FsCommitFilledRectangle
FsCompareSubpages
FsCompareSubtrack
FsCompareTableSrv
FsCreateDocContext
FsCreateDummyFootnoteRejector
FsCreatePageBottomless
FsCreatePageFinite
FsCreateSubpageBottomless
FsCreateSubpageFinite
FsDestroyDocContext
FsDestroyFootnoteRejector
FsDestroyPage
FsDestroyPageBreakRecord
FsDestroySubpage
FsDestroySubpageBreakRecord
FsDestroySubtrack
FsDestroySubtrackBreakRecord
FsDestroyTableSrv
FsDestroyTableSrvBreakRecord
FsDuplicateGeometry
FsDuplicatePageBreakRecord
FsDuplicateSubpageBreakRecord
FsDuplicateSubtrackBreakRecord
FsDuplicateTableSrvBreakRecord
FsFAllFootnotesAllowed
FsFFootnoteAllowed
FsFormatSubtrackBottomless
FsFormatSubtrackFinite
FsFormatTableSrvBottomless
FsFormatTableSrvFinite
FsGetClientHandle
FsGetColumnRectangle
FsGetEmptySpaces
FsGetFigureObstacleData
FsGetFloaterFsimethods
FsGetIntervals
FsGetMaxNumberEmptySpaces
FsGetMaxNumberIntervals
FsGetNextTick
FsGetNumberSubpageFootnotes
FsGetNumberSubtrackFootnotes
FsGetPageRectangle
FsGetShiftOffset
FsGetSubpageColumnBalancingInfo
FsGetSubpageFootnoteInfo
FsGetSubtrackColumnBalancingInfo
FsGetSubtrackFootnoteInfo
FsGetTableObjFsimethods
FsGetTableSrvColumnBalancingInfo
FsGetTableSrvFootnoteInfo
FsGetTableSrvNumberFootnotes
FsJustifySubpage
FsQueryAttachedObjectList
FsQueryCompositeColumnDetails
FsQueryCompositeColumnFootnoteList
FsQueryDcpLineVariantsFromCachedTextPara
FsQueryEndnoteColumnDetails
FsQueryFigureObjectDetails
FsQueryFloaterDetails
FsQueryFootnoteColumnDetails
FsQueryFootnoteColumnTrackList
FsQueryHeightDefinedColumnSpanAreaList
FsQueryLineCompositeElementList
FsQueryLineListComposite
FsQueryLineListSingle
FsQueryPageDetails
FsQueryPageFootnoteColumnList
FsQueryPageSectionList
FsQuerySectionBasicColumnList
FsQuerySectionCompositeColumnList
FsQuerySectionDetails
FsQuerySectionEndnoteColumnList
FsQuerySegmentDefinedColumnSpanAreaList
FsQuerySubpageBasicColumnList
FsQuerySubpageDetails
FsQuerySubpageHeightDefinedColumnSpanAreaList
FsQuerySubpageSegmentDefinedColumnSpanAreaList
FsQuerySubtrackDetails
FsQuerySubtrackParaList
FsQueryTableObjCellList
FsQueryTableObjDetails
FsQueryTableObjFigureCountWord
FsQueryTableObjFigureListWord
FsQueryTableObjRowDetails
FsQueryTableObjRowList
FsQueryTableObjTableProperDetails
FsQueryTableSrvCellList
FsQueryTableSrvRowDetails
FsQueryTableSrvRowList
FsQueryTableSrvTableDetails
FsQueryTextDetails
FsQueryTrackDetails
FsQueryTrackParaList
FsRegisterFloatObstacle
FsReleaseGeometry
FsResolveOverlap
FsRestoreGeometry
FsShiftSubtrackVertical
FsSynchronizeBottomlessSubtrack
FsTransferDisplayInfoSubpage
FsTransferDisplayInfoSubtrack
FsTransferDisplayInfoTableSrv
FsTransformBbox
FsTransformPoint
FsTransformRectangle
FsTransformVector
FsUpdateBottomlessPage
FsUpdateBottomlessSubpage
FsUpdateBottomlessSubtrack
FsUpdateBottomlessTableSrv
FsUpdateFinitePage
GetAncestorWrapper
GetFloaterHandlerInfo
GetKeyboardLayoutListWrapper
GetMenuBarInfoWrapper
GetNumberSubstitutionList
GetParentWrapper
GetScriptAnalysisList
GetTableObjHandlerInfo
GetTextExtentPoint32Wrapper
GetWindowLongPtrWrapper
GetWindowLongWrapper
GetWindowTextLengthWrapper
GetWindowTextWrapper
GetWindowWrapper
GlobalDeleteAtomWrapper
IsPrintPackageTargetSupported
IsStartXpsPrintJobSupported
IsWindows10OrGreater
IsWindows10RS1OrGreater
IsWindows10RS2OrGreater
IsWindows10RS3OrGreater
IsWindows10RS4OrGreater
IsWindows10RS5OrGreater
IsWindows10TH1OrGreater
IsWindows10TH2OrGreater
IsWindows7OrGreater
IsWindows7SP1OrGreater
IsWindows8OrGreater
IsWindows8Point1OrGreater
IsWindowsServer
IsWindowsVistaOrGreater
IsWindowsVistaSP1OrGreater
IsWindowsVistaSP2OrGreater
IsWindowsXPOrGreater
IsWindowsXPSP1OrGreater
IsWindowsXPSP2OrGreater
IsWindowsXPSP3OrGreater
LateBoundStartXpsPrintJob
LoAcquireBreakRecord
LoAcquirePenaltyModule
LoCloneBreakRecord
LoCreateBreaks
LoCreateContext
LoCreateLine
LoCreateParaBreakingSession
LoDestroyContext
LoDisplayLine
LoDisposeBreakRecord
LoDisposeLine
LoDisposeParaBreakingSession
LoDisposePenaltyModule
LoEnumLine
LoGetEscString
LoGetPenaltyModuleInternalHandle
LoQueryLineCpPpoint
LoQueryLinePointPcp
LoRelievePenaltyResource
LoSetBreaking
LoSetDoc
LoSetTabs
LocbkGetObjectHandlerInfo
MILGetClassificationTables
MapWindowPointsWrapper
NlCreateHyphenator
NlDestroyHyphenator
NlGetClassObject
NlHyphenate
NlLoad
NlUnload
PrintToPackageTarget
SetFocusWrapper
SetScrollPosWrapper
SetWindowLongPtrWrapper
SetWindowLongWrapper

Sections

.text
Size: 763KB - Virtual size: 762KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nevermore v0.1/vcruntime140_cor3.dll
.dll windows:6 windows x86

Password: onniforums.com

2262054530b5f8bbeb0c4e3a111a37eb

Code Sign

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/02/2023, 22:33

Not After

31/01/2024, 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:f2:51:e7:47:e0:9d:52:6a:87:e3:ae:c0:70:e0:44:0d:8b:50:0b:96:b7:20:68:71:71:2f:d7:ae:ea:98:24
Signer

Actual PE Digest

b5:f2:51:e7:47:e0:9d:52:6a:87:e3:ae:c0:70:e0:44:0d:8b:50:0b:96:b7:20:68:71:71:2f:d7:ae:ea:98:24

Digest Algorithm

sha256

PE Digest Matches

true

b5:f2:51:e7:47:e0:9d:52:6a:87:e3:ae:c0:70:e0:44:0d:8b:50:0b:96:b7:20:68:71:71:2f:d7:ae:ea:98:24
Signer

Actual PE Digest

b5:f2:51:e7:47:e0:9d:52:6a:87:e3:ae:c0:70:e0:44:0d:8b:50:0b:96:b7:20:68:71:71:2f:d7:ae:ea:98:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

LeaveCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
TlsGetValue
DeleteCriticalSection
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsSetValue

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nevermore v0.1/wpfgfx_cor3.dll
.dll windows:6 windows x86

Password: onniforums.com

c587d57721ee7e3073d76f4972fc0c97

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/05/2023, 19:03

Not After

08/05/2024, 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:0c:98:8b:1b:3d:12:5e:c4:ca:b9:ef:9b:2f:27:fc:b9:35:cb:b3:fe:c1:dc:77:de:1b:2c:ae:56:48:8a:d3
Signer

Actual PE Digest

1f:0c:98:8b:1b:3d:12:5e:c4:ca:b9:ef:9b:2f:27:fc:b9:35:cb:b3:fe:c1:dc:77:de:1b:2c:ae:56:48:8a:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
ResetEvent
TryEnterCriticalSection
MulDiv
QueryPerformanceCounter
Sleep
FindResourceW
LoadResource
LockResource
GlobalUnlock
QueryPerformanceFrequency
InitializeSListHead
InterlockedPushEntrySList
QueryDepthSList
InterlockedFlushSList
SleepEx
RtlCaptureStackBackTrace
IsDebuggerPresent
ExitProcess
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
TerminateThread
GetCurrentThread
GetCurrentProcessId
SetThreadPriority
GetSystemInfo
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
LoadLibraryExW
FindClose
FindFirstFileW
GetSystemDirectoryW
SystemTimeToFileTime
LoadLibraryA
LoadLibraryExA
DebugBreak
GetModuleFileNameW
FreeLibrary
CreateThread
OutputDebugStringW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetLastError
GetVersionExW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionAndSpinCount
GetLastError
ReleaseSRWLockExclusive
GetLocaleInfoEx
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
WaitForSingleObjectEx
RaiseException
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DisableThreadLibraryCalls
IsProcessorFeaturePresent
TerminateProcess
EncodePointer
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualProtect
GetModuleHandleW
VerSetConditionMask
VirtualAlloc
VirtualFree
CreateFileMappingW
MapViewOfFile
GetProcAddress
UnmapViewOfFile
SizeofResource
GetTickCount
WaitForMultipleObjects
VirtualQuery

advapi32

TraceEvent
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
AllocateLocallyUniqueId
TraceMessage
UnregisterTraceGuids

user32

ClientToScreen
EnumDisplayMonitors
OffsetRect
MonitorFromWindow
SetLayeredWindowAttributes
WindowFromDC
GetWindowRect
GetMonitorInfoW
SystemParametersInfoW
InvalidateRect
GetWindowLongW
GetParent
ScreenToClient
UpdateLayeredWindow
IsWindow
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
GetDesktopWindow
GetClientRect
EnumDisplayDevicesW
GetWindowDC
GetDC
EnumDisplaySettingsW
ReleaseDC
RegisterWindowMessageW
PostMessageW
IsRectEmpty
SetRect
IntersectRect
EqualRect
GetGuiResources

gdi32

CreatePalette
GetSystemPaletteEntries
SelectPalette
GetDIBits
RealizePalette
OffsetRgn
GetRandomRgn
CreateCompatibleDC
CreateCompatibleBitmap
GetRgnBox
SetRectRgn
CreateRectRgn
GetRegionData
RectInRegion
CombineRgn
CreateRectRgnIndirect
SelectObject
CreateDIBSection
DeleteObject
CreateICW
GetDeviceCaps
DeleteDC
BitBlt
SetLayout

ole32

CoCreateInstance
CoTaskMemAlloc
PropVariantCopy
PropVariantClear
CoUninitialize
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

d3dcompiler_47_cor3

D3DCompile

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_crt_atexit
abort
terminate
_cexit
_initialize_onexit_table
_initterm
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_execute_onexit_table
_register_onexit_function
_initterm_e

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_isnan
_finite
_libm_sse2_log_precise
_CIfmod
_CIatan2
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
nextafterf
_libm_sse2_tan_precise
_copysign
floor
modf
_libm_sse2_exp_precise

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

ntdll

RtlInitializeBitMap
RtlClearBits
NtQuerySystemInformation
RtlUnwind
RtlFindClearBitsAndSet
RtlSetBits
DbgPrintEx
RtlInterlockedFlushSList
DbgPrompt
DbgBreakPoint

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

GetNextPerfElementId
IWICColorContext_GetExifColorSpace_Proxy
IWICColorContext_GetProfileBytes_Proxy
IWICColorContext_GetType_Proxy
InteropDeviceBitmap_AddDirtyRect
InteropDeviceBitmap_Create
InteropDeviceBitmap_Detach
InteropDeviceBitmap_GetAsSoftwareBitmap
MIL3DCalcProjected2DBounds
MILAddRef
MILCreateEventProxy
MILCreateFactory
MILCreateStreamFromStreamDescriptor
MILFactoryCreateBitmapRenderTarget
MILFactoryCreateMediaPlayer
MILFactoryCreateSWRenderTargetForBitmap
MILIStreamWrite
MILLoadResource
MILMediaCanPause
MILMediaClose
MILMediaGetBufferingProgress
MILMediaGetDownloadProgress
MILMediaGetMediaLength
MILMediaGetNaturalHeight
MILMediaGetNaturalWidth
MILMediaGetPosition
MILMediaHasAudio
MILMediaHasVideo
MILMediaIsBuffering
MILMediaNeedUIFrameUpdate
MILMediaOpen
MILMediaProcessExitHandler
MILMediaSetBalance
MILMediaSetIsScrubbingEnabled
MILMediaSetPosition
MILMediaSetRate
MILMediaSetVolume
MILMediaShutdown
MILMediaStop
MILQueryInterface
MILRelease
MILRenderTargetBitmapClear
MILRenderTargetBitmapGetBitmap
MILSwDoubleBufferedBitmapAddDirtyRect
MILSwDoubleBufferedBitmapCreate
MILSwDoubleBufferedBitmapGetBackBuffer
MILSwDoubleBufferedBitmapProtectBackBuffer
MILUpdateSystemParametersInfo
MilChannel_AppendCommandData
MilChannel_BeginCommand
MilChannel_CloseBatch
MilChannel_CommitChannel
MilChannel_EndCommand
MilChannel_GetMarshalType
MilChannel_SetNotificationWindow
MilChannel_SetReceiveBroadcastMessages
MilCompositionEngine_DeinitializePartitionManager
MilCompositionEngine_EnterCompositionEngineLock
MilCompositionEngine_ExitCompositionEngineLock
MilCompositionEngine_GetComposedEventId
MilCompositionEngine_InitializePartitionManager
MilCompositionEngine_UpdateSchedulerSettings
MilComposition_PeekNextMessage
MilComposition_SyncFlush
MilComposition_WaitForNextMessage
MilConnection_CreateChannel
MilConnection_DestroyChannel
MilContent_AttachToHwnd
MilContent_DetachFromHwnd
MilGlyphRun_GetGlyphOutline
MilGlyphRun_ReleasePathGeometryData
MilPlayer_Create
MilPlayer_Process
MilResource_CreateCWICWrapperBitmap
MilResource_CreateOrAddRefOnChannel
MilResource_DuplicateHandle
MilResource_GetRefCountOnChannel
MilResource_ReleaseOnChannel
MilResource_SendCommand
MilResource_SendCommandBitmapSource
MilResource_SendCommandMedia
MilUtility_ArcToBezier
MilUtility_CopyPixelBuffer
MilUtility_GeometryGetArea
MilUtility_GetPointAtLengthFraction
MilUtility_GetTileBrushMapping
MilUtility_PathGeometryBounds
MilUtility_PathGeometryCombine
MilUtility_PathGeometryFlatten
MilUtility_PathGeometryHitTest
MilUtility_PathGeometryHitTestPathGeometry
MilUtility_PathGeometryOutline
MilUtility_PathGeometryWiden
MilUtility_PolygonBounds
MilUtility_PolygonHitTest
MilVersionCheck
MilVisualTarget_AttachToHwnd
MilVisualTarget_DetachFromHwnd
RenderOptions_ForceSoftwareRenderingModeForProcess
RenderOptions_IsSoftwareRenderingForcedForProcess
SetMilPerfInstrumentationFlags
WgxConnection_Create
WgxConnection_Disconnect
WgxConnection_SameThreadPresent
WgxConnection_ShouldForceSoftwareForGraphicsStreamClient

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: onniforums.com

Password: onniforums.com

7f269ea2d96d8d376f2c7642ddadc7bc

Code Sign

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

c5:2f:2c:ef:c1:ff:cb:1d:a4:74:54:24:92:77:1b:44:ab:2a:fc:2e:3a:f7:4c:b7:7c:28:32:f4:57:06:82:80Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.data Size: 38KB - Virtual size: 72KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 124KB - Virtual size: 124KB

Password: onniforums.com

5b1bd215473769a8e20ac301e8e4b2f9

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

e4:24:b6:4c:66:e5:e9:e4:77:56:08:ac:4c:4a:41:3dCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

8a:f9:c2:ee:46:d0:3a:ec:63:95:33:01:8c:07:9e:63:92:19:4c:20:95:a2:1a:b5:6d:42:9b:04:0f:6d:ac:6dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

urlmon

ws2_32

gdiplus

bcrypt

gdi32

shell32

ole32

dnsapi

iphlpapi

Exports

Exports

Sections

.text Size: 11.4MB - Virtual size: 11.4MB

.rdata Size: 6.2MB - Virtual size: 6.2MB

.data Size: 361KB - Virtual size: 735KB

.rsrc Size: 95KB - Virtual size: 94KB

.reloc Size: 385KB - Virtual size: 384KB

Password: onniforums.com

eee12c6e6a3ca14e4c9bbbb48ad87f88

Headers

DLL Characteristics

File Characteristics

Imports

33:00:00:04:91:64:62:f3:b7:3e:e2:0c:cd:00:00:00:00:04:91
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

c5:2f:2c:ef:c1:ff:cb:1d:a4:74:54:24:92:77:1b:44:ab:2a:fc:2e:3a:f7:4c:b7:7c:28:32:f4:57:06:82:80
Signer

.text
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 38KB - Virtual size: 72KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 124KB - Virtual size: 124KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

e4:24:b6:4c:66:e5:e9:e4:77:56:08:ac:4c:4a:41:3d
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

8a:f9:c2:ee:46:d0:3a:ec:63:95:33:01:8c:07:9e:63:92:19:4c:20:95:a2:1a:b5:6d:42:9b:04:0f:6d:ac:6d
Signer

.text
Size: 11.4MB - Virtual size: 11.4MB

.rdata
Size: 6.2MB - Virtual size: 6.2MB

.data
Size: 361KB - Virtual size: 735KB

.rsrc
Size: 95KB - Virtual size: 94KB

.reloc
Size: 385KB - Virtual size: 384KB

.text
Size: 5.3MB - Virtual size: 5.3MB

.CLR_UEF
Size: 512B - Virtual size: 68B

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 20KB - Virtual size: 72KB

.didat
Size: 512B - Virtual size: 28B

_RDATA
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.reloc
Size: 268KB - Virtual size: 268KB

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

88:13:0a:48:76:6f:62:80:cb:4f:38:4a:cc:7d:40:73:c4:58:82:c5:2a:b6:d2:9d:dc:90:c1:0a:38:4b:c8:64
Signer

.text
Size: 82KB - Virtual size: 82KB

.orpc
Size: 512B - Virtual size: 228B

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 6KB - Virtual size: 6KB

33:00:00:03:7b:a1:0a:3e:cb:66:e9:01:c0:00:00:00:00:03:7b
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e8:45:fb:a8:e1:25:0c:15:0a:aa:a1:e9:cf:b4:c2:6c:e7:da:32:df:9c:bd:70:50:11:c9:ff:cb:2b:ee:b4:61
Signer