blankgrabber | waveexternal[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

waveexternal.rar
Size

7.2MB
MD5

4e5a0a47b21071de9abf3e3182388729
SHA1

e6d239f76633afa6d3575a9e6aaf96d59c8e3850
SHA256

bb9706ac9c0d361420d082456e456d712cd1b0c5b0786f2018f8c0d90bb841d4
SHA512

687de6e3e3196368127ec2cbbf29b1806d7c05a90c434051e38140661525357abaa8b3c806a30a4f19205ca234be8bd8b85c2a09f5703e63db9377a50d8ef752
SSDEEP

196608:p/nJ4B/wgkf68EWDqBCmMtBXHzoIVvhATcUTq/ySUbpWnz:pf+B/wnfMtiXHzhOVYyvGz

Score

10^/10

blankgrabber

Malware Config

Signatures

A stealer written in Python and packaged with Pyinstaller 1 IoCs

resource	yara_rule
static1/unpack002/�ku_�q�.pyc	blankgrabber

Blankgrabber family
blankgrabber

Files

waveexternal.rar
.rar

Password: lol
waveexternal/Injector.exe
.exe windows:5 windows x64

Password: lol

20d446c1cb128febd23deb17efb67cf6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

29/09/2021, 00:00

Not After

28/09/2024, 23:59

Subject

SERIALNUMBER=407950,CN=Akeo Consulting,O=Akeo Consulting,ST=Donegal,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8c:06:d7:1d:55:46:d4:76:f8:e0:2e:42:6e:90:00:63:4f:10:b0:5b:ef:dd:f9:29:d7:c6:b0:80:41:2d:e2:c2
Signer

Actual PE Digest

8c:06:d7:1d:55:46:d4:76:f8:e0:2e:42:6e:90:00:63:4f:10:b0:5b:ef:dd:f9:29:d7:c6:b0:80:41:2d:e2:c2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
�ku_�q�.pyc
waveexternal/_aWaveexternal.bat
waveexternal/_bz2.pyd
.dll windows:6 windows x64

Password: lol

d0a62ab71a2b2ca69c6aba1f0a37fcdd

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:62:51:a5:02:4d:e8:1a:d4:95:45:40:ac:7e:6e:7b:40:d9:8a:a0:f3:e1:b4:1d:84:8c:8a:31:21:74:8f:e3
Signer

Actual PE Digest

b9:62:51:a5:02:4d:e8:1a:d4:95:45:40:ac:7e:6e:7b:40:d9:8a:a0:f3:e1:b4:1d:84:8c:8a:31:21:74:8f:e3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python311

_PyLong_AsInt
PyModule_GetState
PyExc_SystemError
PyMem_Realloc
PyType_FromModuleAndSpec
PyBytes_FromStringAndSize
PyModuleDef_Init
PyExc_OSError
PyErr_NoMemory
PyMem_Free
PyThread_free_lock
PyList_Append
PyExc_EOFError
_PyNumber_Index
PyObject_GetBuffer
PyMem_RawFree
PyBuffer_Release
PyThread_release_lock
PyEval_RestoreThread
PyMem_Malloc
_Py_Dealloc
PyList_New
PyModule_AddType
PyErr_Format
PyExc_ValueError
_PyArg_UnpackKeywords
PyErr_SetString
_PyArg_BadArgument
PyThread_acquire_lock
_PyArg_NoPositional
PyMem_RawMalloc
PyThread_allocate_lock
PyExc_MemoryError
PyErr_SetNone
PyBuffer_IsContiguous
PyExc_RuntimeError
PyEval_SaveThread
PyErr_Occurred
_PyArg_CheckPositional
PyLong_AsSsize_t
_PyArg_NoKeywords
PyType_GenericNew

vcruntime140

memmove
memcpy
__std_type_info_destroy_list
__C_specific_handler
memset

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
exit
_execute_onexit_table
_cexit
_initterm

api-ms-win-crt-heap-l1-1-0

free
malloc

kernel32

GetCurrentProcessId
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Exports

Exports

PyInit__bz2

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
waveexternal/_ctypes.pyd
.dll windows:6 windows x64

Password: lol

e716aa549ea6dfb7b233942c7f07ff87

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:94:13:8d:c9:ff:eb:67:52:d8:c6:99:0c:2d:a0:5a:f9:1d:c4:19:3f:7e:51:40:0a:89:3a:88:8c:cc:d0:65
Signer

Actual PE Digest

ad:94:13:8d:c9:ff:eb:67:52:d8:c6:99:0c:2d:a0:5a:f9:1d:c4:19:3f:7e:51:40:0a:89:3a:88:8c:cc:d0:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libffi-8

ffi_type_sint8
ffi_type_uint8
ffi_type_float
ffi_type_uint64
ffi_type_uint32
ffi_type_double
ffi_type_uint16
ffi_type_sint32
ffi_call
ffi_type_sint64
ffi_type_void
ffi_prep_cif
ffi_prep_closure
ffi_type_sint16
ffi_type_pointer

ole32

ProgIDFromCLSID

oleaut32

SysStringLen
SysFreeString
GetErrorInfo
SysAllocStringLen

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetSystemInfo
VirtualAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
LoadLibraryExW
FreeLibrary
LocalFree
QueryPerformanceCounter
FormatMessageW
DisableThreadLibraryCalls
GetProcAddress
SetLastError
GetLastError

python311

_PyObject_LookupAttrId
PyExc_ValueError
_Py_CheckRecursiveCall
PyDict_Next
PyErr_Format
PyDict_Type
PyModule_AddType
PyType_IsSubtype
PyExc_OverflowError
_Py_Dealloc
PyLong_AsUnsignedLongMask
PyTuple_GetItem
PySequence_GetSlice
PyDescr_NewGetSet
PyErr_ExceptionMatches
_PyUnicode_FromId
PyModule_AddObjectRef
PySequence_SetItem
_PyArg_ParseTuple_SizeT
PyObject_CallFunctionObjArgs
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyObject_GetBuffer
PySys_Audit
PyList_New
PyModule_Create2
PyType_Ready
PyObject_GetAttrString
PyErr_NewException
PyErr_Clear
_PyDict_GetItemIdWithError
PyObject_GenericSetAttr
PyDict_SetItem
PyDict_New
_PyLong_Sign
PyObject_VectorcallMethod
PyObject_IsInstance
PyMem_Free
PyLong_FromVoidPtr
PyUnicode_AsWideChar
PyErr_NoMemory
_PyRuntime
PyLong_AsVoidPtr
PyObject_CallObject
PyIndex_Check
PyBytes_FromStringAndSize
PyDict_DelItem
PyNumber_AsSsize_t
_PyObject_MakeTpCall
PyUnicode_New
_PyWeakref_ProxyType
PyExc_TypeError
PyTuple_Pack
PyCallable_Check
PyMem_Malloc
PyExc_IndexError
PyArg_UnpackTuple
PyUnicode_FromString
PyBuffer_Release
PyType_Type
PySequence_Tuple
PyEval_RestoreThread
PyUnicode_FromStringAndSize
PyErr_WarnEx
PyExc_RuntimeWarning
PyOS_vsnprintf
PyImport_ImportModule
PyObject_GC_UnTrack
PySys_GetObject
PyGILState_Release
PyErr_WriteUnraisable
Py_Initialize
PyObject_GC_Del
PyLong_AsLong
PyObject_Vectorcall
Py_IsInitialized
PyFile_WriteString
PyObject_GC_Track
PyGILState_Ensure
_PyObject_GC_NewVar
PyErr_Print
PyMem_Calloc
PyErr_SetObject
PyObject_CallOneArg
PyLong_AsUnsignedLong
PyErr_SetString
PyCapsule_IsValid
PyBytes_AsString
PyErr_NormalizeException
PyUnicode_AppendAndDel
Py_BuildValue
PyErr_SetFromWindowsErr
PyUnicode_FromFormatV
PyFloat_FromDouble
PyObject_CallFunction
PyTuple_Type
PyObject_Free
PyCapsule_GetPointer
PyErr_Fetch
PyUnicode_AsWideCharString
_PyObject_GetAttrId
PyThreadState_GetDict
PyCapsule_New
PyUnicode_Type
_PyTraceback_Add
_PyUnicode_IsPrintable
PyExc_OSError
_PyObject_New
PyMem_Realloc
PyObject_Str
PyExc_FileNotFoundError
PyObject_Call
PyArg_ParseTuple
PyBool_FromLong
PyLong_FromUnsignedLongLong
PyFloat_AsDouble
PyLong_FromLongLong
PyLong_FromUnsignedLong
PyLong_AsUnsignedLongLongMask
PyFloat_Unpack4
PyFloat_Pack4
PyObject_IsTrue
PyFloat_Pack8
PyByteArray_Type
PyFloat_Unpack8
PyObject_GetAttr
PySequence_Fast
PyTuple_Size
_PyDict_SizeOf
_PyLong_AsInt
_Py_CheckFunctionResult
PyTuple_GetSlice
PyExc_AttributeError
PyMemoryView_FromObject
PyDict_SetItemString
PyTuple_New
_PyDict_ContainsId
_Py_NoneStruct
PyDict_Contains
PyDict_GetItemWithError
_PyDict_SetItemId
_PyErr_WriteUnraisableMsg
PyBuffer_IsContiguous
PyUnicode_Concat
PySlice_Unpack
PyLong_FromLong
PyObject_SetAttrString
PyExc_RuntimeError
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
_PyWeakref_CallableProxyType
_PyUnicode_EqualToASCIIString
PyLong_FromSsize_t
PyWeakref_NewProxy
PyErr_Occurred
PyDict_Update
PySequence_GetItem
PySlice_Type
PyLong_AsSsize_t
_PyArg_NoKeywords
PyType_GenericNew
_PyObject_SetAttrId
_PyObject_CallFunction_SizeT
_Py_BuildValue_SizeT
PyExc_Exception
PySlice_AdjustIndices
PyDescr_NewClassMethod
PyUnicode_InternFromString
PyObject_SetAttr
PySequence_Size
Py_GenericAlias
PyType_GetName
PyUnicode_FromWideChar
PyObject_IsSubclass

vcruntime140

memcmp
__std_type_info_destroy_list
__C_specific_handler
strchr
memcpy
memset
memmove

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

_errno
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

api-ms-win-crt-string-l1-1-0

iswctype

Exports

Exports

DllCanUnloadNow
DllGetClassObject
PyInit__ctypes

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
waveexternal/_decimal.pyd
.dll windows:6 windows x64

Password: lol

73c2b50451f272a440f47564c3cbd631

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:b6:bb:34:0c:ac:75:6f:fb:38:77:e7:82:f7:6c:76:a3:d6:5a:6c:bd:e1:6b:57:0f:f7:b9:9f:51:07:bd:ec
Signer

Actual PE Digest

0c:b6:bb:34:0c:ac:75:6f:fb:38:77:e7:82:f7:6c:76:a3:d6:5a:6c:bd:e1:6b:57:0f:f7:b9:9f:51:07:bd:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python311

_PyUnicode_IsWhitespace
PyObject_CallMethod
PyObject_IsInstance
PyMem_Free
PyErr_NoMemory
PyObject_CallObject
PyComplex_Type
_Py_NotImplementedStruct
PyUnicode_Compare
PyArg_ParseTupleAndKeywords
_PyObject_New
PyExc_TypeError
PyMem_Realloc
PyModule_AddStringConstant
PyUnicode_AsUTF8String
PyTuple_Pack
PyObject_HashNotImplemented
_PyUnicode_Ready
PyMem_Malloc
PyList_AsTuple
_Py_TrueStruct
PyUnicode_FromString
PyList_GetItem
PyUnicode_CompareWithASCIIString
PyType_Type
PyArg_ParseTuple
PyContextVar_New
PyFloat_FromString
PyExc_ArithmeticError
PyErr_Format
PyLong_FromUnsignedLong
PyExc_ValueError
PyContextVar_Set
PyObject_CallFunction
PyExc_ZeroDivisionError
PyErr_SetString
PyUnicode_FromWideChar
PyList_Size
PyDict_New
PyDict_SetItem
_Py_HashPointer
PyObject_GenericSetAttr
_PyLong_New
PyTuple_Size
PyList_Append
PyErr_Clear
PyUnicode_New
PyExc_AttributeError
PyErr_NewException
PyObject_GetAttrString
PyType_Ready
_PyUnicode_ToDecimalDigit
PyFloat_FromDouble
PyDict_Size
PyDict_SetItemString
PyModule_Create2
PyList_New
PyUnicode_FromFormat
PyLong_AsLong
PyObject_CallFunctionObjArgs
PyModule_AddObject
PyComplex_AsCComplex
PyObject_Free
_Py_Dealloc
PyExc_OverflowError
PyType_IsSubtype
PyLong_Type
PyTuple_New
PyFloat_Type
_Py_FalseStruct
_PyLong_GCD
PyTuple_Type
_Py_NoneStruct
PyFloat_AsDouble
PyComplex_FromDoubles
PyDict_GetItemWithError
Py_BuildValue
PyContextVar_Get
PyLong_FromLong
PyExc_RuntimeError
PyUnicode_AsUTF8AndSize
PyObject_GenericGetAttr
PyUnicode_DecodeUTF8
PyLong_FromSsize_t
PyErr_Occurred
PyImport_ImportModule
PyExc_KeyError
PyLong_AsSsize_t
_Py_ascii_whitespace
PyType_GenericNew
PyModule_AddIntConstant
PyBool_FromLong
PyErr_SetObject
PyUnicode_InternFromString
PyObject_IsTrue
PyBaseObject_Type

vcruntime140

strchr
memmove
memcpy
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-convert-l1-1-0

strtoll
mbstowcs

api-ms-win-crt-math-l1-1-0

log10
copysign
ceil
_dclass

api-ms-win-crt-stdio-l1-1-0

fputc
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

abort
_initterm_e
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_errno

api-ms-win-crt-string-l1-1-0

tolower
isupper
isdigit

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
free

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RtlCaptureContext

Exports

Exports

PyInit__decimal

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
waveexternal/_hashlib.pyd
.dll windows:6 windows x64

Password: lol

b3b294bbb4a8941fd67b11ccbe0be65b

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:ad:4f:90:57:c7:15:2a:fa:32:a7:73:0f:99:fc:79:8e:00:91:3a:08:36:6a:97:0c:90:dc:8c:60:07:9f:21
Signer

Actual PE Digest

ec:ad:4f:90:57:c7:15:2a:fa:32:a7:73:0f:99:fc:79:8e:00:91:3a:08:36:6a:97:0c:90:dc:8c:60:07:9f:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libcrypto-1_1

EVP_DigestInit_ex
ERR_func_error_string
HMAC
EVP_MD_CTX_md
HMAC_Update
HMAC_Init_ex
EVP_MD_block_size
EVP_MD_CTX_copy
EVP_MD_CTX_set_flags
EVP_PBE_scrypt
OBJ_nid2ln
ERR_clear_error
EVP_DigestUpdate
EVP_MD_CTX_free
ERR_peek_last_error
HMAC_CTX_free
CRYPTO_memcmp
OBJ_nid2sn
HMAC_Final
ERR_reason_error_string
EVP_MD_size
ERR_lib_error_string
EVP_DigestFinalXOF
FIPS_mode
EVP_DigestFinal
EVP_MD_CTX_new
PKCS5_PBKDF2_HMAC
HMAC_CTX_new
HMAC_CTX_get_md
EVP_MD_flags
EVP_MD_type
HMAC_CTX_copy
EVP_MD_do_all
EVP_get_digestbyname

python311

PyType_FromSpecWithBases
PyErr_Clear
PyDict_SetItem
PyDict_New
PyThread_free_lock
PyMem_Free
PyFrozenSet_New
PyErr_NoMemory
PyDict_GetItem
PyModuleDef_Init
_Py_hashtable_set
PyBytes_FromStringAndSize
PyType_FromSpec
_PyObject_New
PyExc_TypeError
PyObject_IsTrue
_PyUnicode_Ready
PyMem_Malloc
PyModule_GetState
PyUnicode_FromString
_Py_strhex
PyBuffer_Release
_Py_hashtable_get
PyEval_RestoreThread
_Py_hashtable_new_full
PyErr_NewException
PyObject_GetAttrString
PyObject_GetBuffer
PyUnicode_FromFormat
PyLong_AsLong
PyObject_CheckBuffer
PyModule_AddObject
PyModule_AddObjectRef
PyThread_release_lock
PyObject_Free
_Py_Dealloc
PyExc_OverflowError
PyModule_AddType
PyErr_Format
_Py_hashtable_destroy
PyExc_ValueError
_PyArg_UnpackKeywords
PyErr_SetString
PyDictProxy_New
_PyArg_BadArgument
PySet_Add
PyThread_acquire_lock
_Py_NoneStruct
PyModule_GetDef
PyThread_allocate_lock
_Py_HashBytes
PyBuffer_IsContiguous
PyLong_FromLong
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
PyErr_Occurred
_PyArg_CheckPositional
PyLong_AsSsize_t
PyLong_AsUnsignedLong
_PyNumber_Index
PyBool_FromLong
PyExc_BufferError
PyErr_FormatV
_PyArg_Parse_SizeT
PyUnicode_AsUTF8

vcruntime140

memcpy
__std_type_info_destroy_list
memset
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_cexit

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

Exports

Exports

PyInit__hashlib

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
waveexternal/_lzma.pyd
.dll windows:6 windows x64

Password: lol

c39c7a021b2adfc11bb34f105f70355e

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:c6:e4:99:0f:71:73:48:1a:5e:17:56:54:67:72:eb:5c:bc:58:a9:d9:6e:90:ad:ba:07:ad:6c:55:1f:1a:07
Signer

Actual PE Digest

6c:c6:e4:99:0f:71:73:48:1a:5e:17:56:54:67:72:eb:5c:bc:58:a9:d9:6e:90:ad:ba:07:ad:6c:55:1f:1a:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python311

PyDict_SetItem
PyDict_New
PyErr_NewExceptionWithDoc
PyThread_free_lock
PyMem_Free
PyErr_NoMemory
PyModuleDef_Init
PyBytes_FromStringAndSize
PyErr_SetString
PyType_FromModuleAndSpec
PyMem_Realloc
PyMapping_Check
_PyLong_AsInt
PyModule_GetState
PyExc_SystemError
PyMem_RawFree
PyBuffer_Release
PyEval_RestoreThread
_PyArg_BadArgument
PyThread_acquire_lock
PyLong_FromLongLong
PyTuple_New
_Py_NoneStruct
PyMem_RawMalloc
PyType_GetModuleState
PyMapping_GetItemString
PyList_Append
PyErr_Clear
PyExc_EOFError
PyList_New
PyObject_GetBuffer
PyModule_AddObject
PyThread_release_lock
PyErr_ExceptionMatches
_Py_Dealloc
PyExc_OverflowError
PyModule_AddType
PyErr_Format
_PyArg_ParseTupleAndKeywords_SizeT
PyExc_ValueError
PyMem_Malloc
_PyArg_UnpackKeywords
PyLong_AsUnsignedLongLong
PyThread_allocate_lock
PyLong_FromUnsignedLongLong
PyExc_MemoryError
PyErr_SetNone
PyBuffer_IsContiguous
PyEval_SaveThread
PyErr_Occurred
PySequence_GetItem
PyExc_KeyError
_PyArg_CheckPositional
PyLong_AsSsize_t
PyType_GenericNew
PyModule_AddIntConstant
_PyNumber_Index
PyBool_FromLong
PyUnicode_InternFromString
PyMem_Calloc
PyExc_TypeError
PySequence_Size

vcruntime140

memmove
memset
__std_type_info_destroy_list
__C_specific_handler
memcpy
memcmp

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_narrow_environment

kernel32

GetCurrentProcessId
RtlLookupFunctionEntry
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
RtlCaptureContext
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind

Exports

Exports

PyInit__lzma

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
waveexternal/_socket.pyd
.dll .js windows:6 windows x64

Password: lol
waveexternal/_ssl.pyd
.dll windows:6 windows x64

Password: lol

ba77dcd459076e05d402c6e9b4f52171

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:f5:ec:14:ec:32:5a:e7:4d:03:33:40:a0:26:c1:8c:8b:23:ea:d8:2b:56:1d:fb:8c:38:46:89:fc:78:3d:e6
Signer

Actual PE Digest

87:f5:ec:14:ec:32:5a:e7:4d:03:33:40:a0:26:c1:8c:8b:23:ea:d8:2b:56:1d:fb:8c:38:46:89:fc:78:3d:e6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

select
WSAGetLastError

crypt32

CertFreeCRLContext
CertOpenStore
CertCloseStore
CertAddStoreToCollection
CertEnumCRLsInStore
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CertEnumCertificatesInStore

libcrypto-1_1

BIO_set_flags
OPENSSL_sk_num
X509_VERIFY_PARAM_set_hostflags
X509_STORE_add_cert
X509_get0_notAfter
DH_free
ERR_get_error
BIO_read
BIO_printf
X509_get_default_cert_file_env
X509_VERIFY_PARAM_set1_ip
OBJ_obj2nid
X509_get_default_cert_dir_env
X509_get_issuer_name
RAND_status
i2t_ASN1_OBJECT
X509_get0_notBefore
PEM_write_bio_X509_AUX
ASN1_STRING_to_UTF8
ERR_reason_error_string
PEM_write_bio_X509
BIO_ctrl
X509_VERIFY_PARAM_set_flags
i2d_X509
BIO_new
OBJ_nid2sn
i2a_ASN1_INTEGER
OBJ_txt2obj
GENERAL_NAME_free
X509_NAME_get_entry
BIO_up_ref
OpenSSL_version_num
X509_NAME_ENTRY_get_data
a2i_IPADDRESS
BIO_clear_flags
i2d_X509_bio
X509_VERIFY_PARAM_set1_host
PEM_read_bio_X509
OBJ_obj2txt
COMP_get_type
BIO_s_mem
BIO_free_all
BIO_s_file
BIO_ctrl_pending
CRYPTO_free
EC_KEY_free
X509_get_version
OPENSSL_sk_value
X509_verify_cert_error_string
X509_OBJECT_get0_X509
AUTHORITY_INFO_ACCESS_free
X509_NAME_ENTRY_set
OPENSSL_sk_find
X509_VERIFY_PARAM_clear_flags
RAND_bytes
GENERAL_NAME_print
BIO_new_fp
BIO_write
BIO_free
ASN1_STRING_get0_data
CRL_DIST_POINTS_free
X509_NAME_ENTRY_get_object
BIO_puts
BIO_gets
X509_up_ref
OPENSSL_sk_pop_free
OBJ_nid2obj
X509_NAME_print_ex
d2i_X509_bio
X509_subject_name_hash
OpenSSL_version
ASN1_STRING_type
X509_get_serialNumber
X509_get_default_cert_dir
X509_get_default_cert_file
RAND_add
OBJ_nid2ln
ERR_clear_error
X509_free
BIO_new_mem_buf
PEM_read_DHparams
ASN1_STRING_length
X509_get_ext_d2i
X509_OBJECT_get_type
ASN1_OCTET_STRING_free
X509_cmp
X509_STORE_get0_objects
X509_VERIFY_PARAM_get_flags
EC_KEY_new_by_curve_name
ASN1_TIME_print
OBJ_sn2nid
ERR_peek_last_error
X509_get_subject_name
X509_NAME_entry_count
X509_check_ca
ASN1_OBJECT_free

libssl-1_1

SSL_get_ciphers
d2i_SSL_SESSION
SSL_CTX_set_verify
SSL_pending
SSL_CIPHER_get_kx_nid
SSL_SESSION_get_time
SSL_set_verify
SSL_CIPHER_get_version
SSL_CTX_get_verify_mode
SSL_CTX_set_cipher_list
SSL_set_post_handshake_auth
SSL_set_accept_state
SSL_CTX_load_verify_locations
SSL_CTX_set_num_tickets
SSL_CTX_use_certificate_chain_file
SSL_CIPHER_get_name
SSL_get_peer_finished
SSL_get0_param
SSL_CTX_get_default_passwd_cb_userdata
SSL_CTX_check_private_key
SSL_set_SSL_CTX
SSL_session_reused
SSL_shutdown
SSL_read_ex
SSL_get_current_cipher
SSL_get_verify_mode
SSL_is_init_finished
SSL_CTX_set_session_id_context
SSL_CTX_set_msg_callback
SSL_get_peer_cert_chain
TLS_server_method
SSL_CTX_set_keylog_callback
SSL_get_error
SSL_CTX_get_num_tickets
SSL_set_connect_state
SSL_get1_session
TLSv1_1_method
SSL_CIPHER_get_bits
SSL_CTX_get_security_level
SSL_set_bio
SSL_CTX_get_verify_callback
SSL_SESSION_has_ticket
SSL_SESSION_get_timeout
SSL_ctrl
SSL_CTX_set_default_passwd_cb_userdata
TLSv1_2_method
SSL_CIPHER_get_cipher_nid
SSL_CTX_callback_ctrl
TLS_client_method
SSL_get_verify_result
SSL_CTX_get_options
SSL_CTX_set_post_handshake_auth
SSL_CIPHER_description
SSL_set_read_ahead
SSL_write_ex
SSL_select_next_proto
SSL_CTX_new
SSL_set_fd
SSL_CTX_use_PrivateKey_file
SSL_get_verify_callback
SSL_CIPHER_get_digest_nid
SSL_get_finished
SSL_set_ex_data
SSL_get_ex_data
SSL_get0_verified_chain
SSL_get0_alpn_selected
SSL_CTX_clear_options
SSL_get_version
SSL_SESSION_get_ticket_lifetime_hint
SSL_CTX_ctrl
SSL_CTX_free
SSL_new
SSL_CTX_set_alpn_protos
SSL_CTX_set_default_verify_paths
SSL_CTX_set_alpn_select_cb
SSL_get_peer_certificate
SSL_CTX_set_options
SSL_set_session
SSL_SESSION_free
SSL_CTX_get_cert_store
SSL_get_session
SSL_free
SSL_get_current_compression
TLS_method
SSL_verify_client_post_handshake
SSL_CTX_set_default_passwd_cb
TLSv1_method
SSL_get_servername
SSL_SESSION_get_id
SSL_CIPHER_is_aead
SSL_CTX_get_default_passwd_cb
SSL_get_wbio
SSL_CIPHER_get_id
i2d_SSL_SESSION
SSL_get_shutdown
SSL_get_client_ciphers
SSL_get_rbio
SSL_set_msg_callback
SSL_do_handshake
SSL_get_SSL_CTX
SSL_CTX_get0_param
SSL_CIPHER_get_auth_nid

kernel32

RtlCaptureContext
GetLastError
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess

python311

PyErr_ExceptionMatches
PyThread_release_lock
PyModule_AddObjectRef
PyModule_AddObject
PyObject_CheckBuffer
_PyArg_ParseTuple_SizeT
PyObject_GC_Del
PyErr_Fetch
PyObject_CallFunctionObjArgs
PyLong_AsLong
_PyBytes_Resize
PyUnicode_FromFormat
PyObject_GetBuffer
PyErr_BadArgument
PySet_New
PyList_New
PyType_FromSpecWithBases
PyList_Append
PyUnicode_Decode
PyUnicode_FSConverter
PyType_GetModuleState
PyDict_SetItem
PyDict_New
PyErr_NewExceptionWithDoc
PyMem_Free
PyFrozenSet_New
PyCapsule_Import
PyErr_NoMemory
PyErr_SetFromErrnoWithFilenameObject
PyExc_OSError
PyObject_CallObject
PyErr_CheckSignals
PyModuleDef_Init
PyObject_GC_Track
PyBytes_FromStringAndSize
_Py_NotImplementedStruct
PyGILState_Ensure
PyType_GetModuleByDef
PyUnicode_FromEncodedObject
_PyDeadline_Get
PyExc_TypeError
PyType_FromModuleAndSpec
PyObject_IsTrue
PyObject_Str
PyUnicode_AsUTF8String
PyTuple_Pack
_PyByteArray_empty_string
PyCallable_Check
PyMem_Malloc
PyList_AsTuple
_PyTime_AsTimeval_clamp
PyExc_UnicodeEncodeError
_PyLong_AsInt
_Py_TrueStruct
PyModule_GetState
_PyObject_GC_New
PyList_SetItem
_Py_fopen_obj
PyUnicode_FromString
PyLong_FromSize_t
_PyDeadline_Init
PyBuffer_Release
PyObject_CallNoArgs
PyByteArray_Type
PyEval_RestoreThread
PyUnicode_FromStringAndSize
_Py_Dealloc
PyExc_OverflowError
PyType_IsSubtype
PyErr_SetFromErrno
PyFloat_Type
_Py_FalseStruct
PyModule_AddStringConstant
PyModule_AddType
PyErr_Format
PyLong_FromUnsignedLong
PyExc_ValueError
_PyArg_UnpackKeywords
PyErr_WarnFormat
PyUnicode_AsASCIIString
PyErr_WriteUnraisable
PyErr_SetString
PyList_Size
_PyArg_BadArgument
PyExc_AttributeError
PySet_Add
PyWeakref_GetObject
PyBuffer_FillInfo
PyExc_TimeoutError
PyThread_acquire_lock
PyDict_SetItemString
PyType_GetModule
_PyArg_NoPositional
PyTuple_New
_Py_NoneStruct
PyGILState_Release
PyBytes_FromString
PyFloat_AsDouble
PyThread_allocate_lock
PyErr_SetFromWindowsErr
PyExc_MemoryError
PyBuffer_IsContiguous
PyObject_GC_UnTrack
PyLong_FromLong
PyExc_RuntimeError
_PyErr_ChainExceptions
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
PyUnicode_DecodeUTF8
PyErr_Occurred
PyBytes_AsString
_PyErr_BadInternalCall
PyExc_DeprecationWarning
_PyArg_CheckPositional
_PyArg_NoKeywords
PyExc_RuntimeWarning
PyErr_WarnEx
PyModule_AddIntConstant
_PyObject_CallFunction_SizeT
PyList_Insert
_Py_BuildValue_SizeT
PyUnicode_DecodeFSDefault
PyBool_FromLong
PyErr_SetObject
PyWeakref_NewRef
PyUnicode_InternFromString
PyObject_SetAttr
PySequence_List
_PyArg_Parse_SizeT
PyDict_GetItemWithError

vcruntime140

strchr
memcpy
memcmp
memset
__C_specific_handler
__std_type_info_destroy_list

api-ms-win-crt-stdio-l1-1-0

_close
_setmode
__stdio_common_vfprintf
fseek
fgets
clearerr
fflush
__acrt_iob_func
fopen
ferror
ftell
__stdio_common_vsprintf
_open
fclose
_fileno
fwrite
_lseek
feof
fread
_write
_read

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table
_cexit
_errno
_execute_onexit_table

api-ms-win-crt-string-l1-1-0

strcmp

Exports

Exports

OPENSSL_Applink
PyInit__ssl

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
waveexternal/api-ms-win-core-console-l1-1-0.dll
.dll windows:10 windows x64

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:27:e2:0d:3a:94:2e:89:fe:9a:49:c4:a1:53:31:de:d8:f4:55:14:98:4c:aa:d2:d4:f9:f4:4d:40:3f:53:5f
Signer

Actual PE Digest

17:27:e2:0d:3a:94:2e:89:fe:9a:49:c4:a1:53:31:de:d8:f4:55:14:98:4c:aa:d2:d4:f9:f4:4d:40:3f:53:5f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AllocConsole
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleA
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleA
WriteConsoleW

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
waveexternal/api-ms-win-core-datetime-l1-1-0.dll
.dll windows:10 windows x64

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:e1:e4:10:8f:d2:2d:59:ee:27:a8:60:f8:4d:bc:49:af:c0:9d:92:02:49:ea:15:82:43:c4:40:fc:3c:30:43
Signer

Actual PE Digest

75:e1:e4:10:8f:d2:2d:59:ee:27:a8:60:f8:4d:bc:49:af:c0:9d:92:02:49:ea:15:82:43:c4:40:fc:3c:30:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW

Sections

.rdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
waveexternal/api-ms-win-core-debug-l1-1-0.dll
.dll windows:10 windows x64

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:af:ed:3e:56:38:c1:2c:da:0f:8e:d2:d1:79:ec:45:cb:4d:c0:e8:bd:03:5b:fc:61:d3:79:82:cb:ab:e1:98
Signer

Actual PE Digest

a4:af:ed:3e:56:38:c1:2c:da:0f:8e:d2:d1:79:ec:45:cb:4d:c0:e8:bd:03:5b:fc:61:d3:79:82:cb:ab:e1:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DebugBreak
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW

Sections

.rdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
waveexternal/api-ms-win-core-errorhandling-l1-1-0.dll
.dll windows:10 windows x64

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:cc:5a:0d:58:b2:34:03:12:25:ae:e6:86:7d:90:54:51:f3:c9:cc:ab:c8:8e:72:d4:9b:bf:fd:7f:eb:b8:68
Signer

Actual PE Digest

ab:cc:5a:0d:58:b2:34:03:12:25:ae:e6:86:7d:90:54:51:f3:c9:cc:ab:c8:8e:72:d4:9b:bf:fd:7f:eb:b8:68

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

GetErrorMode
GetLastError
RaiseException
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Sections

.rdata
Size: 1024B - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
waveexternal/api-ms-win-core-file-l1-1-0.dll
.dll windows:10 windows x64

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:07:98:27:db:0b:10:7e:1a:d5:11:1a:f4:4c:68:ee:80:6d:34:0b:4d:cc:23:2f:a4:30:eb:12:1e:eb:fa:39
Signer

Actual PE Digest

a1:07:98:27:db:0b:10:7e:1a:d5:11:1a:f4:4c:68:ee:80:6d:34:0b:4d:cc:23:2f:a4:30:eb:12:1e:eb:fa:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CompareFileTime
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DefineDosDeviceW
DeleteFileA
DeleteFileW
DeleteVolumeMountPointW
FileTimeToLocalFileTime
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExA
FindFirstFileExW
FindFirstFileW
FindFirstVolumeW
FindNextChangeNotification
FindNextFileA
FindNextFileW
FindNextVolumeW
FindVolumeClose
FlushFileBuffers
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileSizeEx
GetFileTime
GetFileType
GetFinalPathNameByHandleA
GetFinalPathNameByHandleW
GetFullPathNameA
GetFullPathNameW
GetLogicalDriveStringsW
GetLogicalDrives
GetLongPathNameA
GetLongPathNameW
GetShortPathNameW
GetTempFileNameW
GetVolumeInformationByHandleW
GetVolumeInformationW
GetVolumePathNameW
LocalFileTimeToFileTime
LockFile
LockFileEx
QueryDosDeviceW
ReadFile
ReadFileEx
ReadFileScatter
RemoveDirectoryA
RemoveDirectoryW
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFileInformationByHandle
SetFilePointer
SetFilePointerEx
SetFileTime
SetFileValidData
UnlockFile
UnlockFileEx
WriteFile
WriteFileEx
WriteFileGather

Sections

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
waveexternal/api-ms-win-core-file-l1-2-0.dll
.dll windows:10 windows x64

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:92:b2:1d:56:50:3e:bb:68:26:1f:9e:e5:83:22:38:41:0e:37:65:64:fe:48:dd:f3:8d:08:1f:5d:9e:27:8c
Signer

Actual PE Digest

ed:92:b2:1d:56:50:3e:bb:68:26:1f:9e:e5:83:22:38:41:0e:37:65:64:fe:48:dd:f3:8d:08:1f:5d:9e:27:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CreateFile2
GetTempPathW
GetVolumeNameForVolumeMountPointW
GetVolumePathNamesForVolumeNameW

Sections

.rdata
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
waveexternal/nu1

Sharing

General

Malware Config

Signatures

Files

Password: lol

Password: lol

20d446c1cb128febd23deb17efb67cf6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

8c:06:d7:1d:55:46:d4:76:f8:e0:2e:42:6e:90:00:63:4f:10:b0:5b:ef:dd:f9:29:d7:c6:b0:80:41:2d:e2:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

comctl32

kernel32

advapi32

gdi32

Sections

.text Size: 167KB - Virtual size: 166KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 3KB - Virtual size: 12KB

.pdata Size: 9KB - Virtual size: 8KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

Password: lol

d0a62ab71a2b2ca69c6aba1f0a37fcdd

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:ddCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b9:62:51:a5:02:4d:e8:1a:d4:95:45:40:ac:7e:6e:7b:40:d9:8a:a0:f3:e1:b4:1d:84:8c:8a:31:21:74:8f:e3Signer

Headers

DLL Characteristics

File Characteristics

Imports

python311

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

8c:06:d7:1d:55:46:d4:76:f8:e0:2e:42:6e:90:00:63:4f:10:b0:5b:ef:dd:f9:29:d7:c6:b0:80:41:2d:e2:c2
Signer

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b9:62:51:a5:02:4d:e8:1a:d4:95:45:40:ac:7e:6e:7b:40:d9:8a:a0:f3:e1:b4:1d:84:8c:8a:31:21:74:8f:e3
Signer

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 136B

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

ad:94:13:8d:c9:ff:eb:67:52:d8:c6:99:0c:2d:a0:5a:f9:1d:c4:19:3f:7e:51:40:0a:89:3a:88:8c:cc:d0:65
Signer

.text
Size: 59KB - Virtual size: 58KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 912B

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0c:b6:bb:34:0c:ac:75:6f:fb:38:77:e7:82:f7:6c:76:a3:d6:5a:6c:bd:e1:6b:57:0f:f7:b9:9f:51:07:bd:ec
Signer