Extracted

• fe5872ae9dfa52dbfcdbb3f69e01369c9ffa67cf8242941749ed958afb1bd78b

  .exe windows:6 windows x86

  1193bc223dad681f22f8248608cbb592

  
  

  Code Sign

  33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  12/05/2022, 20:46

  Not After

  11/05/2023, 20:46

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08/07/2011, 20:59

  Not After

  08/07/2026, 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  03:6b:76:25:7c:fc:14:7d:8b:af:af:ba:c9:25:59:5a:49:31:8d:0e:98:82:c3:5d:52:82:fa:53:f9:ee:cc:82

  Signer

  Actual PE Digest

  03:6b:76:25:7c:fc:14:7d:8b:af:af:ba:c9:25:59:5a:49:31:8d:0e:98:82:c3:5d:52:82:fa:53:f9:ee:cc:82

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  version

  GetFileVersionInfoSizeW

  VerQueryValueW

  GetFileVersionInfoW

  netapi32

  NetServerEnum

  NetApiBufferFree

  ws2_32

  gethostname

  WSAStartup

  inet_ntoa

  gethostbyname

  mpr

  WNetCancelConnection2W

  WNetAddConnection2W

  kernel32

  SetFileAttributesW

  DuplicateHandle

  DisconnectNamedPipe

  SetNamedPipeHandleState

  TransactNamedPipe

  WaitNamedPipeW

  CreateEventW

  WaitForMultipleObjects

  GetCurrentProcessId

  GetFileTime

  GetExitCodeProcess

  ResumeThread

  GetVersion

  SetProcessAffinityMask

  CopyFileW

  ReadConsoleW

  SetConsoleCtrlHandler

  SetConsoleTitleW

  HeapReAlloc

  GetEnvironmentVariableW

  GetFileAttributesW

  ReadFile

  GetConsoleScreenBufferInfo

  MultiByteToWideChar

  VerifyVersionInfoW

  FormatMessageA

  FindResourceW

  SizeofResource

  LockResource

  LoadResource

  FreeLibrary

  GetSystemDirectoryW

  GetTickCount

  GetCurrentProcess

  Sleep

  WaitForSingleObject

  SetEvent

  CloseHandle

  WriteFile

  DeleteFileW

  CreateFileW

  VerSetConditionMask

  SetThreadGroupAffinity

  SetPriorityClass

  GetModuleFileNameW

  LocalFree

  SetEndOfFile

  LocalAlloc

  GetProcAddress

  GetModuleHandleW

  GetFileType

  GetCommandLineW

  GetStdHandle

  LoadLibraryExW

  GetVersionExW

  SetLastError

  GetComputerNameW

  GetLastError

  FindClose

  FindFirstFileExW

  FindNextFileW

  IsValidCodePage

  GetACP

  GetOEMCP

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  SetEnvironmentVariableW

  GetProcessHeap

  WriteConsoleW

  HeapSize

  TerminateProcess

  RaiseException

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  LoadLibraryExA

  WideCharToMultiByte

  GetStringTypeW

  EnterCriticalSection

  LeaveCriticalSection

  InitializeCriticalSectionEx

  DeleteCriticalSection

  EncodePointer

  DecodePointer

  GetCPInfo

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsProcessorFeaturePresent

  IsDebuggerPresent

  GetStartupInfoW

  QueryPerformanceCounter

  GetCurrentThreadId

  GetSystemTimeAsFileTime

  InitializeSListHead

  RtlUnwind

  InitializeCriticalSectionAndSpinCount

  TlsAlloc

  TlsGetValue

  TlsSetValue

  TlsFree

  ExitProcess

  GetModuleHandleExW

  GetConsoleCP

  SetStdHandle

  CreateThread

  ExitThread

  FreeLibraryAndExitThread

  GetCommandLineA

  HeapAlloc

  HeapFree

  CompareStringW

  LCMapStringW

  GetLocaleInfoW

  IsValidLocale

  GetUserDefaultLCID

  EnumSystemLocalesW

  FlushFileBuffers

  GetConsoleOutputCP

  GetConsoleMode

  SetConsoleMode

  ReadConsoleInputW

  GetFileSizeEx

  SetFilePointerEx

  comdlg32

  PrintDlgW

  advapi32

  CreateProcessAsUserW

  CryptHashData

  CryptCreateHash

  CryptDecrypt

  CryptEncrypt

  CryptImportKey

  CryptExportKey

  CryptDestroyKey

  CryptDeriveKey

  CryptGenKey

  CryptReleaseContext

  CryptAcquireContextW

  StartServiceW

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  DeleteService

  CreateServiceW

  ControlService

  CloseServiceHandle

  OpenProcessToken

  LsaEnumerateAccountRights

  LsaOpenPolicy

  LsaClose

  LsaFreeMemory

  SetSecurityInfo

  GetSecurityInfo

  SetEntriesInAclW

  LookupPrivilegeValueW

  SetTokenInformation

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  InitializeAcl

  GetTokenInformation

  GetLengthSid

  GetAce

  FreeSid

  AllocateAndInitializeSid

  AddAce

  AddAccessAllowedAce

  RegSetValueExW

  RegQueryValueExW

  RegOpenKeyExW

  RegOpenKeyW

  RegCreateKeyW

  RegCloseKey

  Sections

  .text

  Size: 254KB - Virtual size: 254KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 224KB - Virtual size: 223KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 155KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 191KB - Virtual size: 191KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ