IDAT Loader[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

IDAT Loader.zip
Size

18.9MB
MD5

a4d7a4b256030a643dff6133f54dae37
SHA1

770daf5b6cd9ead863bf4525ea3c9f34c8101e7a
SHA256

13b29aa977e37aa1faf5e8f6c2687775e3672c59309b7bd6bc72e64134e5543c
SHA512

37ee702b44e215329845a975adc8fcb8e1a3a673991849ada86516517d49dbc6783d2a4e72de1edf3c4b2c833a80b6ee1639199b9caa95c69dc3be2d6827b4d9
SSDEEP

393216:DwrYH/qxSRq7qgi1N4DMoKvkJi8AHeRR7PmUxSUvng9g1f1:Dwrm8yYqgCNYrKvmife3kUvnIg51

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1655ea61f847e13e293eb7b7898e008388f040de0ada91731082edf0b2e229e3.exe
unpack001/640c790e93a6b273c09b36cc8b1818f5a0baafe3aaa0de9c3622706e309c7c03.dll
unpack001/fde93403ca92c188439a856b876f84cfacc6bac0d66ada65a65724ee5d875378.exe

Files

IDAT Loader.zip
.zip
1655ea61f847e13e293eb7b7898e008388f040de0ada91731082edf0b2e229e3.exe
.exe windows:10 windows x86

392b4d61b1d1dadc1f06444df258188a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__dllonexit
_unlock
_lock
_initterm
wcsspn
_tell
_except_handler4_common
__setusermatherr
__p__fmode
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
calloc
free
_purecall
__CxxFrameHandler3
?terminate@@YAXXZ
_wcslwr
_controlfp
_dup2
memcmp
_local_unwind4
_dup
??1type_info@@UAE@XZ
_close
_open_osfhandle
swscanf
_ultoa
_pipe
memmove
wcsncmp
_setmode
exit
_getch
iswspace
wcschr
iswxdigit
_setjmp3
time
srand
_wtol
fflush
wcsstr
iswalpha
wcstoul
??3@YAXPAX@Z
_errno
??_V@YAXPAX@Z
printf
memcpy_s
_onexit
fgets
qsort
rand
_pclose
fprintf
wcsrchr
ferror
realloc
towlower
setlocale
towupper
_wcsupr
feof
_wpopen
_wcsnicmp
_get_osfhandle
longjmp
iswdigit
wcstol
_vsnwprintf
_wcsicmp
__iob_func
malloc
_callnewh
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABQBDH@Z
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
memcpy
memset

ntdll

NtOpenProcessToken
NtQueryInformationToken
NtClose
NtOpenThreadToken
NtFsControlFile
RtlDosPathNameToNtPathName_U
RtlFindLeastSignificantBit
RtlFreeHeap
RtlReleaseRelativeName
NtOpenFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtSetInformationFile
NtQueryVolumeInformationFile
NtSetInformationProcess
NtQueryInformationProcess
RtlNtStatusToDosError
NtCancelSynchronousIoFile
RtlCreateUnicodeStringFromAsciiz
RtlFreeUnicodeString

api-ms-win-core-kernel32-legacy-l1-1-0

GetConsoleWindow
CopyFileW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleFileNameA
LoadLibraryExW
GetModuleHandleW
GetModuleHandleExW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
TryAcquireSRWLockExclusive
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeCriticalSection
EnterCriticalSection
ReleaseSemaphore
ReleaseSRWLockExclusive
LeaveCriticalSection
ReleaseMutex
WaitForSingleObjectEx

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSetInformation
HeapReAlloc
GetProcessHeap
HeapSize
HeapFree

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
GetCurrentThreadId
CreateProcessW
CreateProcessAsUserW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
GetExitCodeProcess
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
DeleteProcThreadAttributeList
OpenThread
ResumeThread

api-ms-win-core-localization-l1-2-0

GetLocaleInfoW
FormatMessageW
SetThreadLocale
GetACP
GetThreadLocale
GetUserDefaultLCID
GetCPInfo

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc
VirtualQuery
ReadProcessMemory

api-ms-win-core-console-l1-1-0

ReadConsoleW
WriteConsoleW
GetConsoleMode
SetConsoleMode
SetConsoleCtrlHandler
GetConsoleOutputCP

api-ms-win-core-file-l1-1-0

ReadFile
GetFileAttributesW
GetFileSize
SetFilePointer
GetFullPathNameW
GetVolumePathNameW
CreateFileW
WriteFile
SetFilePointerEx
FindFirstFileExW
GetDiskFreeSpaceExW
FileTimeToLocalFileTime
CompareFileTime
RemoveDirectoryW
FindFirstFileW
GetFileType
FindNextFileW
FindClose
GetVolumeInformationW
SetFileTime
DeleteFileW
SetEndOfFile
SetFileAttributesW
CreateDirectoryW
GetDriveTypeW
FlushFileBuffers
GetFileAttributesExW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentStringsW
GetStdHandle
SetEnvironmentVariableW
GetCurrentDirectoryW
FreeEnvironmentStringsW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetEnvironmentStringsW
SetCurrentDirectoryW
SearchPathW
GetCommandLineW

api-ms-win-core-console-l2-1-0

SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FillConsoleOutputAttribute
FlushConsoleInputBuffer
FillConsoleOutputCharacterW
SetConsoleCursorPosition
ScrollConsoleScreenBufferW

api-ms-win-security-base-l1-1-0

RevertToSelf
GetSecurityDescriptorOwner
GetFileSecurityW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemTime
GetTickCount
SetLocalTime
GetLocalTime
GetVersion
GetWindowsDirectoryW

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW
GetDateFormatW

api-ms-win-core-systemtopology-l1-1-0

GetNumaHighestNodeNumber
GetNumaNodeProcessorMaskEx

api-ms-win-core-console-l2-2-0

SetConsoleTitleW
GetConsoleTitleW

api-ms-win-core-processenvironment-l1-2-0

NeedCurrentDirectoryForExePathW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyExW
RegEnumKeyExW

api-ms-win-core-file-l2-1-0

CreateSymbolicLinkW
GetFileInformationByHandleEx
MoveFileExW
MoveFileWithProgressW
CreateHardLinkW

api-ms-win-core-heap-l2-1-0

GlobalFree
GlobalAlloc
LocalFree

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

api-ms-win-core-processtopology-l1-1-0

GetThreadGroupAffinity

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpiW

api-ms-win-core-processtopology-obsolete-l1-1-0

SetProcessAffinityMask

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3bf4b365d61c1e9807d20e71375627450b8fea1635cb6ddb85f2956e8f6b3ec3.exe
.exe windows:6 windows x86

21314122cd4542a6b9b297f52a87acbe

Code Sign

22:36:7d:be:fd:0a:32:5c:38:93:af:52:54:7b:14:fa
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/04/2018, 00:00

Not After

29/04/2021, 23:59

Subject

CN=F.lux Software LLC,O=F.lux Software LLC,POSTALCODE=90049,STREET=929 S. Gretna Green Way,L=Los Angeles,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:36:7d:be:fd:0a:32:5c:38:93:af:52:54:7b:14:fa
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/04/2018, 00:00

Not After

29/04/2021, 23:59

Subject

CN=F.lux Software LLC,O=F.lux Software LLC,POSTALCODE=90049,STREET=929 S. Gretna Green Way,L=Los Angeles,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

89:24:eb:de:93:37:2f:4e:3c:8a:0c:02:0e:fb:36:96:36:0a:15:d7:86:9f:5b:0b:b1:36:c2:15:a6:db:32:13
Signer

Actual PE Digest

89:24:eb:de:93:37:2f:4e:3c:8a:0c:02:0e:fb:36:96:36:0a:15:d7:86:9f:5b:0b:b1:36:c2:15:a6:db:32:13

Digest Algorithm

sha256

PE Digest Matches

false

9c:ae:69:21:4b:95:ab:9d:00:0d:0b:51:d5:68:58:2f:22:3a:d8:c8
Signer

Actual PE Digest

9c:ae:69:21:4b:95:ab:9d:00:0d:0b:51:d5:68:58:2f:22:3a:d8:c8

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
CloseHandle
WriteFile
DeleteFileW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventExW
WaitForSingleObject
CreateProcessW
GetLastError
GetExitCodeProcess
SetEvent
RemoveDirectoryW
GetProcAddress
GetModuleHandleW
GetWindowsDirectoryW
CreateDirectoryW
GetTempPathW
GetTempFileNameW
MoveFileW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
RaiseException
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
CreateEventW
FindClose
FindFirstFileW
GetFullPathNameW
InitializeCriticalSection
lstrcpynW
CreateThread
LoadLibraryExW
GetCurrentProcess
Sleep
WideCharToMultiByte
GetDiskFreeSpaceExW
DecodePointer
GetExitCodeThread
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryW
lstrlenW
VerifyVersionInfoW
VerSetConditionMask
lstrcmpiW
LoadLibraryW
GetDriveTypeW
CompareStringW
FindNextFileW
GetLogicalDriveStringsW
GetFileSize
GetFileAttributesW
GetShortPathNameW
GetFinalPathNameByHandleW
SetFileAttributesW
GetFileTime
CopyFileW
ReadFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
MultiByteToWideChar
GetSystemInfo
WaitForMultipleObjects
GetVersionExW
VirtualProtect
VirtualQuery
LoadLibraryExA
GetStringTypeW
LocalFree
LocalAlloc
SetUnhandledExceptionFilter
FileTimeToSystemTime
GetEnvironmentVariableW
GetSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FormatMessageW
GetEnvironmentStringsW
InitializeCriticalSectionEx
LoadLibraryA
GetModuleFileNameA
GetCurrentThread
GetConsoleOutputCP
FlushFileBuffers
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
IsWow64Process
SetConsoleTextAttribute
GetStdHandle
GetConsoleScreenBufferInfo
OutputDebugStringW
GetTickCount
GetCommandLineW
SetCurrentDirectoryW
SetEndOfFile
EnumResourceLanguagesW
GetSystemDefaultLangID
GetUserDefaultLangID
GetLocalTime
ResetEvent
GlobalFree
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
CreateNamedPipeW
ConnectNamedPipe
TerminateThread
CompareFileTime
CopyFileExW
OpenEventW
PeekNamedPipe
WaitForSingleObjectEx
QueryPerformanceCounter
QueryPerformanceFrequency
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
GetSystemTimeAsFileTime
IsDebuggerPresent
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetFileType
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadConsoleW
WriteConsoleW
GetProcessAffinityMask
GetModuleHandleA
GlobalMemoryStatus
ReleaseSemaphore
CreateSemaphoreW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 573KB - Virtual size: 573KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
477b43a3deda69ea2b83fbd5fd0a5666e60f1127c82c87660635e5da0e780437.exe
.exe windows:4 windows x86

f9217b1abf3f80009941dce372136df1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:3e:03:22:f7:cc:73:3d:ce:b2:31:84:34:7a:9e:db
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

17/08/2023, 00:00

Not After

16/08/2026, 23:59

Subject

CN=Greg Kochaniak,O=Greg Kochaniak,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:4b:20:8a:ab:8a:99:62:52:45:44:d2:6c:a1:c8:52:b5:49:4e:42:b4:44:df:eb:3e:7e:fb:66:4c:93:a7:85
Signer

Actual PE Digest

37:4b:20:8a:ab:8a:99:62:52:45:44:d2:6c:a1:c8:52:b5:49:4e:42:b4:44:df:eb:3e:7e:fb:66:4c:93:a7:85

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

comctl32

CreatePropertySheetPageW
InitCommonControls
PropertySheetW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

kernel32

AddAtomA
CloseHandle
CreateProcessW
CreateSemaphoreA
ExitProcess
FindAtomA
FormatMessageA
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetExitCodeProcess
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LocalFree
MultiByteToWideChar
QueryPerformanceCounter
ReleaseSemaphore
SetEnvironmentVariableW
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte

msvcrt

_access
_close
_fstat
_open
_read
_unlink
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_filbuf
_flsbuf
_getdrives
_iob
_isctype
_onexit
_pctype
_setmode
_wfopen
abort
atexit
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fwrite
getenv
iswctype
malloc
memchr
memcmp
memcpy
memmove
memset
printf
realloc
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
swprintf
time
tolower
toupper
ungetc
wcscat
wcscmp
wcscpy
wcslen

ole32

CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit

user32

CallWindowProcW
CheckDlgButton
CheckRadioButton
CreateDialogParamW
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
EnableWindow
EndDialog
EnumThreadWindows
GetDlgItem
GetDlgItemTextW
GetMessageW
GetParent
GetWindowLongW
IsDlgButtonChecked
LoadCursorW
LoadIconW
LoadStringW
MessageBoxW
PostMessageW
RegisterClassExW
SendMessageA
SendMessageW
SetDlgItemTextW
SetFocus
SetParent
SetWindowLongA
SetWindowLongW
SetWindowPos
ShowWindow
TranslateMessage
UnregisterClassW

ws2_32

WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
closesocket
connect
gethostbyname
gethostname
getpeername
getservbyname
getsockname
htons
inet_addr
ioctlsocket
recv
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 288KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5f57537d18adcc1142294d7c469f565f359d5ff148e93a15ccbceb5ca3390dbd.exe
.dll windows:10 windows x64

1b504ce4a84efd7fd3934d9f7ce06db9

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:92:5f:9e:bb:34:72:79:eb:52:52:c7:bd:d1:dd:34:c5:28:82:01:f4:66:87:dd:fd:11:72:f4:7c:55:7f:47
Signer

Actual PE Digest

57:92:5f:9e:bb:34:72:79:eb:52:52:c7:bd:d1:dd:34:c5:28:82:01:f4:66:87:dd:fd:11:72:f4:7c:55:7f:47

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_crt_atexit
_beginthreadex
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_errno
_execute_onexit_table
_initterm_e
_initterm
abort
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

towlower
islower
_wcsnicmp
wcsncpy_s
iswdigit
iswalpha
iswupper
_wcsicmp
towupper
strcpy_s
__strncnt
isupper
_wcsdup
wcsnlen
strnlen
wcsncmp
_wcsupr
iswspace
strncmp
toupper
wcscmp

api-ms-win-crt-convert-l1-1-0

wcstoll
wcstoull
atol
_i64toa_s
_ui64toa_s
_i64tow_s
_ui64tow_s
_wcstod_l
wcstoul

api-ms-win-crt-stdio-l1-1-0

fgetpos
fwrite
fsetpos
fflush
_get_stream_buffer_pointers
fclose
fread
_fseeki64
ungetc
__stdio_common_vsprintf_s
fputc
fgetc
_wfsopen
fseek
__stdio_common_vswscanf
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
setvbuf

api-ms-win-crt-heap-l1-1-0

_callnewh
_calloc_base
realloc
_malloc_base
_free_base
free
malloc

advapi32

RegOpenKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
DuplicateTokenEx
RegNotifyChangeKeyValue
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
OpenServiceW
QueryServiceStatus
CloseServiceHandle
NotifyServiceStatusChangeW
OpenSCManagerW
QueryServiceConfigW
EventWriteTransfer
LookupAccountSidW
EnableTrace
ControlTraceW
StartTraceW
QueryTraceW
RegQueryValueExW
RegCloseKey
GetTokenInformation
OpenThreadToken
GetLengthSid
ChangeServiceConfigW
InitializeAcl
StartServiceW
FreeSid
OpenProcessToken
CopySid
AllocateAndInitializeSid
CheckTokenMembership
ConvertStringSidToSidW
EventUnregister
EventRegister
SetEntriesInAclW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW

crypt32

CertVerifyCertificateChainPolicy

kernel32

UnmapViewOfFile
WideCharToMultiByte
FormatMessageW
LocalFree
FreeLibrary
GetTickCount
QueryPerformanceCounter
CreateFileW
SwitchToThread
ResetEvent
DeleteFileW
FlushViewOfFile
FlushFileBuffers
GetCurrentProcess
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
FormatMessageA
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceFrequency
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
FlsAlloc
FlsGetValue
UnregisterWaitEx
FlsFree
EncodePointer
InitializeCriticalSectionEx
LoadLibraryExW
GetCurrentThread
OpenProcess
DeleteTimerQueueTimer
GetFinalPathNameByHandleW
SetFileAttributesW
RemoveDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
GetProcessTimes
ExpandEnvironmentStringsW
CreateDirectoryW
CopyFileW
DebugBreak
HeapFree
HeapAlloc
CreateThread
CreateEventW
SetEvent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetFileAttributesExW
GetModuleHandleExW
ReleaseMutex
WaitForMultipleObjects
CreateMutexW
MultiByteToWideChar
CloseHandle
Sleep
WaitForSingleObject
WaitForSingleObjectEx
SetLastError
RegisterWaitForSingleObject
DecodePointer
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetProcessHeap
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CancelSynchronousIo
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryW
SetEnvironmentVariableW
WriteFile
CreateTimerQueueTimer
GetFileSizeEx
ReadFile
FileTimeToSystemTime
VirtualQuery
CloseThreadpoolWork
MapViewOfFile
CloseThreadpool
StartThreadpoolIo
CreateThreadpool
CreateFileMappingW
CreateThreadpoolIo
WaitForThreadpoolIoCallbacks
WaitForThreadpoolTimerCallbacks
CreateSemaphoreW
CancelThreadpoolIo
WaitForThreadpoolWorkCallbacks
SetThreadpoolThreadMinimum
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
CreateProcessW
SetThreadpoolThreadMaximum
CloseThreadpoolTimer
LCMapStringEx
GetNativeSystemInfo
DuplicateHandle
GetSystemDirectoryW
OpenFileMappingW
OpenEventW
CompareStringEx
GetModuleFileNameW
ReleaseSemaphore
InitOnceComplete
InitOnceBeginInitialize
VirtualLock
GetStringTypeW
GetTickCount64
GetSystemInfo
TryEnterCriticalSection
GetLocalTime
GetEnvironmentVariableW
FlsSetValue
SetThreadpoolWait
LoadLibraryExA
CompareFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
VirtualProtect
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
HeapCreate
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolIo
CreateThreadpoolTimer
CreateThreadpoolWait

rpcrt4

RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcBindingSetOption
RpcBindingFree
RpcSmDestroyClientContext
RpcAsyncInitializeHandle
RpcAsyncCompleteCall
NdrClientCall3
UuidToStringW
UuidFromStringW
Ndr64AsyncClientCall
RpcStringBindingComposeW
RpcRaiseException
RpcAsyncCancelCall
RpcStringFreeW
UuidCreate

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WTHelperGetProvSignerFromChain

ntdll

RtlNtStatusToDosError
RtlGetVersion

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-locale-l1-1-0

___lc_collate_cp_func
_lock_locales
_unlock_locales
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func
__pctype_func
setlocale
_create_locale
_free_locale

api-ms-win-crt-math-l1-1-0

ceil
ceilf

userenv

UnregisterGPNotification
RegisterGPNotification

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

Exports

Exports

MpAddDynamicSignatureFile
MpAllocMemory
MpAmsiCloseSession
MpAmsiNotify
MpAmsiScan
MpAsrSetHipsUserExclusion
MpChangeCapability
MpCheckAccessForClipboardOperation
MpCheckAccessForClipboardOperationEx
MpCheckAccessForClipboardOperationEx2
MpCheckAccessForDragDropOperation
MpCheckAccessForDragDropOperation2
MpCheckAccessForPrintOperation
MpCheckAccessForPrintOperation2
MpCleanControl
MpCleanOpen
MpCleanPrecheckStart
MpCleanStart
MpClientUtilExportFunctions
MpClientUtilExportFunctionsSize
MpClose
MpConfigClose
MpConfigDelValue
MpConfigGetValue
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorEnumV2
MpConfigIteratorOpen
MpConfigOpen
MpConfigQueryProtection
MpConfigRefresh
MpConfigRegisterForNotifications
MpConfigSetValue
MpConfigUninitialize
MpConfigUnregisterNotifications
MpConveyDlpBypass
MpConveySampleSubmissionResult
MpConveyUserChoiceForDlpNotification
MpConveyUserChoiceForDlpNotificationEx
MpConveyUserChoiceForSampleList
MpCreateComInstance
MpDbgAllocMemory
MpDebugExportFunctions
MpDefenderIsPrintAccessCheckNeeded
MpDefenderPrintAccessCheck
MpDefenderPrintDataProvide
MpDelegateCopyFile
MpDelegateCopyFileAsync
MpDeleteAsrHistory
MpDetectionEnumerate
MpDetectionQuery
MpDeviceControlAuthenticateNetworkShare
MpDeviceControlValidateDataDuplicationRemoteLocationConfiguration
MpDlpCheckAccessForBuffer
MpDlpDelegateEnforcement
MpDlpDispatchAccessEvent
MpDlpGetEvidenceFileUrl
MpDlpGetOperationEnforcmentMode
MpDlpInitializeEnforcementMode
MpDlpNotifyCloseDocumentFile
MpDlpNotifyPostOpenDocumentFile
MpDlpNotifyPostSaveAsDocument
MpDlpNotifyPostStartPrint
MpDlpNotifyPreOpenDocumentFile
MpDlpNotifyPrePrint
MpDlpNotifyPreSaveAsDocument
MpDynamicSignatureEnumerate
MpDynamicSignatureOpen
MpElevateCleanHandle
MpElevationHandleAcquire
MpElevationHandleActivate
MpElevationHandleAttach
MpElevationHandleOpen
MpErrorMessageFormat
MpFastMemoryScan
MpFastMemoryScanOpen
MpFlushLowfiCache
MpForcedReboot
MpFreeFileTrustExtraInfo
MpFreeMemory
MpFreeTSModeInfo
MpGenerateSignature
MpGenerateSignatureEx
MpGenerateThreatReport
MpGetASRPerRuleExclusions
MpGetAsrBlockedActionInfos
MpGetAsrBlockedActions
MpGetAsrBlockedProcesses
MpGetCallistoDetections
MpGetCopyAcceleratorCancellableCopyStatus
MpGetCopyAcceleratorProcessStatus
MpGetDevMode
MpGetDevVolumesProtectionState
MpGetDeviceControlSecurityPolicies
MpGetDeviceControlStatus
MpGetDlpEvents
MpGetEngineVersion
MpGetFCValue
MpGetHIPSRuleInfo
MpGetMAPSConnectivityStatusInfo
MpGetNpSupportFile
MpGetRunningMode
MpGetSACInfo
MpGetSampleChunk
MpGetSampleListRequiringConsent
MpGetTDTFeatureStatus
MpGetTDTFeatureStatusEx
MpGetTPStateInfo
MpGetTSModeInfo
MpGetTaskSchedulerStrings
MpGetThreatExecutionInfo
MpGetUpdatePlatformStatus
MpHandleClose
MpIsDeviceControlAvailable
MpIsGivenRunningModeSupported
MpIsRtpAutoEnable
MpManagerDisable
MpManagerEnable
MpManagerOpen
MpManagerStatusQuery
MpManagerStatusQueryEx
MpManagerVersionQuery
MpManagerXBGMDisable
MpManagerXBGMEnable
MpMemoryScanStart
MpNetworkCapture
MpNotificationRegister
MpOfflineScanInstall
MpOfflineScanStatusQuery
MpOpen
MpProductGenuineCheck
MpQuarantineRequest
MpQueryDefaultFolderGuardList
MpQueryEngineConfigDword
MpQueryFileTrustByHandle
MpQueryFileTrustByHandle2
MpRemapCallistoDetections
MpRemoveDynamicSignatureFile
MpReportClipboardOwner
MpRequestSnooze
MpRollbackPlatform
MpSampleQuery
MpSampleSubmit
MpScanControl
MpScanResult
MpScanStart
MpScanStartEx
MpSendBrowserHeartbeat
MpServiceLogMessage
MpSetBreakTheGlassStatus
MpSetTPState
MpSetUacElevationDefaultWindowHandle
MpShowDlpDetailsDialog
MpShutdownCopyAcceleratorProcess
MpSmartLockerEnable
MpTelemetryAddToAverageDWORD
MpTelemetryAddToStreamDWORD
MpTelemetryAddToStreamDWORD64
MpTelemetryAddToStreamString
MpTelemetryIncrementDWORD
MpTelemetryInitialize
MpTelemetryIsOptIn
MpTelemetryLiteralAddToAverageDWORD
MpTelemetryLiteralAddToStreamDWORD
MpTelemetryLiteralAddToStreamDWORD64
MpTelemetryLiteralAddToStreamString
MpTelemetryLiteralIncrementDWORD
MpTelemetryLiteralSetDWORD
MpTelemetryLiteralSetDWORD64
MpTelemetryLiteralSetIfMaxDWORD
MpTelemetryLiteralSetIfMinDWORD
MpTelemetryLiteralSetString
MpTelemetrySetConsent
MpTelemetrySetDWORD
MpTelemetrySetDWORD64
MpTelemetrySetIfMaxDWORD
MpTelemetrySetIfMinDWORD
MpTelemetrySetString
MpTelemetryUninitialize
MpTelemetryUpdateUserConsent
MpTelemetryUpload
MpThreatAction
MpThreatEnumerate
MpThreatHistoryRequest
MpThreatLocalizedInfoQuery
MpThreatOpen
MpThreatQuery
MpThreatRollup
MpTriggerErrorHeartbeatReport
MpTriggerHeartbeatOnUninstall
MpTriggerStatusRefreshNotification
MpUnblockEngine
MpUnblockPlatform
MpUnblockSignatures
MpUpdateBrowserActiveTab
MpUpdateControl
MpUpdateDevMode
MpUpdateEngine
MpUpdatePlatform
MpUpdateServicePingRpc
MpUpdateStart
MpUpdateStartEx
MpUpdateTSMode
MpUpdateTSModeEx
MpUtilsExportFunctions
MpWDEnable
MpXBGMEnable
MpXBGMFreeEvent
MpXBGMGetData
MpXBGMPutData
MpXBGMUpdateIV
MputAddToAverageDWORD64Rpc
MputAddToAverageDWORDRpc
MputIncrementDWORD64Rpc
MputIncrementDWORDRpc
MputSetBoolRpc
MputSetDWORD64Rpc
MputSetDWORDRpc
MputSetIfMaxDWORD64Rpc
MputSetIfMaxDWORDRpc
MputSetIfMinDWORD64Rpc
MputSetIfMinDWORDRpc
MputSetStringRpc
WDEnable
WDStatus

Sections

.text
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
640c790e93a6b273c09b36cc8b1818f5a0baafe3aaa0de9c3622706e309c7c03.dll
.dll windows:10 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
931d78c733c6287cec991659ed16513862bfc6f5e42b74a8a82e4fa6c8a3fe06.exe
.dll windows:6 windows x64

de0e9a1c5146d0ccdbd2c591204b3397

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/12/2019, 00:00

Not After

07/12/2022, 12:00

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US,1.2.840.113549.1.9.1=#0c126e6f7265706c7940766d776172652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:aa:d4:1c:c1:a9:50:0b:5d:ed:a2:79:34:f4:62:3b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/08/2018, 00:00

Not After

11/09/2021, 23:59

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:b9:f5:87:1f:ee:68:c5:6a:1c:7f:f9:32:b3:7c:0a:d6:9f:c4:5e:88:68:d6:b3:b0:f0:17:03:0b:ed:a8:17
Signer

Actual PE Digest

22:b9:f5:87:1f:ee:68:c5:6a:1c:7f:f9:32:b3:7c:0a:d6:9f:c4:5e:88:68:d6:b3:b0:f0:17:03:0b:ed:a8:17

Digest Algorithm

sha256

PE Digest Matches

false

be:47:99:52:bb:0a:48:29:50:ab:67:9d:3c:65:d5:c5:7e:55:68:d0
Signer

Actual PE Digest

be:47:99:52:bb:0a:48:29:50:ab:67:9d:3c:65:d5:c5:7e:55:68:d0

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameW
OpenProcessToken
GetLengthSid
GetTokenInformation
DeregisterEventSource
RegisterEventSourceW
ReportEventW
AllocateAndInitializeSid
CopySid
FreeSid
InitializeSecurityDescriptor
IsValidSid
SetKernelObjectSecurity
SetSecurityDescriptorControl
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetEntriesInAclW
OpenThreadToken
AccessCheck
DuplicateToken
GetNamedSecurityInfoW
GetFileSecurityW
ImpersonateSelf
MapGenericMask
RevertToSelf
LookupAccountSidW
LookupAccountNameW
OpenSCManagerW
OpenServiceW
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
AddAccessAllowedAceEx
CheckTokenMembership
EqualSid
GetSecurityDescriptorControl
InitializeAcl
LookupPrivilegeValueA
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
GetExplicitEntriesFromAclW
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegLoadKeyW
RegQueryInfoKeyW
RegUnLoadKeyW
AddAccessAllowedAce
SetSecurityDescriptorGroup
AddAce
GetAce
GetAclInformation
GetSecurityDescriptorDacl
RegOpenKeyExA
CloseServiceHandle
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenCurrentUser
InitiateSystemShutdownW
QueryServiceStatus
DeleteAce
CreateProcessAsUserW

kernel32

GetConsoleWindow
OutputDebugStringA
GetCurrentProcess
LocalFree
RtlCaptureContext
RaiseException
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemInfo
VirtualAlloc
VirtualFree
LoadLibraryW
VirtualQuery
IsBadReadPtr
GetCurrentThread
FindClose
FindNextFileW
FlushFileBuffers
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
DuplicateHandle
CreateDirectoryW
DeleteFileW
FindFirstFileExW
GetFileAttributesExW
GetFileTime
GetVolumeInformationW
RemoveDirectoryW
SetFileTime
MoveFileExW
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileInformationByHandle
GetProcessTimes
OpenProcess
AllocConsole
TryEnterCriticalSection
DeleteCriticalSection
GetTickCount
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
GetLogicalDriveStringsW
GetShortPathNameW
GetTempFileNameW
QueryDosDeviceW
GetTempPathW
GetCompressedFileSizeW
WaitNamedPipeW
CreateProcessW
GetComputerNameExW
GetVersionExW
FreeLibrary
LoadLibraryA
GetFullPathNameW
SetFileAttributesW
GetModuleFileNameW
LoadLibraryExW
FormatMessageW
GetModuleHandleExW
GetFileAttributesA
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
GetDriveTypeA
WideCharToMultiByte
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
GetFileAttributesW
GetOverlappedResult
CancelIo
WaitForSingleObject
CreateEventA
MultiByteToWideChar
GetExitCodeProcess
GetVersionExA
GetNativeSystemInfo
GetProductInfo
lstrcmpiA
CreateToolhelp32Snapshot
Process32First
Process32Next
QueryPerformanceCounter
QueryPerformanceFrequency
GetTickCount64
GetACP
ExpandEnvironmentStringsA
IsDebuggerPresent
InitializeCriticalSection
CreateFileA
TerminateProcess
GetSystemFirmwareTable
SetFileInformationByHandle
SetFilePointer
GetFileSizeEx
CreateDirectoryA
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetProcAddress
GetModuleHandleW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCommandLineW
GetExitCodeThread
ReadProcessMemory
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetLogicalDrives
GetVolumeInformationA
FreeConsole
GetFileType
GetStdHandle
Sleep
DeviceIoControl
CloseHandle
CreateFileW
SetLastError
GetLocaleInfoW
GetLastError
InitializeCriticalSectionAndSpinCount

ole32

CoQueryProxyBlanket
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoTaskMemFree

oleaut32

VariantClear
VariantInit
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreate
SysFreeString
SysAllocString

shell32

SHGetFolderPathW
DragQueryFileW

user32

SystemParametersInfoW
GetWindowInfo
CallNextHookEx
OpenWindowStationW
CloseWindowStation
UnhookWindowsHookEx
SetWindowsHookExW
LoadStringW
GetClipboardFormatNameW
MessageBoxW
GetClassNameW
GetParent
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
TranslateMessage
GetUserObjectSecurity
SetUserObjectSecurity
GetProcessWindowStation
GetDesktopWindow
SetForegroundWindow
GetForegroundWindow
SendInput
IsWindowVisible
PostMessageW
SendMessageTimeoutW
ExitWindowsEx
CloseDesktop
EnumDesktopWindows
OpenInputDesktop
SetProcessWindowStation
OpenDesktopW

ws2_32

GetNameInfoW
WSASetLastError
setsockopt
select
ntohs
getsockopt
getsockname
ioctlsocket
accept
__WSAFDIsSet
WSACleanup
htonl
WSAGetLastError
WSAStartup
socket
send
recv
ntohl
connect
closesocket
bind

crypt32

CryptAcquireCertificatePrivateKey
CryptExportPKCS8
CertFindCertificateInStore
CertAddEncodedCertificateToStore
CertGetCertificateChain
CertFreeCertificateChain
CertCreateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertOpenStore

glib-2.0

g_key_file_new
g_key_file_free
g_key_file_get_keys
g_key_file_has_key
g_key_file_set_string
g_io_channel_win32_new_socket
g_io_channel_win32_new_fd
g_io_channel_win32_new_messages
g_io_add_watch
g_timeout_add
g_malloc0
g_date_time_format
g_date_time_get_microsecond
g_source_remove
g_source_is_destroyed
g_date_time_new_now_utc
g_main_current_source
g_slist_find
g_slist_prepend
g_slist_free
g_direct_equal
g_direct_hash
g_hash_table_size
g_hash_table_foreach_remove
g_hash_table_find
g_hash_table_steal
g_hash_table_replace
g_hash_table_new_full
g_once_init_leave
g_once_init_enter
g_malloc
g_locale_from_utf8
g_date_time_unref
g_rec_mutex_unlock
g_rec_mutex_lock
g_rec_mutex_init
g_rename
g_io_channel_write_chars
g_io_channel_flush
g_io_channel_set_encoding
g_utf16_to_utf8
g_file_test
g_filename_from_utf8
g_usleep
g_timeout_source_new
g_idle_source_new
g_source_set_callback
g_source_set_priority
g_source_destroy
g_source_attach
g_source_unref
g_main_context_unref
g_main_context_ref
g_str_hash
g_str_equal
g_hash_table_lookup
g_hash_table_remove
g_hash_table_insert
g_hash_table_destroy
g_hash_table_new
g_fopen
g_stat
g_fprintf
g_key_file_to_data
g_key_file_load_from_file
g_build_filename
g_file_error_quark
g_set_error
g_vasprintf
g_strcmp0
g_strfreev
g_vsnprintf
g_strsplit
g_strjoin
g_snprintf
g_unlink
g_strchomp
g_str_has_suffix
g_return_if_fail_warning
g_log_set_default_handler
g_log_default_handler
g_log_remove_handler
g_log_set_handler
g_get_user_name
g_ptr_array_foreach
g_ptr_array_add
g_ptr_array_remove_index
g_ptr_array_free
g_ptr_array_sized_new
g_source_new
g_ptr_array_new
g_strdup_printf
g_strdup
g_log
g_io_channel_new_file
g_io_channel_read_line
g_io_channel_unref
g_utf8_to_utf16
g_malloc0_n
g_free
g_once_impl
g_mutex_unlock
g_mutex_lock
g_mutex_clear
g_mutex_init
g_key_file_get_boolean
g_clear_error
g_array_sized_new
g_key_file_get_integer
g_source_add_poll
g_key_file_get_string

vcruntime140

__C_specific_handler
wcsstr
memcmp
wcsrchr
wcschr
__std_type_info_destroy_list
strstr
memset
memmove
strrchr
strchr
memchr
memcpy

api-ms-win-crt-heap-l1-1-0

calloc
malloc
realloc
free

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
isdigit
_wcsdup
strncat
isspace
strtok_s
_stricmp
islower
strtok
_strnicmp
_strupr
isprint
strncpy
wcsncmp
isalnum
_strlwr
tolower
_strdup
_wcslwr
wcsspn
strcspn
towupper
wcscspn

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
strerror
_initialize_narrow_environment
_beginthreadex
_getpid
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_execute_onexit_table
_errno
exit
abort

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_wopen
_wfopen
__stdio_common_vsprintf
fflush
fgetc
fgets
setvbuf
getc
__stdio_common_vfscanf
fputs
__acrt_iob_func
__stdio_common_vfprintf
_wfreopen
fclose
feof
fwrite

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
_ftime64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

_wgetenv
getenv

api-ms-win-crt-filesystem-l1-1-0

_wunlink
_wmkdir
_wfullpath
_wrename
_wstat64

api-ms-win-crt-convert-l1-1-0

_strtoi64
_strtoui64
strtoul
strtol
strtod
wcrtomb
_ecvt_s
_fcvt_s
mbtowc

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

frexp

Exports

Exports

Backdoor
BackdoorChannel_New
Backdoor_HbIn
Backdoor_HbOut
Base64_Decode
Base64_DecodedLength
Base64_EasyEncode
Base64_Encode
Base64_EncodedLength
CodeSet_CurrentToUtf8
CodeSet_DontUseIcu
CodeSet_GenericToGeneric
CodeSet_GetAltPathName
CodeSet_GetCurrentCodeSet
CodeSet_Init
CodeSet_Utf16leToUtf8
CodeSet_Utf8ToCurrent
CodeSet_Utf8ToUtf16le
CodeSet_Validate
Config_GetLong
CryptoHash_Compute
CryptoHash_FromString
CryptoHash_GetOutputSize
Debug
DictLL_ReadLine
DictLL_WriteLine
DynArray_AllocCount
DynArray_Destroy
DynArray_Init
DynArray_SetCount
DynBuf_Append
DynBuf_Attach
DynBuf_Copy
DynBuf_Destroy
DynBuf_Detach
DynBuf_Enlarge
DynBuf_Init
DynBuf_SafeInternalAppend
DynBuf_Trim
DynXdr_AllocGet
DynXdr_AppendRaw
DynXdr_Create
DynXdr_Destroy
DynXdr_Get
Err_ErrString
Err_Errno2String
Escape_Do
Escape_DoString
Escape_Undo
FileIO_Access
FileIO_Close
FileIO_ErrorEnglish
FileIO_GetSize
FileIO_Invalidate
FileIO_Open
FileIO_Read
FileIO_Write
File_CreateDirectory
File_CreateDirectoryEx
File_CreateDirectoryHierarchy
File_CreateDirectoryHierarchyEx
File_DeleteDirectoryTree
File_DeleteEmptyDirectory
File_EnsureDirectory
File_EnsureDirectoryEx
File_Exists
File_GetFilePermissions
File_GetModTime
File_GetPathName
File_GetSafeRandomTmpDir
File_GetSafeTmpDir
File_GetSize
File_GetSizeEx
File_GetTimes
File_IsDirectory
File_IsEmptyDirectory
File_IsFile
File_IsSameFile
File_IsSymLink
File_ListDirectory
File_MakeSafeTemp
File_MakeTempEx
File_MakeTempEx2
File_Move
File_PathJoin
File_SetFilePermissions
File_SetTimes
File_SplitName
File_StripSlashes
File_Unlink
File_UnlinkDelayed
File_UnlinkIfExists
File_UnlinkNoFollow
GuestApp_GetConfPath
GuestApp_GetDefaultScript
GuestApp_GetInstallPath
GuestApp_GetInstallPathW
HashTable_Alloc
HashTable_AllocOnce
HashTable_Clear
HashTable_Delete
HashTable_ForEach
HashTable_Free
HashTable_GetNumElements
HashTable_Insert
HashTable_KeyArray
HashTable_Lookup
HashTable_LookupAndDelete
HashTable_ReplaceOrInsert
HashTable_ToArray
Hostinfo_GetLibraryPath
Hostinfo_GetModulePath
Hostinfo_GetOSDetailType
Hostinfo_GetOSDetailedData
Hostinfo_GetOSGuestString
Hostinfo_GetOSName
Hostinfo_GetOSType
Hostinfo_GetSystemBitness
Hostinfo_GetTimeOfDay
Hostinfo_OSVersion
Hostinfo_SystemTimerNS
Log
LogV
MXUser_AcquireExclLock
MXUser_AcquireForRead
MXUser_AcquireForWrite
MXUser_AcquireRecLock
MXUser_BroadcastCondVar
MXUser_CreateCondVarExclLock
MXUser_CreateExclLock
MXUser_CreateRWLock
MXUser_CreateRecLock
MXUser_CreateSingletonExclLockInt
MXUser_CreateSingletonRWLockInt
MXUser_CreateSingletonRecLockInt
MXUser_DestroyCondVar
MXUser_DestroyExclLock
MXUser_DestroyRWLock
MXUser_DestroyRecLock
MXUser_IsCurThreadHoldingExclLock
MXUser_IsCurThreadHoldingRWLock
MXUser_IsCurThreadHoldingRecLock
MXUser_ReleaseExclLock
MXUser_ReleaseRWLock
MXUser_ReleaseRecLock
MXUser_SetInPanic
MXUser_SignalCondVar
MXUser_TimedWaitCondVarExclLock
MXUser_TryAcquireExclLock
MXUser_TryAcquireRecLock
MXUser_WaitCondVarExclLock
Message_Close
Message_Open
Message_Receive
Message_Send
NetUtil_GetPrimaryNic
Panic
Posix_Fopen
Posix_Getenv
Posix_Open
Posix_Stat
Preference_GetBool
ProcMgr_ExecAsync
ProcMgr_ExecSync
ProcMgr_Free
ProcMgr_FreeProcList
ProcMgr_GetAsyncProcSelectable
ProcMgr_GetExitCode
ProcMgr_GetImpersonatedUserInfo
ProcMgr_GetPid
ProcMgr_IsAsyncProcRunning
ProcMgr_KillByPid
ProcMgr_ListProcesses
ProcMgr_ListProcessesEx
ProductState_GetName
Random_Crypto
Random_Quick
Random_QuickSeed
Registry_GetRootHKey
Registry_KeyExists
Registry_ReadInteger
Registry_ReadMultiString
Registry_ReadString
Registry_SubkeysExist
Registry_WriteInteger
Registry_WriteString
RpcChannel_BuildXdrCommand
RpcChannel_Create
RpcChannel_Destroy
RpcChannel_Dispatch
RpcChannel_Free
RpcChannel_GetType
RpcChannel_New
RpcChannel_RegisterCallback
RpcChannel_Send
RpcChannel_SendOne
RpcChannel_SendOnePriv
RpcChannel_SendOneRaw
RpcChannel_SendOneRawPriv
RpcChannel_SetBackdoorOnly
RpcChannel_SetRetVals
RpcChannel_SetRetValsF
RpcChannel_Setup
RpcChannel_Start
RpcChannel_Stop
RpcChannel_UnregisterCallback
RpcOut_Construct
RpcOut_Destruct
RpcOut_SendOneRaw
RpcOut_send
RpcOut_sendOne
RpcOut_start
RpcOut_stop
RpcVMX_ConfigGetBool
RpcVMX_ConfigGetString
RpcVMX_Log
StdIO_ReadNextLine
StrUtil_DynBufPrintf
StrUtil_EndsWith
StrUtil_GetNextIntToken
StrUtil_GetNextToken
StrUtil_GetNextUintToken
StrUtil_StartsWith
StrUtil_StrToInt
StrUtil_StrToInt64
StrUtil_StrToUint
Str_Asprintf
Str_Aswprintf
Str_SafeAsprintf
Str_SafeAswprintf
Str_SafeVasprintf
Str_SafeVaswprintf
Str_Snprintf
Str_Snwprintf
Str_Sprintf
Str_Strcat
Str_Strcpy
Str_Strlen
Str_Strncat
Str_Strncpy
Str_Swprintf
Str_Vasprintf
Str_Vaswprintf
Str_Vsnprintf
Str_Wcscat
Str_Wcscpy
SyncDriver_CloseHandle
SyncDriver_Freeze
SyncDriver_Init
SyncDriver_QueryStatus
SyncDriver_Thaw
System_DisableAndKillScreenSaver
System_EnableDesktopComposition
System_GetEnv
System_GetNodeName
System_GetServiceState
System_GetTimeMonotonic
System_IsSecureDesktopActive
System_IsUserAdmin
System_SetEnv
System_SetFocusedWindow
System_SetProcessPrivilege
System_Shutdown
System_Uptime
TimeUtil_DateLowerThan
TimeUtil_DaysAdd
TimeUtil_NtTimeToUnixTime
TimeUtil_PopulateWithCurrent
TimeUtil_UnixTimeToNtTime
UUID_CreateRandom
Unicode_AllocWithLength
Unicode_CompareRange
Unicode_CopyBytes
Unicode_Duplicate
Unicode_EscapeBuffer
Unicode_FindLastSubstrInRange
Unicode_FindSubstrInRange
Unicode_FoldCase
Unicode_Format
Unicode_GetAllocBytes
Unicode_InitW
Unicode_IsBufferValid
Unicode_Join
Unicode_LengthInBytes
Unicode_LengthInCodePoints
Unicode_LengthInCodeUnits
Unicode_ReplaceRange
Unicode_Substr
Unicode_Trim
Unicode_TrimLeft
Unicode_TrimRight
Unicode_UTF16Strdup
Unicode_UTF16Strlen
UtilSafeCalloc0
UtilSafeCalloc1
UtilSafeMalloc0
UtilSafeMalloc1
UtilSafeRealloc0
UtilSafeRealloc1
UtilSafeStrdup0
UtilSafeStrdup1
UtilSafeStrndup0
UtilSafeStrndup1
Util_GetCanonicalPath
Util_Memdup
Util_TokenHasAdminPriv
VMTools_AttachConsole
VMTools_BindTextDomain
VMTools_ChangeLogFilePath
VMTools_ConfigGetBoolean
VMTools_ConfigGetInteger
VMTools_ConfigGetString
VMTools_ConfigLogToStdio
VMTools_ConfigLogging
VMTools_CreateTimer
VMTools_GetString
VMTools_GetTimeAsString
VMTools_GetUtf16String
VMTools_LoadConfig
VMTools_Log
VMTools_NewHandleSource
VMTools_ResumeLogIO
VMTools_SetGuestSDKMode
VMTools_SetupVmxGuestLog
VMTools_SuspendLogIO
VMTools_TeardownVmxGuestLog
VMTools_UseVmxGuestLog
VMTools_WrapArray
VMTools_WriteConfig
VMW_SHA1Final
VMW_SHA1Init
VMW_SHA1Update
VSockChannel_New
VmCheck_GetVersion
VmCheck_IsVirtualWorld
W32Util_AsciiStrToWideStr
W32Util_CheckGroupMembership
W32Util_GetInstalledFilePath
W32Util_GetModuleByAddress
W32Util_GetVmwareCommonAppDataFilePath
W32Util_OpenProductRegKey
W32Util_ReadFileTimeout
W32Util_WriteFileTimeout
WMI_EnableDHCP
WMI_EnableStatic
WMI_GetWMINicConfiguration
Warning
WarningToGuest
WarningToHost
Win32U_AllocString
Win32U_DragQueryFile
Win32U_EnumKeyExpandBuffer
Win32U_EnumValueExpandBuffer
Win32U_ExpandEnvironmentStrings
Win32U_ExpandEnvironmentStringsEx
Win32U_FindFirstFileW
Win32U_FormatMessage
Win32U_GetClassName
Win32U_GetClipboardFormatName
Win32U_GetComputerName
Win32U_GetComputerNameEx
Win32U_GetDiskFreeSpaceEx
Win32U_GetDriveType
Win32U_GetEnvironmentVariable
Win32U_GetFileAttributes
Win32U_GetLogicalDriveStrings
Win32U_GetModuleFileName
Win32U_GetModuleHandle
Win32U_GetUserName
Win32U_GetVolumeInformation
Win32U_LoadLibrary
Win32U_LookupAccountSid
Win32U_LookupSidForAccount
Win32U_PathUnExpandEnvStrings
Win32U_RecurseDeleteKeyEx
Win32U_RegCreateKeyEx
Win32U_RegDeleteValue
Win32U_RegEnumKeyEx
Win32U_RegOpenKeyEx
Win32U_RegQueryValueEx
Win32U_RegSetValueEx
Win32U_SHCopyKey
Win32U_SHDeleteKey
Win32U_SHGetFolderPath
Win32U_SHSetFolderPath
Win32U_SetEnvironmentVariable
Win32U_SetFileAttributes
WinReg_DeleteValue
WinReg_EnumerateSubkeys
WinReg_EnumerateValues
WinReg_GetDWORD
WinReg_GetSZ
WinReg_GetSZEx
WinReg_LoadHiveU
WinReg_SetDWORD
WinReg_SetSZ
WinReg_SetSZEx
WinReg_UnloadHiveU
WiperPartition_Close
WiperPartition_Open
WiperSinglePartition_Close
WiperSinglePartition_GetSpace
Wiper_Cancel
Wiper_Init
Wiper_IsWipeSupported
Wiper_Next
Wiper_Start
XdrUtil_ArrayAppend
XdrUtil_Deserialize
_loglevel_offset_user
getopt
getopt_long
logLevelPtr
optarg
optind
uriComposeQueryCharsRequiredA
uriComposeQueryMallocA
uriDissectQueryMallocA
uriEscapeA
uriFreeQueryListA
uriFreeUriMembersA
uriParseUriA
uriUnescapeInPlaceA
uriUriStringToWindowsFilenameA
uriWindowsFilenameToUriStringA
vm_free
xdr_DnsConfigInfo
xdr_GHIDisplaysDPIInfo
xdr_GuestNic
xdr_GuestNicList
xdr_GuestNicProto
xdr_NicInfoV3
xdr_VMCFBrokerConfig
xdr_VMCFBrokerRegistration
xdr_array
xdr_bool
xdr_bytes
xdr_char
xdr_double
xdr_enum
xdr_float
xdr_free
xdr_int
xdr_int16_t
xdr_int32_t
xdr_int64_t
xdr_long
xdr_netobj
xdr_opaque
xdr_pointer
xdr_reference
xdr_short
xdr_string
xdr_u_char
xdr_u_int
xdr_u_int16_t
xdr_u_int32_t
xdr_u_int64_t
xdr_u_long
xdr_u_short
xdr_union
xdr_vector
xdr_void
xdr_wrapstring
xdrmem_create

Sections

.text
Size: 477KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
956590aa9ddbd755ca05252d5d41b660fc361a01adbfffe4c30d25e54da0c0d5.exe
.dll windows:6 windows x64

c86121860bee8f7935c9ca830d327682

Code Sign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

14/05/2025, 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:fd:44:a2:30:d0:d5:f5:2d:1b:9c:46:b0:b2:8d:00:2b:c7:bf:43
Signer

Actual PE Digest

3a:fd:44:a2:30:d0:d5:f5:2d:1b:9c:46:b0:b2:8d:00:2b:c7:bf:43

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

send
sendto
recvfrom
WSACleanup
WSAStartup
htonl
select
__WSAFDIsSet
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
listen
accept
gethostname
freeaddrinfo
getaddrinfo
WSAIoctl
WSASetLastError
socket
setsockopt
recv
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
WSAGetLastError
closesocket

wldap32

ord217
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

advapi32

CryptAcquireContextA
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGenRandom
CryptReleaseContext

crypt32

CertFindCertificateInStore
PFXImportCertStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CryptStringToBinaryA
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertEnumCertificatesInStore
CertFreeCertificateChain

normaliz

IdnToAscii

kernel32

GetFileAttributesExW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetConsoleOutputCP
SetStdHandle
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
HeapReAlloc
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
GetStringTypeW
GetTimeZoneInformation
HeapSize
WriteConsoleW
WriteFile
SetLastError
GetDriveTypeW
CreateFileW
RtlPcToFileHeader
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
CloseHandle
WaitForSingleObjectEx
GetEnvironmentVariableA
Sleep
MoveFileExA
GetLastError
RtlUnwind
FormatMessageW
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_version
curl_version_info

Sections

.text
Size: 486KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b3d8bc93a96c992099d768beb42202b48a7fe4c9a1e3b391efbeeb1549ef5039.unknown
.png
fde93403ca92c188439a856b876f84cfacc6bac0d66ada65a65724ee5d875378.exe
.exe windows:5 windows x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

foo
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

392b4d61b1d1dadc1f06444df258188a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-console-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-systemtopology-l1-1-0

api-ms-win-core-console-l2-2-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-processtopology-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 176KB - Virtual size: 176KB

.data Size: 512B - Virtual size: 109KB

.idata Size: 9KB - Virtual size: 9KB

.didat Size: 512B - Virtual size: 72B

.rsrc Size: 33KB - Virtual size: 33KB

.reloc Size: 9KB - Virtual size: 9KB

21314122cd4542a6b9b297f52a87acbe

Code Sign

22:36:7d:be:fd:0a:32:5c:38:93:af:52:54:7b:14:faCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

22:36:7d:be:fd:0a:32:5c:38:93:af:52:54:7b:14:faCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

.text
Size: 176KB - Virtual size: 176KB

.data
Size: 512B - Virtual size: 109KB

.idata
Size: 9KB - Virtual size: 9KB

.didat
Size: 512B - Virtual size: 72B

.rsrc
Size: 33KB - Virtual size: 33KB

.reloc
Size: 9KB - Virtual size: 9KB

22:36:7d:be:fd:0a:32:5c:38:93:af:52:54:7b:14:fa
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

22:36:7d:be:fd:0a:32:5c:38:93:af:52:54:7b:14:fa
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

89:24:eb:de:93:37:2f:4e:3c:8a:0c:02:0e:fb:36:96:36:0a:15:d7:86:9f:5b:0b:b1:36:c2:15:a6:db:32:13
Signer

9c:ae:69:21:4b:95:ab:9d:00:0d:0b:51:d5:68:58:2f:22:3a:d8:c8
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 573KB - Virtual size: 573KB

.data
Size: 15KB - Virtual size: 52KB

.rsrc
Size: 178KB - Virtual size: 177KB

.reloc
Size: 163KB - Virtual size: 162KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

6a:3e:03:22:f7:cc:73:3d:ce:b2:31:84:34:7a:9e:db
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

37:4b:20:8a:ab:8a:99:62:52:45:44:d2:6c:a1:c8:52:b5:49:4e:42:b4:44:df:eb:3e:7e:fb:66:4c:93:a7:85
Signer

.text
Size: 394KB - Virtual size: 394KB

.data
Size: 15KB - Virtual size: 15KB

.rdata
Size: 288KB - Virtual size: 287KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 5KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

57:92:5f:9e:bb:34:72:79:eb:52:52:c7:bd:d1:dd:34:c5:28:82:01:f4:66:87:dd:fd:11:72:f4:7c:55:7f:47
Signer