FTN_Froxy[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

FTN_Froxy.rar
Size

17.2MB
MD5

bd924d197421cb6778203d768875e3d2
SHA1

8275a4eee685583c940146429860f585b881611f
SHA256

6085cd70ef900879cf3fc20437786080218dbe7beefdd6b245f411285fc9d1f3
SHA512

1b3f9e07d0848f08d62d044106c0f339284b3757347d9a98cce4ac0d2571f639dcfa5cab64f3019537374da2f8388def637aeed176afb36382e328a8ccdedb48
SSDEEP

393216:iFp4HaboijmEVzlBaeIiFNQ2Q1CrNQ2Q1CNFp4HaboijmEVzlBaeIi0:iLg6hyejZ7Lg6hye6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Froxy/dll.dll

Files

FTN_Froxy.rar
.rar
Froxy/IFTN.dll
.dll windows:5 windows x86 arch:x86

857d4a63212ab8ab3a4b6cf620b5da7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2018, 00:00

Not After

01/03/2020, 23:59

Subject

CN=Apple Inc.,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2018, 00:00

Not After

01/03/2020, 23:59

Subject

CN=Apple Inc.,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:4a:ad:cc:b4:5a:30:26:6f:fd:52:28:7c:32:9d:63:95:d6:1d:06:e2:8c:23:21:30:f0:32:e9:5a:8e:8a:11
Signer

Actual PE Digest

66:4a:ad:cc:b4:5a:30:26:6f:fd:52:28:7c:32:9d:63:95:d6:1d:06:e2:8c:23:21:30:f0:32:e9:5a:8e:8a:11

Digest Algorithm

sha256

PE Digest Matches

true

26:b1:c7:06:48:dd:b5:a4:ca:43:d8:ab:e4:0b:11:cc:87:57:ff:3c
Signer

Actual PE Digest

26:b1:c7:06:48:dd:b5:a4:ca:43:d8:ab:e4:0b:11:cc:87:57:ff:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
HeapSize
OutputDebugStringW
GetStringTypeW
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryExW
FreeLibrary
SetConsoleCtrlHandler
GetModuleFileNameW
WriteFile
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetStdHandle
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
SetEndOfFile
SetEnvironmentVariableA
ReadConsoleW
ReadFile
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetCommandLineA
CreateFileW
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
InterlockedExchangeAdd
InterlockedCompareExchange
GetSystemInfo
GetVersionExA
LoadLibraryExA
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
SetErrorMode
LoadLibraryA
FindFirstFileExW
FindClose
FileTimeToSystemTime
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
RaiseException
WaitForMultipleObjects
QueryPerformanceFrequency
GetThreadPriority
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
SetLastError
GetLastError
GetCurrentThreadId
CreateThread
OpenThread
SetThreadPriority

corefoundation

CFStringGetDoubleValue
kCFAllocatorNull
CFPreferencesGetAppBooleanValue
CFStringGetCharacterAtIndex
CFBundleCopyBuiltInPlugInsURL
CFURLCreateCopyAppendingPathComponent
CFBundleCopyResourceURL
CFBundleGetBundleWithIdentifier
CFArrayAppendValue
CFDictionaryAddValue
CFArrayGetTypeID
CFNumberFormatterCreateStringWithNumber
CFNumberFormatterCreate
CFLocaleGetSystem
CFDataGetTypeID
CFPropertyListCreateXMLData
CFPropertyListCreateFromXMLData
CFCalendarComposeAbsoluteTime
CFCalendarCopyCurrent
CFDateCreate
CFStringCreateMutableCopy
CFDictionaryRemoveValue
CFDictionarySetValue
CFDictionaryApplyFunction
CFDictionaryGetKeysAndValues
CFDictionaryGetCount
CFTimeZoneCopySystem
CFAbsoluteTimeGetGregorianDate
kCFPreferencesCurrentUser
kCFPreferencesCurrentHost
CFPreferencesSynchronize
CFPreferencesCopyAppValue
CFBooleanGetValue
CFBooleanGetTypeID
CFStringInsert
CFStringAppendCString
CFStringAppend
CFStringCreateMutable
CFStringGetSystemEncoding
CFStringGetMaximumSizeForEncoding
CFDictionaryGetTypeID
CFStringHasPrefix
kCFAbsoluteTimeIntervalSince1904
CFAbsoluteTimeGetCurrent
CFDictionaryCreateMutableCopy
CFDataGetBytes
CFStringGetPascalString
CFURLCreateWithBytes
CFStringGetIntValue
CFStringCreateWithBytes
CFStringCreateWithPascalString
CFDataSetLength
CFPropertyListCreateData
CFPropertyListCreateWithData
CFURLCopyAbsoluteURL
__CFStringMakeConstantString
CFStringCompare
CFBundleGetMainBundle
CFBundleGetIdentifier
CFBundleGetVersionNumber
CFRetain
CFRelease
CFArrayCreateMutable
CFDictionaryCreateMutable
CFDictionaryContainsKey
CFDictionaryGetValueIfPresent
CFStringCreateWithFormat
CFStringGetCString
CFNumberGetTypeID
CFNumberGetValue
kCFTypeArrayCallBacks
kCFTypeDictionaryKeyCallBacks
kCFTypeDictionaryValueCallBacks
CFBundleCopyLocalizedString
CFDataGetLength
CFDataGetBytePtr
CFRunLoopGetCurrent
CFRunLoopRunInMode
CFRunLoopWakeUp
CFRunLoopAddSource
CFRunLoopRemoveSource
CFRunLoopSourceCreate
CFRunLoopSourceSignal
kCFRunLoopDefaultMode
kCFRunLoopCommonModes
CFArrayCreate
CFArrayGetCount
CFArrayGetValueAtIndex
CFArrayGetFirstIndexOfValue
CFURLGetFileSystemRepresentation
CFURLCopyPathExtension
CFSetCreateMutable
CFSetGetCount
CFSetApplyFunction
CFSetAddValue
_CFURLGetWideFileSystemRepresentation
kCFAllocatorDefault
kCFTypeSetCallBacks
CFDictionaryCreate
CFDictionaryGetValue
CFStringCreateWithCString
CFStringCreateWithCharacters
CFStringCreateCopy
CFNumberCreate
CFGetTypeID
CFEqual
CFStringGetTypeID
CFStringCreateWithFormatAndArguments
CFStringGetLength
CFStringGetBytes
CFDataCreate
CFDataCreateMutable
CFDataCreateMutableCopy
CFDataGetMutableBytePtr
CFDataIncreaseLength
CFDataAppendBytes
CFStringGetCharacters

libdispatch

dispatch_async_f
dispatch_semaphore_create
dispatch_release
dispatch_once_f
dispatch_semaphore_signal
dispatch_semaphore_wait
dispatch_after_f
dispatch_time
dispatch_get_global_queue

dsound

ord2
ord1

user32

GetActiveWindow
GetDesktopWindow
LoadStringW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
PropVariantClear
CLSIDFromString

Exports

Exports

ACAC3DecoderEntry
ACAC3DecoderFactory
ACAMRDecoderEntry
ACAMREncoderEntry
ACAppleIMA4DecoderEntry
ACAppleIMA4EncoderEntry
ACAppleLosslessDecoderEntry
ACAppleLosslessEncoderEntry
ACGSMDecoderEntry
ACILBCDecoderEntry
ACILBCEncoderEntry
ACMP3DecoderEntry
ACMP4AACHighEfficiencyDecoderEntry
ACMP4AACHighEfficiencyEncoderEntry
ACMP4AACHighEfficiencyEncoderFactory
ACMP4AACLowComplexityDecoderEntry
ACMP4AACLowComplexityEncoderEntry
ACMPADecoderEntry
ACMSADPCMDecoderEntry
ACPureVoiceDecoderEntry
ACPureVoiceEncoderEntry
ACQDesignDecoderEntry
AQOfflineMixerConnectAudioQueue
AQOfflineMixerDisconnectAudioQueue
AQOfflineMixerDispose
AQOfflineMixerGetProperty
AQOfflineMixerGetPropertySize
AQOfflineMixerNew
AQOfflineMixerRender
AQOfflineMixerReset
AQOfflineMixerSetProperty
AUControlFreakFactory
AUConverterEntry
AUDirectSoundEntry
AUGenericOutputEntry
AUGraphicEQEntry
AUHighShelfFilterEntry
AULittleLateNightModeFactory
AULowShelfFilterEntry
AUMatrixMixerEntry
AUMozartCompressorSingleBandFactory
AUMultiChannelMixerEntry
AUPitchEntry
AUVarispeedEntry
AUWASAPIEntry
AudioCodecAppendInputBufferList
AudioCodecAppendInputData
AudioCodecGetProperty
AudioCodecGetPropertyInfo
AudioCodecInitialize
AudioCodecProduceOutputBufferList
AudioCodecProduceOutputPackets
AudioCodecReset
AudioCodecSetProperty
AudioCodecUninitialize
AudioComponentCopyName
AudioComponentCount
AudioComponentFindNext
AudioComponentGetDescription
AudioComponentGetVersion
AudioComponentInstanceCanDo
AudioComponentInstanceDispose
AudioComponentInstanceGetComponent
AudioComponentInstanceNew
AudioComponentRegister
AudioConverterConvertBuffer
AudioConverterDispose
AudioConverterFillBuffer
AudioConverterFillComplexBuffer
AudioConverterGetProperty
AudioConverterGetPropertyInfo
AudioConverterNew
AudioConverterNewSpecific
AudioConverterReset
AudioConverterSetProperty
AudioFileClose
AudioFileCountUserData
AudioFileCreateWithURL
AudioFileGetGlobalInfo
AudioFileGetGlobalInfoSize
AudioFileGetProperty
AudioFileGetPropertyInfo
AudioFileGetUserData
AudioFileGetUserDataSize
AudioFileInitializeWithCallbacks
AudioFileOpenURL
AudioFileOpenWithCallbacks
AudioFileOptimize
AudioFileReadBytes
AudioFileReadPacketData
AudioFileReadPackets
AudioFileRemoveUserData
AudioFileSetProperty
AudioFileSetUserData
AudioFileStreamClose
AudioFileStreamGetProperty
AudioFileStreamGetPropertyInfo
AudioFileStreamOpen
AudioFileStreamParseBytes
AudioFileStreamSeek
AudioFileStreamSetProperty
AudioFileWriteBytes
AudioFileWritePackets
AudioFormatGetProperty
AudioFormatGetPropertyInfo
AudioOutputUnitStart
AudioOutputUnitStop
AudioQueueAddPropertyListener
AudioQueueAllocateBuffer
AudioQueueAllocateBufferWithMemory
AudioQueueAllocateBufferWithPacketDescriptions
AudioQueueAllocateBufferWithPacketDescriptionsWithMemory
AudioQueueConvertToScaledSampleTime
AudioQueueConvertToUnscaledSampleTime
AudioQueueCreateTimeline
AudioQueueDeviceGetCurrentTime
AudioQueueDeviceGetNearestStartTime
AudioQueueDeviceTranslateTime
AudioQueueDispose
AudioQueueDisposeTimeline
AudioQueueEnqueueBuffer
AudioQueueEnqueueBufferWithParameters
AudioQueueEnqueueSilence
AudioQueueFlush
AudioQueueFreeBuffer
AudioQueueGetCurrentTime
AudioQueueGetParameter
AudioQueueGetProperty
AudioQueueGetPropertySize
AudioQueueNewInput
AudioQueueNewOutput
AudioQueueOfflineRender
AudioQueuePause
AudioQueuePrime
AudioQueueRemovePropertyListener
AudioQueueReset
AudioQueueScheduleParameters
AudioQueueSetOfflineRenderFormat
AudioQueueSetParameter
AudioQueueSetProperty
AudioQueueStart
AudioQueueStop
AudioUnitAddPropertyListener
AudioUnitAddRenderNotify
AudioUnitGetParameter
AudioUnitGetProperty
AudioUnitGetPropertyInfo
AudioUnitInitialize
AudioUnitRemovePropertyListener
AudioUnitRemovePropertyListenerWithUserData
AudioUnitRemoveRenderNotify
AudioUnitRender
AudioUnitReset
AudioUnitScheduleParameters
AudioUnitSetParameter
AudioUnitSetProperty
AudioUnitUninitialize
CAShow
CAShowFile
DllMain
ExtAudioFileCreateWithURL
ExtAudioFileDispose
ExtAudioFileGetProperty
ExtAudioFileGetPropertyInfo
ExtAudioFileOpenURL
ExtAudioFileRead
ExtAudioFileSeek
ExtAudioFileSetProperty
ExtAudioFileTell
ExtAudioFileWrapAudioFileID
ExtAudioFileWrite
ExtAudioFileWriteAsync
MPADecoderEntry
RefAudioFileReadBytes
RefAudioFileReadPackets
RefAudioFileWriteBytes
RefAudioFileWritePackets
RefExtAudioFileSeek

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Froxy/dll.dll
.dll windows:6 windows x64 arch:x64

7c3913caa40e422b969ae9abda9d1f71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

vcruntime140

memset
__std_exception_destroy
__std_type_info_destroy_list
_CxxThrowException
__C_specific_handler
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-math-l1-1-0

round
cosf
sinf

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Froxy/free cheat.txt
Froxy/injector.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Code Sign

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:cc:3a:25:bf:ba:44:ac:44:9a:9b:58:6b:43:39:aa
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/06/2010, 21:57

Not After

23/06/2035, 22:04

Subject

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:14:83:ca:97:60:74:2f:08:69:ce:bb:5c:b3:74:30:29:c1:b3:80:7e:b5:e4:67:a1:84:e4:93:d8:5a:27:fe
Signer

Actual PE Digest

25:14:83:ca:97:60:74:2f:08:69:ce:bb:5c:b3:74:30:29:c1:b3:80:7e:b5:e4:67:a1:84:e4:93:d8:5a:27:fe

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Froxy/luncher.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Code Sign

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/05/2022, 19:23

Not After

04/05/2023, 19:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:cc:3a:25:bf:ba:44:ac:44:9a:9b:58:6b:43:39:aa
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/06/2010, 21:57

Not After

23/06/2035, 22:04

Subject

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:14:83:ca:97:60:74:2f:08:69:ce:bb:5c:b3:74:30:29:c1:b3:80:7e:b5:e4:67:a1:84:e4:93:d8:5a:27:fe
Signer

Actual PE Digest

25:14:83:ca:97:60:74:2f:08:69:ce:bb:5c:b3:74:30:29:c1:b3:80:7e:b5:e4:67:a1:84:e4:93:d8:5a:27:fe

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Froxy/test.dll
.dll windows:5 windows x86 arch:x86

857d4a63212ab8ab3a4b6cf620b5da7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2018, 00:00

Not After

01/03/2020, 23:59

Subject

CN=Apple Inc.,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2018, 00:00

Not After

01/03/2020, 23:59

Subject

CN=Apple Inc.,O=Apple Inc.,L=Cupertino,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:4a:ad:cc:b4:5a:30:26:6f:fd:52:28:7c:32:9d:63:95:d6:1d:06:e2:8c:23:21:30:f0:32:e9:5a:8e:8a:11
Signer

Actual PE Digest

66:4a:ad:cc:b4:5a:30:26:6f:fd:52:28:7c:32:9d:63:95:d6:1d:06:e2:8c:23:21:30:f0:32:e9:5a:8e:8a:11

Digest Algorithm

sha256

PE Digest Matches

true

26:b1:c7:06:48:dd:b5:a4:ca:43:d8:ab:e4:0b:11:cc:87:57:ff:3c
Signer

Actual PE Digest

26:b1:c7:06:48:dd:b5:a4:ca:43:d8:ab:e4:0b:11:cc:87:57:ff:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
CompareStringW
HeapSize
OutputDebugStringW
GetStringTypeW
HeapReAlloc
HeapAlloc
RtlUnwind
LoadLibraryExW
FreeLibrary
SetConsoleCtrlHandler
GetModuleFileNameW
WriteFile
IsProcessorFeaturePresent
IsDebuggerPresent
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapFree
GetModuleFileNameA
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetStdHandle
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
SetEndOfFile
SetEnvironmentVariableA
ReadConsoleW
ReadFile
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
GetCommandLineA
CreateFileW
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
OutputDebugStringA
InterlockedExchangeAdd
InterlockedCompareExchange
GetSystemInfo
GetVersionExA
LoadLibraryExA
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
SetErrorMode
LoadLibraryA
FindFirstFileExW
FindClose
FileTimeToSystemTime
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
RaiseException
WaitForMultipleObjects
QueryPerformanceFrequency
GetThreadPriority
GetProcessHeap
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
SetLastError
GetLastError
GetCurrentThreadId
CreateThread
OpenThread
SetThreadPriority

corefoundation

CFStringGetDoubleValue
kCFAllocatorNull
CFPreferencesGetAppBooleanValue
CFStringGetCharacterAtIndex
CFBundleCopyBuiltInPlugInsURL
CFURLCreateCopyAppendingPathComponent
CFBundleCopyResourceURL
CFBundleGetBundleWithIdentifier
CFArrayAppendValue
CFDictionaryAddValue
CFArrayGetTypeID
CFNumberFormatterCreateStringWithNumber
CFNumberFormatterCreate
CFLocaleGetSystem
CFDataGetTypeID
CFPropertyListCreateXMLData
CFPropertyListCreateFromXMLData
CFCalendarComposeAbsoluteTime
CFCalendarCopyCurrent
CFDateCreate
CFStringCreateMutableCopy
CFDictionaryRemoveValue
CFDictionarySetValue
CFDictionaryApplyFunction
CFDictionaryGetKeysAndValues
CFDictionaryGetCount
CFTimeZoneCopySystem
CFAbsoluteTimeGetGregorianDate
kCFPreferencesCurrentUser
kCFPreferencesCurrentHost
CFPreferencesSynchronize
CFPreferencesCopyAppValue
CFBooleanGetValue
CFBooleanGetTypeID
CFStringInsert
CFStringAppendCString
CFStringAppend
CFStringCreateMutable
CFStringGetSystemEncoding
CFStringGetMaximumSizeForEncoding
CFDictionaryGetTypeID
CFStringHasPrefix
kCFAbsoluteTimeIntervalSince1904
CFAbsoluteTimeGetCurrent
CFDictionaryCreateMutableCopy
CFDataGetBytes
CFStringGetPascalString
CFURLCreateWithBytes
CFStringGetIntValue
CFStringCreateWithBytes
CFStringCreateWithPascalString
CFDataSetLength
CFPropertyListCreateData
CFPropertyListCreateWithData
CFURLCopyAbsoluteURL
__CFStringMakeConstantString
CFStringCompare
CFBundleGetMainBundle
CFBundleGetIdentifier
CFBundleGetVersionNumber
CFRetain
CFRelease
CFArrayCreateMutable
CFDictionaryCreateMutable
CFDictionaryContainsKey
CFDictionaryGetValueIfPresent
CFStringCreateWithFormat
CFStringGetCString
CFNumberGetTypeID
CFNumberGetValue
kCFTypeArrayCallBacks
kCFTypeDictionaryKeyCallBacks
kCFTypeDictionaryValueCallBacks
CFBundleCopyLocalizedString
CFDataGetLength
CFDataGetBytePtr
CFRunLoopGetCurrent
CFRunLoopRunInMode
CFRunLoopWakeUp
CFRunLoopAddSource
CFRunLoopRemoveSource
CFRunLoopSourceCreate
CFRunLoopSourceSignal
kCFRunLoopDefaultMode
kCFRunLoopCommonModes
CFArrayCreate
CFArrayGetCount
CFArrayGetValueAtIndex
CFArrayGetFirstIndexOfValue
CFURLGetFileSystemRepresentation
CFURLCopyPathExtension
CFSetCreateMutable
CFSetGetCount
CFSetApplyFunction
CFSetAddValue
_CFURLGetWideFileSystemRepresentation
kCFAllocatorDefault
kCFTypeSetCallBacks
CFDictionaryCreate
CFDictionaryGetValue
CFStringCreateWithCString
CFStringCreateWithCharacters
CFStringCreateCopy
CFNumberCreate
CFGetTypeID
CFEqual
CFStringGetTypeID
CFStringCreateWithFormatAndArguments
CFStringGetLength
CFStringGetBytes
CFDataCreate
CFDataCreateMutable
CFDataCreateMutableCopy
CFDataGetMutableBytePtr
CFDataIncreaseLength
CFDataAppendBytes
CFStringGetCharacters

libdispatch

dispatch_async_f
dispatch_semaphore_create
dispatch_release
dispatch_once_f
dispatch_semaphore_signal
dispatch_semaphore_wait
dispatch_after_f
dispatch_time
dispatch_get_global_queue

dsound

ord2
ord1

user32

GetActiveWindow
GetDesktopWindow
LoadStringW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree
PropVariantClear
CLSIDFromString

Exports

Exports

ACAC3DecoderEntry
ACAC3DecoderFactory
ACAMRDecoderEntry
ACAMREncoderEntry
ACAppleIMA4DecoderEntry
ACAppleIMA4EncoderEntry
ACAppleLosslessDecoderEntry
ACAppleLosslessEncoderEntry
ACGSMDecoderEntry
ACILBCDecoderEntry
ACILBCEncoderEntry
ACMP3DecoderEntry
ACMP4AACHighEfficiencyDecoderEntry
ACMP4AACHighEfficiencyEncoderEntry
ACMP4AACHighEfficiencyEncoderFactory
ACMP4AACLowComplexityDecoderEntry
ACMP4AACLowComplexityEncoderEntry
ACMPADecoderEntry
ACMSADPCMDecoderEntry
ACPureVoiceDecoderEntry
ACPureVoiceEncoderEntry
ACQDesignDecoderEntry
AQOfflineMixerConnectAudioQueue
AQOfflineMixerDisconnectAudioQueue
AQOfflineMixerDispose
AQOfflineMixerGetProperty
AQOfflineMixerGetPropertySize
AQOfflineMixerNew
AQOfflineMixerRender
AQOfflineMixerReset
AQOfflineMixerSetProperty
AUControlFreakFactory
AUConverterEntry
AUDirectSoundEntry
AUGenericOutputEntry
AUGraphicEQEntry
AUHighShelfFilterEntry
AULittleLateNightModeFactory
AULowShelfFilterEntry
AUMatrixMixerEntry
AUMozartCompressorSingleBandFactory
AUMultiChannelMixerEntry
AUPitchEntry
AUVarispeedEntry
AUWASAPIEntry
AudioCodecAppendInputBufferList
AudioCodecAppendInputData
AudioCodecGetProperty
AudioCodecGetPropertyInfo
AudioCodecInitialize
AudioCodecProduceOutputBufferList
AudioCodecProduceOutputPackets
AudioCodecReset
AudioCodecSetProperty
AudioCodecUninitialize
AudioComponentCopyName
AudioComponentCount
AudioComponentFindNext
AudioComponentGetDescription
AudioComponentGetVersion
AudioComponentInstanceCanDo
AudioComponentInstanceDispose
AudioComponentInstanceGetComponent
AudioComponentInstanceNew
AudioComponentRegister
AudioConverterConvertBuffer
AudioConverterDispose
AudioConverterFillBuffer
AudioConverterFillComplexBuffer
AudioConverterGetProperty
AudioConverterGetPropertyInfo
AudioConverterNew
AudioConverterNewSpecific
AudioConverterReset
AudioConverterSetProperty
AudioFileClose
AudioFileCountUserData
AudioFileCreateWithURL
AudioFileGetGlobalInfo
AudioFileGetGlobalInfoSize
AudioFileGetProperty
AudioFileGetPropertyInfo
AudioFileGetUserData
AudioFileGetUserDataSize
AudioFileInitializeWithCallbacks
AudioFileOpenURL
AudioFileOpenWithCallbacks
AudioFileOptimize
AudioFileReadBytes
AudioFileReadPacketData
AudioFileReadPackets
AudioFileRemoveUserData
AudioFileSetProperty
AudioFileSetUserData
AudioFileStreamClose
AudioFileStreamGetProperty
AudioFileStreamGetPropertyInfo
AudioFileStreamOpen
AudioFileStreamParseBytes
AudioFileStreamSeek
AudioFileStreamSetProperty
AudioFileWriteBytes
AudioFileWritePackets
AudioFormatGetProperty
AudioFormatGetPropertyInfo
AudioOutputUnitStart
AudioOutputUnitStop
AudioQueueAddPropertyListener
AudioQueueAllocateBuffer
AudioQueueAllocateBufferWithMemory
AudioQueueAllocateBufferWithPacketDescriptions
AudioQueueAllocateBufferWithPacketDescriptionsWithMemory
AudioQueueConvertToScaledSampleTime
AudioQueueConvertToUnscaledSampleTime
AudioQueueCreateTimeline
AudioQueueDeviceGetCurrentTime
AudioQueueDeviceGetNearestStartTime
AudioQueueDeviceTranslateTime
AudioQueueDispose
AudioQueueDisposeTimeline
AudioQueueEnqueueBuffer
AudioQueueEnqueueBufferWithParameters
AudioQueueEnqueueSilence
AudioQueueFlush
AudioQueueFreeBuffer
AudioQueueGetCurrentTime
AudioQueueGetParameter
AudioQueueGetProperty
AudioQueueGetPropertySize
AudioQueueNewInput
AudioQueueNewOutput
AudioQueueOfflineRender
AudioQueuePause
AudioQueuePrime
AudioQueueRemovePropertyListener
AudioQueueReset
AudioQueueScheduleParameters
AudioQueueSetOfflineRenderFormat
AudioQueueSetParameter
AudioQueueSetProperty
AudioQueueStart
AudioQueueStop
AudioUnitAddPropertyListener
AudioUnitAddRenderNotify
AudioUnitGetParameter
AudioUnitGetProperty
AudioUnitGetPropertyInfo
AudioUnitInitialize
AudioUnitRemovePropertyListener
AudioUnitRemovePropertyListenerWithUserData
AudioUnitRemoveRenderNotify
AudioUnitRender
AudioUnitReset
AudioUnitScheduleParameters
AudioUnitSetParameter
AudioUnitSetProperty
AudioUnitUninitialize
CAShow
CAShowFile
DllMain
ExtAudioFileCreateWithURL
ExtAudioFileDispose
ExtAudioFileGetProperty
ExtAudioFileGetPropertyInfo
ExtAudioFileOpenURL
ExtAudioFileRead
ExtAudioFileSeek
ExtAudioFileSetProperty
ExtAudioFileTell
ExtAudioFileWrapAudioFileID
ExtAudioFileWrite
ExtAudioFileWriteAsync
MPADecoderEntry
RefAudioFileReadBytes
RefAudioFileReadPackets
RefAudioFileWriteBytes
RefAudioFileWritePackets
RefExtAudioFileSeek

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857d4a63212ab8ab3a4b6cf620b5da7a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3bCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

66:4a:ad:cc:b4:5a:30:26:6f:fd:52:28:7c:32:9d:63:95:d6:1d:06:e2:8c:23:21:30:f0:32:e9:5a:8e:8a:11Signer

26:b1:c7:06:48:dd:b5:a4:ca:43:d8:ab:e4:0b:11:cc:87:57:ff:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

corefoundation

libdispatch

dsound

user32

ole32

Exports

Exports

Sections

.text Size: 4.8MB - Virtual size: 4.8MB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 41KB - Virtual size: 187KB

_RDATA Size: 9KB - Virtual size: 8KB

.rsrc Size: 312KB - Virtual size: 312KB

.reloc Size: 125KB - Virtual size: 124KB

7c3913caa40e422b969ae9abda9d1f71

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 18KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 512B - Virtual size: 100B

1af6c885af093afc55142c2f1761dbe8

Code Sign

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8bCertificate

Extended Key Usages

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8bCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

28:cc:3a:25:bf:ba:44:ac:44:9a:9b:58:6b:43:39:aaCertificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

66:4a:ad:cc:b4:5a:30:26:6f:fd:52:28:7c:32:9d:63:95:d6:1d:06:e2:8c:23:21:30:f0:32:e9:5a:8e:8a:11
Signer

26:b1:c7:06:48:dd:b5:a4:ca:43:d8:ab:e4:0b:11:cc:87:57:ff:3c
Signer

.text
Size: 4.8MB - Virtual size: 4.8MB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 41KB - Virtual size: 187KB

_RDATA
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 312KB - Virtual size: 312KB

.reloc
Size: 125KB - Virtual size: 124KB

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 18KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 512B - Virtual size: 100B

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

28:cc:3a:25:bf:ba:44:ac:44:9a:9b:58:6b:43:39:aa
Certificate

25:14:83:ca:97:60:74:2f:08:69:ce:bb:5c:b3:74:30:29:c1:b3:80:7e:b5:e4:67:a1:84:e4:93:d8:5a:27:fe
Signer

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

33:00:00:03:8b:79:45:c1:8b:0e:b6:87:ec:00:00:00:00:03:8b
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

28:cc:3a:25:bf:ba:44:ac:44:9a:9b:58:6b:43:39:aa
Certificate

25:14:83:ca:97:60:74:2f:08:69:ce:bb:5c:b3:74:30:29:c1:b3:80:7e:b5:e4:67:a1:84:e4:93:d8:5a:27:fe
Signer

.text
Size: 167KB - Virtual size: 166KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

31:b1:b0:8c:88:99:ca:88:3c:e1:b0:f1:7d:56:40:3b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate