_cgo_dummy_export
Overview
overview
5Static
static
3cfk34.zip
windows11-21h2-x64
1cfk34/Coffee.exe
windows11-21h2-x64
5cfk34/Func...ty.txt
windows11-21h2-x64
3cfk34/cof.dll
windows11-21h2-x64
1cfk34/conf...-1.dll
windows11-21h2-x64
1cfk34/conf...-0.dll
windows11-21h2-x64
3cfk34/conf...-0.dll
windows11-21h2-x64
1cfk34/conf...-0.dll
windows11-21h2-x64
1cfk34/conf...-0.dll
windows11-21h2-x64
1cfk34/conf..._d.dll
windows11-21h2-x64
1cfk34/conf...g.json
windows11-21h2-x64
3cfk34/conf...64.dll
windows11-21h2-x64
1cfk34/conf...64.dll
windows11-21h2-x64
1Resubmissions
11/12/2023, 23:42
231211-3p3jlabcgn 5Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cfk34.zip
Resource
win11-20231128-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
cfk34/Coffee.exe
Resource
win11-20231128-en
windows11-21h2-x64
4 signatures
150 seconds
Behavioral task
behavioral3
Sample
cfk34/Functionality.txt
Resource
win11-20231129-en
windows11-21h2-x64
4 signatures
150 seconds
Behavioral task
behavioral4
Sample
cfk34/cof.dll
Resource
win11-20231128-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
cfk34/config/api-ms-win-core-processthreads-l1-1-1.dll
Resource
win11-20231129-en
windows11-21h2-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
cfk34/config/api-ms-win-core-synch-l1-2-0.dll
Resource
win11-20231128-en
windows11-21h2-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
cfk34/config/api-ms-win-crt-locale-l1-1-0.dll
Resource
win11-20231129-en
windows11-21h2-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
cfk34/config/api-ms-win-crt-stdio-l1-1-0.dll
Resource
win11-20231129-en
windows11-21h2-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
cfk34/config/api-ms-win-crt-utility-l1-1-0.dll
Resource
win11-20231129-en
windows11-21h2-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
cfk34/config/browser_d.dll
Resource
win11-20231129-en
windows11-21h2-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
cfk34/config/config.json
Resource
win11-20231129-en
windows11-21h2-x64
3 signatures
150 seconds
Behavioral task
behavioral12
Sample
cfk34/config/udp_connect_lsp64.dll
Resource
win11-20231128-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
cfk34/config/ws2detour_x64.dll
Resource
win11-20231128-en
windows11-21h2-x64
1 signatures
150 seconds
General
-
Target
cfk34.zip
-
Size
18.1MB
-
MD5
54160e133a7aa997b85764bf507e42c6
-
SHA1
5c1d068c1b17de3e8c73c399162d8772edf5462e
-
SHA256
4627b46854bc226320a97b17f6b1346a9404783ef68688441e4910cb5315e5d5
-
SHA512
f54354b6d8700b0ea0833ca5df0df46d466bac487476c620d3351e31d39939f0c6f3363ab95dbda6f9d25748625f51aa536d03e666291d41a7355f491b7f9294
-
SSDEEP
393216:gKqRE1BO7go2+YTmfkDn7rrDOBrQxyqN3DjDdnmhW7bkTgS+4tTr:AR8Oko2mfkDn7/DOFoyqtDjghWHCgyt3
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/cfk34/Coffee.exe unpack001/cfk34/config/browser_d.dll
Files
-
cfk34.zip.zip
Password: hg289
-
cfk34/Coffee.exe.exe windows:6 windows x64 arch:x64
Password: hg289
5929190c8765f5bc37b052ab5c6c53e7
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
AddAtomA
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler
msvcrt
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen
Exports
Exports
Sections
.text Size: 1002KB - Virtual size: 1002KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 98KB - Virtual size: 97KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 353KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 78B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 112B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 16B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cfk34/Functionality.txt
-
cfk34/cof.dll
-
cfk34/config/api-ms-win-core-processthreads-l1-1-1.dll.dll windows:10 windows x86 arch:x86
Password: hg289
Code Sign
33:00:00:00:71:b3:2e:8a:6b:82:aa:1f:4e:00:00:00:00:00:71Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before20/03/2015, 17:32Not After20/06/2016, 17:32SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7bCertificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before01/10/2014, 18:06Not After01/01/2016, 18:06SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
93:8f:37:ea:38:32:b5:2c:15:ae:ed:a8:ee:e0:e3:f1:16:94:64:6e:fa:d3:22:31:8e:18:32:15:a6:35:13:dbSigner
Actual PE Digest93:8f:37:ea:38:32:b5:2c:15:ae:ed:a8:ee:e0:e3:f1:16:94:64:6e:fa:d3:22:31:8e:18:32:15:a6:35:13:dbDigest Algorithmsha256PE Digest Matchestrue92:d5:b7:c6:49:78:1e:cb:23:46:d6:54:d2:13:9b:7f:7f:04:0e:f0Signer
Actual PE Digest92:d5:b7:c6:49:78:1e:cb:23:46:d6:54:d2:13:9b:7f:7f:04:0e:f0Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
FlushInstructionCache
GetCurrentProcessorNumber
GetCurrentProcessorNumberEx
GetCurrentThreadStackLimits
GetProcessHandleCount
GetProcessMitigationPolicy
GetThreadContext
GetThreadIdealProcessorEx
GetThreadTimes
IsProcessorFeaturePresent
OpenProcess
SetProcessMitigationPolicy
SetThreadContext
SetThreadIdealProcessorEx
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
cfk34/config/api-ms-win-core-synch-l1-2-0.dll.dll windows:10 windows x86 arch:x86
Password: hg289
Code Sign
33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6fCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before20/03/2015, 17:32Not After20/06/2016, 17:32SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7bCertificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before01/10/2014, 18:06Not After01/01/2016, 18:06SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8f:53:ff:26:4d:a8:b8:39:a9:ed:d8:ca:1c:ef:ec:69:52:c6:66:5d:6c:11:28:c2:af:32:71:0b:bf:8a:ed:04Signer
Actual PE Digest8f:53:ff:26:4d:a8:b8:39:a9:ed:d8:ca:1c:ef:ec:69:52:c6:66:5d:6c:11:28:c2:af:32:71:0b:bf:8a:ed:04Digest Algorithmsha256PE Digest Matchestruee8:3f:e5:ba:1a:45:07:69:a1:1f:f7:b0:8c:93:b1:98:62:ca:c0:1cSigner
Actual PE Digeste8:3f:e5:ba:1a:45:07:69:a1:1f:f7:b0:8c:93:b1:98:62:ca:c0:1cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
DeleteSynchronizationBarrier
EnterSynchronizationBarrier
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeSynchronizationBarrier
SignalObjectAndWait
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
WaitOnAddress
WakeAllConditionVariable
WakeByAddressAll
WakeByAddressSingle
WakeConditionVariable
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
cfk34/config/api-ms-win-crt-locale-l1-1-0.dll.dll windows:10 windows x86 arch:x86
Password: hg289
Code Sign
33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6fCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before20/03/2015, 17:32Not After20/06/2016, 17:32SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7bCertificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before01/10/2014, 18:06Not After01/01/2016, 18:06SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
50:03:b4:4d:d6:f6:4c:10:ec:26:de:d6:b6:c0:00:a6:52:c3:49:c6:d2:f2:c5:75:5c:ca:8d:71:a5:ce:32:a8Signer
Actual PE Digest50:03:b4:4d:d6:f6:4c:10:ec:26:de:d6:b6:c0:00:a6:52:c3:49:c6:d2:f2:c5:75:5c:ca:8d:71:a5:ce:32:a8Digest Algorithmsha256PE Digest Matchestrue86:e1:ab:21:73:70:53:4b:a9:cf:ab:26:71:32:64:5b:dd:4e:68:13Signer
Actual PE Digest86:e1:ab:21:73:70:53:4b:a9:cf:ab:26:71:32:64:5b:dd:4e:68:13Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__initialize_lconv_for_unsigned_char
__pctype_func
__pwctype_func
_configthreadlocale
_create_locale
_free_locale
_get_current_locale
_getmbcp
_lock_locales
_setmbcp
_unlock_locales
_wcreate_locale
_wsetlocale
localeconv
setlocale
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
cfk34/config/api-ms-win-crt-stdio-l1-1-0.dll.dll windows:10 windows x86 arch:x86
Password: hg289
Code Sign
33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6fCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before20/03/2015, 17:32Not After20/06/2016, 17:32SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7bCertificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before01/10/2014, 18:06Not After01/01/2016, 18:06SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c6:9d:4e:3e:1f:aa:48:66:3d:70:a3:fe:82:f0:90:ba:f5:60:8a:5b:ff:67:8e:ab:f5:5f:14:56:ec:b3:39:9aSigner
Actual PE Digestc6:9d:4e:3e:1f:aa:48:66:3d:70:a3:fe:82:f0:90:ba:f5:60:8a:5b:ff:67:8e:ab:f5:5f:14:56:ec:b3:39:9aDigest Algorithmsha256PE Digest Matchestrueac:b2:dc:5a:48:b5:b2:3c:7e:b2:a1:58:c3:c1:23:bc:2e:4e:61:65Signer
Actual PE Digestac:b2:dc:5a:48:b5:b2:3c:7e:b2:a1:58:c3:c1:23:bc:2e:4e:61:65Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
_chsize
_chsize_s
_close
_commit
_creat
_dup
_dup2
_eof
_fclose_nolock
_fcloseall
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_flushall
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_ftell_nolock
_ftelli64
_ftelli64_nolock
_fwrite_nolock
_get_fmode
_get_osfhandle
_get_printf_count_output
_get_stream_buffer_pointers
_getc_nolock
_getcwd
_getdcwd
_getmaxstdio
_getw
_getwc_nolock
_getws
_getws_s
_isatty
_kbhit
_locking
_lseek
_lseeki64
_mktemp
_mktemp_s
_open
_open_osfhandle
_pclose
_pipe
_popen
_putc_nolock
_putw
_putwc_nolock
_putws
_read
_rmtmp
_set_fmode
_set_printf_count_output
_setmaxstdio
_setmode
_sopen
_sopen_dispatch
_sopen_s
_tell
_telli64
_tempnam
_ungetc_nolock
_ungetwc_nolock
_wcreat
_wfdopen
_wfopen
_wfopen_s
_wfreopen
_wfreopen_s
_wfsopen
_wmktemp
_wmktemp_s
_wopen
_wpopen
_write
_wsopen
_wsopen_dispatch
_wsopen_s
_wtempnam
_wtmpnam
_wtmpnam_s
clearerr
clearerr_s
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fgetwc
fgetws
fopen
fopen_s
fputc
fputs
fputwc
fputws
fread
fread_s
freopen
freopen_s
fseek
fsetpos
ftell
fwrite
getc
getchar
gets
gets_s
getwc
getwchar
putc
putchar
puts
putwc
putwchar
rewind
setbuf
setvbuf
tmpfile
tmpfile_s
tmpnam
tmpnam_s
ungetc
ungetwc
Sections
.text Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
cfk34/config/api-ms-win-crt-utility-l1-1-0.dll.dll windows:10 windows x86 arch:x86
Password: hg289
Code Sign
33:00:00:00:6f:65:2d:58:6d:07:11:46:28:00:00:00:00:00:6fCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before20/03/2015, 17:32Not After20/06/2016, 17:32SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/06/2015, 17:42Not After04/09/2016, 17:42SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:33:26:1a:00:00:00:00:00:31Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before31/08/2010, 22:19Not After31/08/2020, 22:29SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7bCertificate
IssuerCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before01/10/2014, 18:06Not After01/01/2016, 18:06SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0c:52:4c:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before06/07/2010, 20:40Not After06/07/2025, 20:50SubjectCN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
7a:72:9a:74:6e:a5:89:e2:ce:5a:04:1c:b5:5e:23:d0:8d:7e:15:1f:3d:a0:da:a0:29:02:55:d8:7d:38:41:7bSigner
Actual PE Digest7a:72:9a:74:6e:a5:89:e2:ce:5a:04:1c:b5:5e:23:d0:8d:7e:15:1f:3d:a0:da:a0:29:02:55:d8:7d:38:41:7bDigest Algorithmsha256PE Digest Matchestrue3c:9d:95:50:d3:49:7f:41:bc:7c:91:87:ac:34:23:f0:d2:90:7e:7cSigner
Actual PE Digest3c:9d:95:50:d3:49:7f:41:bc:7c:91:87:ac:34:23:f0:d2:90:7e:7cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
_abs64
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_lfind
_lfind_s
_lrotl
_lrotr
_lsearch
_lsearch_s
_rotl
_rotl64
_rotr
_rotr64
_swab
abs
bsearch
bsearch_s
div
imaxabs
imaxdiv
labs
ldiv
llabs
lldiv
qsort
qsort_s
rand
rand_s
srand
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
cfk34/config/browser_d.dll.dll windows:5 windows x86 arch:x86
Password: hg289
a9b2f56b7dd0e6a7628346d81460565a
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
FreeLibrary
LoadLibraryW
lstrcatW
GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
lstrlenA
RaiseException
MultiByteToWideChar
IsDebuggerPresent
WideCharToMultiByte
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
VirtualQuery
msvcr100d
_except_handler4_common
_amsg_exit
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
__clean_type_info_names_internal
__CxxFrameHandler3
memcpy
_initterm_e
_initterm
_CrtSetCheckCount
_encoded_null
_free_dbg
_malloc_dbg
_onexit
_lock
__dllonexit
_unlock
_CRT_RTC_INITW
memmove
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_CxxThrowException
wcslen
??3@YAXPAX@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
msvcp100d
??1_Container_base12@std@@QAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
shlwapi
PathRemoveFileSpecW
Exports
Exports
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
CrashForException
DumpProcess
DumpProcessWithoutCrash
GetHandleVerifier
InjectDumpForHangDebugging
InjectDumpProcessWithoutCrash
IsSandboxedProcess
RelaunchChromeBrowserWithNewCommandLineIfNeeded
SetCrashKeyValueImpl
TerminateProcessWithoutDump
_Init@4
_UnInit@0
cef_add_cross_origin_whitelist_entry
cef_api_hash
cef_base64decode
cef_base64encode
cef_begin_tracing
cef_binary_value_create
cef_browser_host_create_browser
cef_browser_host_create_browser_sync
cef_browser_view_create
cef_browser_view_get_for_browser
cef_clear_cross_origin_whitelist
cef_clear_scheme_handler_factories
cef_command_line_create
cef_command_line_get_global
cef_cookie_manager_create_manager
cef_cookie_manager_get_global_manager
cef_create_context_shared
cef_create_url
cef_currently_on
cef_dictionary_value_create
cef_display_get_alls
cef_display_get_count
cef_display_get_matching_bounds
cef_display_get_nearest_point
cef_display_get_primary
cef_do_message_loop_work
cef_drag_data_create
cef_enable_highdpi_support
cef_end_tracing
cef_execute_process
cef_format_url_for_security_display
cef_get_current_platform_thread_handle
cef_get_current_platform_thread_id
cef_get_extensions_for_mime_type
cef_get_geolocation
cef_get_mime_type
cef_get_min_log_level
cef_get_path
cef_get_vlog_level
cef_image_create
cef_initialize
cef_is_cert_status_error
cef_is_cert_status_minor_error
cef_is_web_plugin_unstable
cef_label_button_create
cef_launch_process
cef_list_value_create
cef_log
cef_menu_button_create
cef_menu_model_create
cef_now_from_system_trace_time
cef_panel_create
cef_parse_json
cef_parse_jsonand_return_error
cef_parse_url
cef_post_data_create
cef_post_data_element_create
cef_post_delayed_task
cef_post_task
cef_print_settings_create
cef_process_message_create
cef_quit_message_loop
cef_refresh_web_plugins
cef_register_extension
cef_register_scheme_handler_factory
cef_register_web_plugin_crash
cef_register_widevine_cdm
cef_remove_cross_origin_whitelist_entry
cef_request_context_create_context
cef_request_context_get_global_context
cef_request_create
cef_resource_bundle_get_global
cef_response_create
cef_run_message_loop
cef_scroll_view_create
cef_set_osmodal_loop
cef_shutdown
cef_stream_reader_create_for_data
cef_stream_reader_create_for_file
cef_stream_reader_create_for_handler
cef_stream_writer_create_for_file
cef_stream_writer_create_for_handler
cef_string_ascii_to_utf16
cef_string_ascii_to_wide
cef_string_list_alloc
cef_string_list_append
cef_string_list_clear
cef_string_list_copy
cef_string_list_free
cef_string_list_size
cef_string_list_value
cef_string_map_alloc
cef_string_map_append
cef_string_map_clear
cef_string_map_find
cef_string_map_free
cef_string_map_key
cef_string_map_size
cef_string_map_value
cef_string_multimap_alloc
cef_string_multimap_append
cef_string_multimap_clear
cef_string_multimap_enumerate
cef_string_multimap_find_count
cef_string_multimap_free
cef_string_multimap_key
cef_string_multimap_size
cef_string_multimap_value
cef_string_userfree_utf16_alloc
cef_string_userfree_utf16_free
cef_string_userfree_utf8_alloc
cef_string_userfree_utf8_free
cef_string_userfree_wide_alloc
cef_string_userfree_wide_free
cef_string_utf16_clear
cef_string_utf16_cmp
cef_string_utf16_set
cef_string_utf16_to_utf8
cef_string_utf16_to_wide
cef_string_utf8_clear
cef_string_utf8_cmp
cef_string_utf8_set
cef_string_utf8_to_utf16
cef_string_utf8_to_wide
cef_string_wide_clear
cef_string_wide_cmp
cef_string_wide_set
cef_string_wide_to_utf16
cef_string_wide_to_utf8
cef_task_runner_get_for_current_thread
cef_task_runner_get_for_thread
cef_textfield_create
cef_time_delta
cef_time_from_doublet
cef_time_from_timet
cef_time_now
cef_time_to_doublet
cef_time_to_timet
cef_trace_counter
cef_trace_counter_id
cef_trace_event_async_begin
cef_trace_event_async_end
cef_trace_event_async_step_into
cef_trace_event_async_step_past
cef_trace_event_begin
cef_trace_event_end
cef_trace_event_instant
cef_translator_test_create
cef_translator_test_object_child_child_create
cef_translator_test_object_child_create
cef_translator_test_object_create
cef_unregister_internal_web_plugin
cef_uridecode
cef_uriencode
cef_urlrequest_create
cef_v8context_get_current_context
cef_v8context_get_entered_context
cef_v8context_in_context
cef_v8stack_trace_get_current
cef_v8value_create_array
cef_v8value_create_bool
cef_v8value_create_date
cef_v8value_create_double
cef_v8value_create_function
cef_v8value_create_int
cef_v8value_create_null
cef_v8value_create_object
cef_v8value_create_string
cef_v8value_create_uint
cef_v8value_create_undefined
cef_value_create
cef_version_info
cef_visit_web_plugin_info
cef_window_create_top_level
cef_write_json
cef_xml_reader_create
cef_zip_reader_create
Sections
.textbss Size: - Virtual size: 64KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cfk34/config/config.json
-
cfk34/config/udp_connect_lsp64.dll.dll windows:5 windows x64 arch:x64
Password: hg289
2fc9e11ca0fe7df4982058e243d8bc19
Code Sign
0a:0a:24:51:16:b3:5a:e1:e2:59:41:25:4c:42:67:d2Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before24/11/2022, 00:00Not After25/11/2025, 23:59SubjectSERIALNUMBER=202237112N,CN=GearUP Portal Pte. Ltd.,O=GearUP Portal Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2013, 12:00Not After15/01/2038, 12:00SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f6:8b:48:ce:7f:c7:cf:9d:2d:4b:82:95:58:08:ac:fe:87:41:02:08:c9:57:48:91:dc:d6:fa:e1:99:68:5a:42Signer
Actual PE Digestf6:8b:48:ce:7f:c7:cf:9d:2d:4b:82:95:58:08:ac:fe:87:41:02:08:c9:57:48:91:dc:d6:fa:e1:99:68:5a:42Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
shlwapi
PathFindFileNameA
ws2_32
inet_ntop
connect
WSCGetProviderPath
WSAGetLastError
WSCEnumProtocols
WSAEnumProtocolsW
ntohs
socket
closesocket
send
htons
inet_addr
kernel32
GetTimeFormatW
CompareStringW
CreateFileW
ReadFile
SetEndOfFile
WriteConsoleW
FlushFileBuffers
CreateFileA
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FindResourceExW
FindResourceW
LoadResource
OutputDebugStringW
InitializeCriticalSection
WideCharToMultiByte
SizeofResource
LeaveCriticalSection
MultiByteToWideChar
EnterCriticalSection
LockResource
DeleteCriticalSection
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SetEvent
GlobalAlloc
LoadLibraryW
TerminateThread
GetLastError
GetProcAddress
GlobalFree
CreateEventW
GetModuleFileNameA
OpenFileMappingW
CloseHandle
CreateThread
ExpandEnvironmentStringsW
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetLocaleInfoW
GetStringTypeW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
EncodePointer
DecodePointer
Sleep
GetDateFormatW
SetEnvironmentVariableA
GetSystemTimeAsFileTime
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetCPInfo
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
SetStdHandle
GetFileType
SetFilePointer
SetHandleCount
GetStdHandle
GetStartupInfoW
HeapSetInformation
GetVersion
HeapCreate
GetModuleHandleW
ExitProcess
WriteFile
GetModuleFileNameW
GetTimeZoneInformation
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
user32
wvsprintfW
wsprintfW
shell32
SHGetSpecialFolderPathW
Exports
Exports
WSPStartup
Sections
.text Size: 170KB - Virtual size: 169KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 9KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 9KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
cfk34/config/ws2detour_x64.dll.dll windows:5 windows x64 arch:x64
e2bf4a65223405389ccab5c07756b647
Code Sign
0a:0a:24:51:16:b3:5a:e1:e2:59:41:25:4c:42:67:d2Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before24/11/2022, 00:00Not After25/11/2025, 23:59SubjectSERIALNUMBER=202237112N,CN=GearUP Portal Pte. Ltd.,O=GearUP Portal Pte. Ltd.,L=Singapore,C=SG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13025347Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2013, 12:00Not After15/01/2038, 12:00SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
9a:bf:6c:dc:f8:83:cc:81:52:49:72:41:25:f5:1e:bc:c2:ee:aa:9d:29:45:59:39:ff:62:8c:c8:15:81:fe:eeSigner
Actual PE Digest9a:bf:6c:dc:f8:83:cc:81:52:49:72:41:25:f5:1e:bc:c2:ee:aa:9d:29:45:59:39:ff:62:8c:c8:15:81:fe:eeDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
crypt32
CertDuplicateCertificateContext
CertCloseStore
CertEnumCertificatesInStore
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptQueryObject
kernel32
CloseHandle
GetCurrentProcessId
LocalFree
GetSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
OpenFileMappingW
GetEnvironmentVariableW
GetVersion
WriteFile
GetFileType
GetStdHandle
SetLastError
RtlVirtualUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleHandleExW
GetSystemTimeAsFileTime
DeleteFiber
ConvertFiberToThread
FreeLibrary
LoadLibraryA
FindNextFileW
FindFirstFileW
FindClose
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetThreadContext
HeapReAlloc
SetThreadContext
HeapAlloc
GetCurrentProcess
HeapFree
Thread32First
HeapDestroy
HeapCreate
Thread32Next
FlushInstructionCache
OpenThread
VirtualProtect
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
GetDriveTypeW
CompareStringW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceFrequency
GetCurrentDirectoryW
CreateFileA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
ReadFile
GetLastError
GetModuleFileNameW
Sleep
LoadLibraryW
GetModuleHandleW
QueryPerformanceCounter
GetQueuedCompletionStatus
UnmapViewOfFile
MapViewOfFile
CreateThread
DeleteCriticalSection
CreateEventW
GlobalFree
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
InitializeCriticalSection
SetEvent
WaitForSingleObject
FlushFileBuffers
GetConsoleCP
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
SetHandleCount
SetFilePointer
SetStdHandle
CreateFileW
SetEnvironmentVariableA
SetEnvironmentVariableW
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
FlsFree
FlsGetValue
HeapSetInformation
GetLocaleInfoW
HeapSize
RtlCaptureContext
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LCMapStringW
GetCPInfo
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
SetConsoleCtrlHandler
ExitProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
GetCommandLineA
FlsSetValue
DecodePointer
EncodePointer
CreateFileMappingW
LocalAlloc
GetStringTypeW
GetProcAddress
user32
TranslateMessage
CreateWindowExW
PostMessageW
UnregisterClassW
GetMessageW
RegisterClassW
wsprintfW
wvsprintfW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxW
DestroyWindow
DispatchMessageW
DefWindowProcW
advapi32
CryptDestroyHash
SetSecurityDescriptorDacl
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
CryptEnumProvidersW
CryptDestroyKey
CryptGetProvParam
CryptDecrypt
CryptCreateHash
CryptSetHashParam
CryptSignHashW
CryptGetUserKey
CryptExportKey
InitializeSecurityDescriptor
shell32
SHGetSpecialFolderPathW
ws2_32
htonl
getaddrinfo
WSARecv
WSASocketW
WSASend
select
WSAGetLastError
WSAConnect
WSAEnumNetworkEvents
htons
inet_addr
ntohs
setsockopt
sendto
recv
bind
socket
WSAGetOverlappedResult
__WSAFDIsSet
WSASetLastError
closesocket
gethostbyname
send
WSAAsyncSelect
WSASendTo
ntohl
recvfrom
WSAStartup
connect
WSAIoctl
getpeername
WSAEventSelect
FreeAddrInfoW
getsockopt
WSAAddressToStringA
getservbyname
WSAStringToAddressA
WSACleanup
WSARecvFrom
freeaddrinfo
iphlpapi
IcmpSendEcho2
IcmpSendEcho
IcmpParseReplies
shlwapi
PathFindFileNameA
PathFindFileNameW
PathFileExistsA
Exports
Exports
SetHook
UnsetHook
Sections
.text Size: 2.1MB - Virtual size: 2.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 672KB - Virtual size: 672KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 25KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 94KB - Virtual size: 94KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Shared Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 29KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ