tcl86t[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

tcl86t.dll
Size

1.8MB
MD5

75909678c6a79ca2ca780a1ceb00232e
SHA1

39ddbeb1c288335abe910a5011d7034345425f7d
SHA256

fbfd065f861ec0a90dd513bc209c56bbc23c54d2839964a0ec2df95848af7860
SHA512

91689413826d3b2e13fc7f579a71b676547bc4c06d2bb100b4168def12ab09b65359d1612b31a15d21cb55147bbab4934e6711351a0440c1533fb94fe53313bf
SSDEEP

24576:aNJSAyrJZwdI3xpXxBX4Crw9yilqy+uVUD5Wbsr+Qt682zhPlkPkGqTvI92jHBH9:aNgjid2LD5W4ac6xdLvIkhHP4ATdeD0

Score

1^/10

Malware Config

Signatures

Files

tcl86t.dll
.dll windows:6 windows x64 arch:x64

63f8d50bc57576c5767c793bd6b231e3

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:3e:d5:ed:a0:65:d1:b8:c9:1d:fc:f9:2a:6c:9b:d8
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/12/2018, 00:00

Not After

22/12/2021, 12:00

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Wolfeboro,ST=New Hampshire,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:ac:52:62:67:a9:64:a5:28:b2:03:f8:98:84:c2:05:7f:c2:c6:6b:f6:9d:f4:4f:e3:ca:63:17:47:78:6c:b9
Signer

Actual PE Digest

88:ac:52:62:67:a9:64:a5:28:b2:03:f8:98:84:c2:05:7f:c2:c6:6b:f6:9d:f4:4f:e3:ca:63:17:47:78:6c:b9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
SetFilePointer
SetEndOfFile
CreateFileW
GetFileAttributesW
DuplicateHandle
GetConsoleMode
GetLastError
GetCommState
CloseHandle
GetFileType
FlushFileBuffers
SetConsoleMode
GetConsoleCP
SetThreadPriority
WaitForSingleObject
CreateEventW
SetEvent
ReadConsoleW
CreateThread
ResetEvent
PeekConsoleInputW
WriteConsoleW
CreateDirectoryW
FindFirstFileW
GetFullPathNameW
FindNextFileW
RemoveDirectoryW
FindClose
GetVolumeInformationA
SetFileAttributesW
DeleteFileW
GetLogicalDriveStringsA
CopyFileW
GetTempFileNameW
MoveFileW
GetVolumeInformationW
FindFirstFileExW
lstrlenW
DeviceIoControl
SetFileTime
GetModuleFileNameW
CreateHardLinkW
MultiByteToWideChar
GetFileInformationByHandle
GetFileAttributesExW
OutputDebugStringW
GetCurrentThread
GetWindowsDirectoryA
GetStdHandle
SetCurrentDirectoryW
LocalFree
WideCharToMultiByte
GetPrivateProfileStringA
GetModuleFileNameA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetACP
GetSystemInfo
GetProcAddress
GetModuleHandleW
lstrcmpiA
GetTempPathW
GetCurrentProcessId
FreeLibrary
LoadLibraryExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
DeleteCriticalSection
SleepEx
SearchPathW
GetShortPathNameW
CreatePipe
PeekNamedPipe
GetExitCodeThread
TerminateThread
CreateProcessW
GetExitCodeProcess
PurgeComm
GetCommModemStatus
SetupComm
BuildCommDCBW
EscapeCommFunction
ClearCommError
GetOverlappedResult
SetCommTimeouts
SetCommState
SetHandleInformation
GetComputerNameExW
TlsSetValue
WaitForSingleObjectEx
TlsAlloc
TlsGetValue
TlsFree
QueryPerformanceFrequency
GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlLookupFunctionEntry
GetCurrentProcess
ReadFile
DisableThreadLibraryCalls
GetVolumeNameForVolumeMountPointW
GetVersionExW
HeapReAlloc
IsDebuggerPresent
ExitProcess
FormatMessageW
GetProcessHeap
HeapAlloc
GetCurrentDirectoryW
HeapFree
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
RtlCaptureContext

advapi32

GetUserNameW
RevertToSelf
AccessCheck
EqualSid
GetNamedSecurityInfoW
GetSecurityDescriptorOwner
ImpersonateSelf
OpenProcessToken
GetFileSecurityW
OpenThreadToken
GetSidIdentifierAuthority
GetTokenInformation

netapi32

NetGetDCName
NetUserGetInfo
NetApiBufferFree

user32

MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
UnregisterClassW
CreateWindowExW
DestroyWindow
PostMessageW
TranslateMessage
GetMessageW
WaitForInputIdle
GetWindowLongPtrW
SendMessageW
SetWindowLongPtrW
MessageBeep
CharLowerW
wsprintfA
RegisterClassW
KillTimer
wsprintfW
PostQuitMessage
DefWindowProcW
MessageBoxW

userenv

GetProfilesDirectoryW

ws2_32

closesocket
bind
accept
listen
WSAAsyncSelect
getpeername
select
send
setsockopt
getsockopt
getservbyname
ntohs
getaddrinfo
WSAStartup
getsockname
socket
connect
inet_ntoa
gethostname
recv
htons
freeaddrinfo
ioctlsocket
getnameinfo
shutdown
WSAGetLastError

api-ms-win-crt-stdio-l1-1-0

fflush
__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf
_isatty

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-string-l1-1-0

isxdigit
strncpy
_stricmp
strncmp
strpbrk
strcmp
isalpha
islower
tolower
_wcsnicmp
_wcsicmp
isdigit
wcsncmp
strlen
_strnicmp

api-ms-win-crt-convert-l1-1-0

_wtoi
atoi
strtol
strtoul

api-ms-win-crt-math-l1-1-0

atan
sin
modf
_isnan
log10
fabs
hypot
ceil
cos
tanh
sqrt
tan
floor
sinh
atan2
asin
_finite
_copysign
ldexp
frexp
acos
fmod
pow
exp
cosh
log

api-ms-win-crt-runtime-l1-1-0

_endthreadex
_beginthreadex
_cexit
_execute_onexit_table
_initialize_onexit_table
_controlfp
_initialize_narrow_environment
_configure_narrow_argv
_errno
abort
_seh_filter_dll
_initterm_e
strerror
_initterm
exit
_getpid

api-ms-win-crt-environment-l1-1-0

_wgetenv
_wputenv
__p__wenviron

api-ms-win-crt-time-l1-1-0

_gmtime64
_ftime64
_tzset
_mktime64
_localtime64
_get_timezone

api-ms-win-crt-heap-l1-1-0

malloc
free

vcruntime140

strrchr
__C_specific_handler
wcschr
memcmp
memset
strchr
__std_type_info_destroy_list
memmove
memchr
memcpy
strstr

Exports

Exports

TclAddLiteralObj
TclAllocateFreeObjects
TclBNInitBignumFromLong
TclBNInitBignumFromWideInt
TclBNInitBignumFromWideUInt
TclBN_epoch
TclBN_fast_s_mp_mul_digs
TclBN_fast_s_mp_sqr
TclBN_mp_add
TclBN_mp_add_d
TclBN_mp_and
TclBN_mp_clamp
TclBN_mp_clear
TclBN_mp_clear_multi
TclBN_mp_cmp
TclBN_mp_cmp_d
TclBN_mp_cmp_mag
TclBN_mp_cnt_lsb
TclBN_mp_copy
TclBN_mp_count_bits
TclBN_mp_div
TclBN_mp_div_2
TclBN_mp_div_2d
TclBN_mp_div_3
TclBN_mp_div_d
TclBN_mp_exch
TclBN_mp_expt_d
TclBN_mp_expt_d_ex
TclBN_mp_get_mag_ull
TclBN_mp_grow
TclBN_mp_init
TclBN_mp_init_copy
TclBN_mp_init_multi
TclBN_mp_init_set
TclBN_mp_init_set_int
TclBN_mp_init_size
TclBN_mp_karatsuba_mul
TclBN_mp_karatsuba_sqr
TclBN_mp_lshd
TclBN_mp_mod
TclBN_mp_mod_2d
TclBN_mp_mul
TclBN_mp_mul_2
TclBN_mp_mul_2d
TclBN_mp_mul_d
TclBN_mp_neg
TclBN_mp_or
TclBN_mp_radix_size
TclBN_mp_read_radix
TclBN_mp_rshd
TclBN_mp_set
TclBN_mp_set_int
TclBN_mp_set_ll
TclBN_mp_set_ull
TclBN_mp_shrink
TclBN_mp_signed_rsh
TclBN_mp_sqr
TclBN_mp_sqrt
TclBN_mp_sub
TclBN_mp_sub_d
TclBN_mp_to_radix
TclBN_mp_to_ubin
TclBN_mp_to_unsigned_bin
TclBN_mp_to_unsigned_bin_n
TclBN_mp_toom_mul
TclBN_mp_toom_sqr
TclBN_mp_toradix_n
TclBN_mp_unsigned_bin_size
TclBN_mp_xor
TclBN_mp_zero
TclBN_reverse
TclBN_revision
TclBN_s_mp_add
TclBN_s_mp_mul_digs
TclBN_s_mp_sqr
TclBN_s_mp_sub
TclCallVarTraces
TclChannelEventScriptInvoker
TclChannelTransform
TclCheckExecutionTraces
TclCheckInterpTraces
TclCleanupChildren
TclCleanupCommand
TclCleanupVar
TclCopyAndCollapse
TclCopyChannel
TclCopyChannelOld
TclCreatePipeline
TclCreateProc
TclDbDumpActiveObjects
TclDeleteCompiledLocalVars
TclDeleteVars
TclDoubleDigits
TclDumpMemoryInfo
TclEvalObjEx
TclExpandCodeArray
TclExprFloatError
TclFindElement
TclFindProc
TclFormatInt
TclFreeObj
TclFreePackageInfo
TclGetAndDetachPids
TclGetAuxDataType
TclGetEnv
TclGetExtension
TclGetFrame
TclGetInstructionTable
TclGetIntForIndex
TclGetLibraryPath
TclGetLoadedPackages
TclGetNamespaceChildTable
TclGetNamespaceCommandTable
TclGetNamespaceForQualName
TclGetNamespaceFromObj
TclGetObjInterpProc
TclGetObjNameOfExecutable
TclGetOpenMode
TclGetOriginalCommand
TclGetPlatform
TclGetSrcInfoForPc
TclGuessPackageName
TclHandleCreate
TclHandleFree
TclHandlePreserve
TclHandleRelease
TclHideLiteral
TclHideUnsafeCommands
TclInExit
TclInThreadExit
TclInitCompiledLocals
TclInitRewriteEnsemble
TclInitVarHashTable
TclInterpInit
TclInvokeObjectCommand
TclInvokeStringCommand
TclIsProc
TclListObjSetElement
TclLookupVar
TclNREvalObjEx
TclNREvalObjv
TclNRInterpProc
TclNRInterpProcCore
TclNRRunCallbacks
TclNeedSpace
TclNewProcBodyObj
TclObjBeingDeleted
TclObjCommandComplete
TclObjGetFrame
TclObjInterpProc
TclObjInvoke
TclObjLookupVar
TclPopStackFrame
TclPrecTraceProc
TclPreventAliasLoop
TclProcCleanupProc
TclProcCompileProc
TclProcDeleteProc
TclPtrGetVar
TclPtrIncrObjVar
TclPtrMakeUpvar
TclPtrObjMakeUpvar
TclPtrSetVar
TclPtrUnsetVar
TclPushStackFrame
TclRegAbout
TclRegError
TclRegExpRangeUniChar
TclRegisterLiteral
TclRenameCommand
TclResetCancellation
TclResetRewriteEnsemble
TclResetShadowedCmdRefs
TclServiceIdle
TclSetByteCodeFromAny
TclSetLibraryPath
TclSetNsPath
TclSetObjNameOfExecutable
TclSetPreInitScript
TclSetSlaveCancelFlags
TclSetupEnv
TclSockGetPort
TclSockMinimumBuffers
TclStackAlloc
TclStackFree
TclTeardownNamespace
TclTraceDictPath
TclUniCharMatch
TclUpdateReturnInfo
TclVarErrMsg
TclVarHashCreateVar
TclVarTraceExists
TclWinAddProcess
TclWinCPUID
TclWinConvertError
TclWinFlushDirtyChannels
TclWinGetPlatformId
TclWinGetServByName
TclWinGetSockOpt
TclWinGetTclInstance
TclWinNoBackslash
TclWinResetInterfaces
TclWinSetInterfaces
TclWinSetSockOpt
Tcl_Access
Tcl_AddErrorInfo
Tcl_AddInterpResolvers
Tcl_AddObjErrorInfo
Tcl_AlertNotifier
Tcl_Alloc
Tcl_AllocStatBuf
Tcl_AllowExceptions
Tcl_AppendAllObjTypes
Tcl_AppendElement
Tcl_AppendExportList
Tcl_AppendFormatToObj
Tcl_AppendLimitedToObj
Tcl_AppendObjToErrorInfo
Tcl_AppendObjToObj
Tcl_AppendPrintfToObj
Tcl_AppendResult
Tcl_AppendResultVA
Tcl_AppendStringsToObj
Tcl_AppendStringsToObjVA
Tcl_AppendToObj
Tcl_AppendUnicodeToObj
Tcl_AsyncCreate
Tcl_AsyncDelete
Tcl_AsyncInvoke
Tcl_AsyncMark
Tcl_AsyncReady
Tcl_AttemptAlloc
Tcl_AttemptDbCkalloc
Tcl_AttemptDbCkrealloc
Tcl_AttemptRealloc
Tcl_AttemptSetObjLength
Tcl_BackgroundError
Tcl_BackgroundException
Tcl_Backslash
Tcl_BadChannelOption
Tcl_CallWhenDeleted
Tcl_CancelEval
Tcl_CancelIdleCall
Tcl_Canceled
Tcl_ChannelBlockModeProc
Tcl_ChannelBuffered
Tcl_ChannelClose2Proc
Tcl_ChannelCloseProc
Tcl_ChannelFlushProc
Tcl_ChannelGetHandleProc
Tcl_ChannelGetOptionProc
Tcl_ChannelHandlerProc
Tcl_ChannelInputProc
Tcl_ChannelName
Tcl_ChannelOutputProc
Tcl_ChannelSeekProc
Tcl_ChannelSetOptionProc
Tcl_ChannelThreadActionProc
Tcl_ChannelTruncateProc
Tcl_ChannelVersion
Tcl_ChannelWatchProc
Tcl_ChannelWideSeekProc
Tcl_Chdir
Tcl_ClearChannelHandlers
Tcl_Close
Tcl_CloseEx
Tcl_CommandComplete
Tcl_CommandTraceInfo
Tcl_Concat
Tcl_ConcatObj
Tcl_ConditionFinalize
Tcl_ConditionNotify
Tcl_ConditionWait
Tcl_ConvertCountedElement
Tcl_ConvertElement
Tcl_ConvertToType
Tcl_CreateAlias
Tcl_CreateAliasObj
Tcl_CreateChannel
Tcl_CreateChannelHandler
Tcl_CreateCloseHandler
Tcl_CreateCommand
Tcl_CreateEncoding
Tcl_CreateEnsemble
Tcl_CreateEventSource
Tcl_CreateExitHandler
Tcl_CreateHashEntry
Tcl_CreateInterp
Tcl_CreateMathFunc
Tcl_CreateNamespace
Tcl_CreateObjCommand
Tcl_CreateObjTrace
Tcl_CreatePipe
Tcl_CreateSlave
Tcl_CreateThread
Tcl_CreateThreadExitHandler
Tcl_CreateTimerHandler
Tcl_CreateTrace
Tcl_CutChannel
Tcl_DStringAppend
Tcl_DStringAppendElement
Tcl_DStringEndSublist
Tcl_DStringFree
Tcl_DStringGetResult
Tcl_DStringInit
Tcl_DStringResult
Tcl_DStringSetLength
Tcl_DStringStartSublist
Tcl_DbCkalloc
Tcl_DbCkfree
Tcl_DbCkrealloc
Tcl_DbDecrRefCount
Tcl_DbIncrRefCount
Tcl_DbIsShared
Tcl_DbNewBignumObj
Tcl_DbNewBooleanObj
Tcl_DbNewByteArrayObj
Tcl_DbNewDictObj
Tcl_DbNewDoubleObj
Tcl_DbNewListObj
Tcl_DbNewLongObj
Tcl_DbNewObj
Tcl_DbNewStringObj
Tcl_DbNewWideIntObj
Tcl_DeleteAssocData
Tcl_DeleteChannelHandler
Tcl_DeleteCloseHandler
Tcl_DeleteCommand
Tcl_DeleteCommandFromToken
Tcl_DeleteEventSource
Tcl_DeleteEvents
Tcl_DeleteExitHandler
Tcl_DeleteHashEntry
Tcl_DeleteHashTable
Tcl_DeleteInterp
Tcl_DeleteNamespace
Tcl_DeleteThreadExitHandler
Tcl_DeleteTimerHandler
Tcl_DeleteTrace
Tcl_DetachChannel
Tcl_DetachPids
Tcl_DictObjDone
Tcl_DictObjFirst
Tcl_DictObjGet
Tcl_DictObjNext
Tcl_DictObjPut
Tcl_DictObjPutKeyList
Tcl_DictObjRemove
Tcl_DictObjRemoveKeyList
Tcl_DictObjSize
Tcl_DiscardInterpState
Tcl_DiscardResult
Tcl_DoOneEvent
Tcl_DoWhenIdle
Tcl_DontCallWhenDeleted
Tcl_DumpActiveMemory
Tcl_DuplicateObj
Tcl_Eof
Tcl_ErrnoId
Tcl_ErrnoMsg
Tcl_Eval
Tcl_EvalEx
Tcl_EvalFile
Tcl_EvalObj
Tcl_EvalObjEx
Tcl_EvalObjv
Tcl_EvalTokens
Tcl_EvalTokensStandard
Tcl_EventuallyFree
Tcl_Exit
Tcl_ExitThread
Tcl_Export
Tcl_ExposeCommand
Tcl_ExprBoolean
Tcl_ExprBooleanObj
Tcl_ExprDouble
Tcl_ExprDoubleObj
Tcl_ExprLong
Tcl_ExprLongObj
Tcl_ExprObj
Tcl_ExprString
Tcl_ExternalToUtf
Tcl_ExternalToUtfDString
Tcl_FSAccess
Tcl_FSChdir
Tcl_FSConvertToPathType
Tcl_FSCopyDirectory
Tcl_FSCopyFile
Tcl_FSCreateDirectory
Tcl_FSData
Tcl_FSDeleteFile
Tcl_FSEqualPaths
Tcl_FSEvalFile
Tcl_FSEvalFileEx
Tcl_FSFileAttrStrings
Tcl_FSFileAttrsGet
Tcl_FSFileAttrsSet
Tcl_FSFileSystemInfo
Tcl_FSGetCwd
Tcl_FSGetFileSystemForPath
Tcl_FSGetInternalRep
Tcl_FSGetNativePath
Tcl_FSGetNormalizedPath
Tcl_FSGetPathType
Tcl_FSGetTranslatedPath
Tcl_FSGetTranslatedStringPath
Tcl_FSJoinPath
Tcl_FSJoinToPath
Tcl_FSLink
Tcl_FSListVolumes
Tcl_FSLoadFile
Tcl_FSLstat
Tcl_FSMatchInDirectory
Tcl_FSMountsChanged
Tcl_FSNewNativePath
Tcl_FSOpenFileChannel
Tcl_FSPathSeparator
Tcl_FSRegister
Tcl_FSRemoveDirectory
Tcl_FSRenameFile
Tcl_FSSplitPath
Tcl_FSStat
Tcl_FSUnloadFile
Tcl_FSUnregister
Tcl_FSUtime
Tcl_Finalize
Tcl_FinalizeNotifier
Tcl_FinalizeThread
Tcl_FindCommand
Tcl_FindEnsemble
Tcl_FindExecutable
Tcl_FindHashEntry
Tcl_FindNamespace
Tcl_FindNamespaceVar
Tcl_FindSymbol
Tcl_FirstHashEntry
Tcl_Flush
Tcl_ForgetImport
Tcl_Format
Tcl_Free
Tcl_FreeEncoding
Tcl_FreeParse
Tcl_FreeResult
Tcl_GetAccessTimeFromStat
Tcl_GetAlias
Tcl_GetAliasObj
Tcl_GetAllocMutex
Tcl_GetAssocData
Tcl_GetBignumFromObj
Tcl_GetBlockSizeFromStat
Tcl_GetBlocksFromStat
Tcl_GetBoolean
Tcl_GetBooleanFromObj
Tcl_GetByteArrayFromObj
Tcl_GetChangeTimeFromStat
Tcl_GetChannel
Tcl_GetChannelBufferSize
Tcl_GetChannelError
Tcl_GetChannelErrorInterp
Tcl_GetChannelHandle
Tcl_GetChannelInstanceData
Tcl_GetChannelMode
Tcl_GetChannelName
Tcl_GetChannelNames
Tcl_GetChannelNamesEx
Tcl_GetChannelOption
Tcl_GetChannelThread
Tcl_GetChannelType
Tcl_GetCharLength
Tcl_GetCommandFromObj
Tcl_GetCommandFullName
Tcl_GetCommandInfo
Tcl_GetCommandInfoFromToken
Tcl_GetCommandName
Tcl_GetCurrentNamespace
Tcl_GetCurrentThread
Tcl_GetCwd
Tcl_GetDefaultEncodingDir
Tcl_GetDeviceTypeFromStat
Tcl_GetDouble
Tcl_GetDoubleFromObj
Tcl_GetEncoding
Tcl_GetEncodingFromObj
Tcl_GetEncodingName
Tcl_GetEncodingNameFromEnvironment
Tcl_GetEncodingNames
Tcl_GetEncodingSearchPath
Tcl_GetEnsembleFlags
Tcl_GetEnsembleMappingDict
Tcl_GetEnsembleNamespace
Tcl_GetEnsembleParameterList
Tcl_GetEnsembleSubcommandList
Tcl_GetEnsembleUnknownHandler
Tcl_GetErrno
Tcl_GetErrorLine
Tcl_GetFSDeviceFromStat
Tcl_GetFSInodeFromStat
Tcl_GetGlobalNamespace
Tcl_GetGroupIdFromStat
Tcl_GetHostName

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 290KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63f8d50bc57576c5767c793bd6b231e3

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

03:3e:d5:ed:a0:65:d1:b8:c9:1d:fc:f9:2a:6c:9b:d8Certificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

88:ac:52:62:67:a9:64:a5:28:b2:03:f8:98:84:c2:05:7f:c2:c6:6b:f6:9d:f4:4f:e3:ca:63:17:47:78:6c:b9Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

netapi32

user32

userenv

ws2_32

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

vcruntime140

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 290KB - Virtual size: 289KB

.data Size: 2KB - Virtual size: 8KB

.pdata Size: 62KB - Virtual size: 61KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 7KB - Virtual size: 7KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

03:3e:d5:ed:a0:65:d1:b8:c9:1d:fc:f9:2a:6c:9b:d8
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

88:ac:52:62:67:a9:64:a5:28:b2:03:f8:98:84:c2:05:7f:c2:c6:6b:f6:9d:f4:4f:e3:ca:63:17:47:78:6c:b9
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 290KB - Virtual size: 289KB

.data
Size: 2KB - Virtual size: 8KB

.pdata
Size: 62KB - Virtual size: 61KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 7KB - Virtual size: 7KB