zgrat | 8d67ca9eac83aef7a90670f0af904e0b[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

8d67ca9eac83aef7a90670f0af904e0b.bin
Size

62.9MB
MD5

8d67ca9eac83aef7a90670f0af904e0b
SHA1

40a56fcdf396047c5ff66d5230f7d6e67c5ad832
SHA256

4ef575b8dec73f5d2203bdf7a59e5885cb4d03bf2024c151c59ad2933ed0c652
SHA512

0ebca3ad57bf8c4c4e0a1b7b78b2cb6a28fcaf526f3a0046e1c949ea86bf38fd4f8a0340c1b38bb9698ded7d7a58eb2797a0458e95781f560dfa95ab78807b7c
SSDEEP

1572864:AcK/mQz1ue8lGlXgihfVXgaRMcAaquKFl29c+BDZYd2mWOiFixd2mWOiH:AceoeVlHfVQatAaqpFElq2pOTz2pOO

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/mrgt09/Loader.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mrgt09/HologramWorld.dll
unpack001/mrgt09/Loader.exe
unpack001/mrgt09/Windows.UI.Xaml.dll
unpack001/mrgt09/mshtml.dll
unpack001/mrgt09/wmp.dll

Files

8d67ca9eac83aef7a90670f0af904e0b.bin
.zip

Password: infected
mrgt09/HologramWorld.dll
.dll windows:10 windows x64 arch:x64

Password: infected

824cffff2cbdd76a3d842387b66e90ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?_Xbad_function_call@std@@YAXXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
_Strcoll
_Strxfrm
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@M@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?swap@?$basic_iostream@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?swap@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXAEAV12@@Z
??Bid@locale@std@@QEAA_KXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Throw_C_error@std@@YAXH@Z

api-ms-win-crt-math-l1-1-0

expf
fmodf
_isnan
cosf
atanf
atan2f
modff
log10f
_fdtest
tanf
logf

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__free_base
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strtod_l
_o__strtoi64_l
_o__strtoui64_l
memmove
_o__wcstoi64
_o__wfopen
_o_fclose
_o_fflush
_o_fread
_o_free
_o_fseek
_o_ftell
_o_isalpha
_o_isxdigit
_o_malloc
_o_nextafterf
_o_pow
_o_powf
_o_realloc
_o_roundf
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_strtol
_o_strtoul
_o_terminate
_o_tolower
_o_wcscpy_s
_o_wcstod
_o_wcstol
__CxxFrameHandler3
__C_specific_handler
_CxxThrowException
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__create_locale
_o__configure_narrow_argv
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o__cexit
_o__callnewh
_o__execute_onexit_table
strstr
strchr
strrchr
_o__errno
_o__aligned_malloc
_o__aligned_free
__RTDynamicCast
_o___acrt_iob_func
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

strncmp
memset
strcmp

coremessaging

CoreUICreate
CoreUICallCreateEndpointHost
CoreUICallSend
CoreUICallReceive

coreuicomponents

CoreUIFactoryCreate

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleExW
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

ResetEvent
WaitForMultipleObjectsEx
CreateEventW
SleepEx
CreateSemaphoreExW
InitializeCriticalSectionAndSpinCount
SetEvent
CreateEventExW
TryAcquireSRWLockShared
OpenEventW
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
EnterCriticalSection
WaitForSingleObjectEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
RaiseException
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetErrorMode

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolTimer
CloseThreadpoolCleanupGroupMembers
SetThreadpoolTimer
CreateThreadpoolTimer
CreateThreadpoolCleanupGroup
CloseThreadpoolCleanupGroup
CloseThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolTimerCallbacks
SetThreadpoolWait
WaitForThreadpoolWorkCallbacks
WaitForThreadpoolWaitCallbacks

api-ms-win-core-processthreads-l1-1-0

CreateThread
SetThreadPriority
TerminateProcess
GetCurrentProcessId
QueueUserAPC
ResumeThread
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetProcessId
OpenProcessToken
ProcessIdToSessionId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
DebugBreak

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

DuplicateHandle
SetHandleInformation
CloseHandle

api-ms-win-core-synch-l1-2-0

SleepConditionVariableCS
InitializeConditionVariable
InitOnceComplete
WakeConditionVariable
InitOnceBeginInitialize
Sleep
WakeAllConditionVariable

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventRegister
EventSetInformation
EventWriteTransfer

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-memory-l1-1-0

MapViewOfFile
UnmapViewOfFile
VirtualProtect
VirtualQuery

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegGetValueA
RegGetValueW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLogicalProcessorInformationEx
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-processthreads-l1-1-3

SetThreadIdealProcessor

api-ms-win-core-processtopology-obsolete-l1-1-0

SetThreadAffinityMask

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-file-l1-1-0

FindNextFileW
CreateFileW
WriteFile
GetTempFileNameW
CreateDirectoryW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
CreateFileA
SetFilePointerEx
GetFullPathNameW
FlushFileBuffers
FindClose
ReadFile

api-ms-win-core-file-l2-1-0

MoveFileExW
ReadDirectoryChangesW

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-file-l1-2-0

GetTempPathW
CreateFile2

api-ms-win-core-io-l1-1-1

CancelIo

ws2_32

sendto
socket
inet_ntoa
send
WSAStartup
setsockopt
WSACreateEvent
inet_pton
WSAGetLastError
recvfrom
closesocket
htons
recv
WSAEventSelect
GetHostNameW
ioctlsocket
inet_ntop
accept
__WSAFDIsSet
select
ntohs
getsockname
listen
bind
connect
FreeAddrInfoW
GetAddrInfoW
WSASocketW

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime
VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

api-ms-win-core-namedpipe-l1-1-0

CreateNamedPipeW
ConnectNamedPipe
DisconnectNamedPipe

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
CopySid
IsValidSid
InitializeSecurityDescriptor
CheckTokenMembership
GetLengthSid
FreeSid
GetTokenInformation

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-shcore-stream-winrt-l1-1-0

CreateStreamOverRandomAccessStream

api-ms-win-core-memory-l1-1-1

CreateFileMappingFromApp
MapViewOfFileFromApp

api-ms-win-core-featurestaging-l1-1-0

GetFeatureEnabledState
SubscribeFeatureStateChangeNotification
RecordFeatureUsage
UnsubscribeFeatureStateChangeNotification

dwrite

DWriteCreateFactory

dxgi

CreateDXGIFactory2

d3d11

CreateDirect3D11DeviceFromDXGIDevice
D3D11CreateDevice

d3d12

ord102
D3D12SerializeRootSignature
ord101

api-ms-win-core-string-l1-1-0

WideCharToMultiByte

api-ms-win-security-accesshlpr-l1-1-0

QueryTransientObjectSecurityDescriptor
FreeTransientObjectSecurityDescriptor

ntdll

NtAlpcConnectPort
NtAlpcCancelMessage
NtCompleteConnectPort
NtAlpcAcceptConnectPort
NtAlpcOpenSenderProcess
NtAlpcSendWaitReceivePort
AlpcGetMessageAttribute
NtAlpcCreatePort
RtlInitUnicodeString
DbgPrintEx
RtlGetDeviceFamilyInfoEnum
NtQueryInformationProcess
RtlPublishWnfStateData
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlSubscribeWnfStateChangeNotification
NtQueryWnfStateData

api-ms-win-rtcore-ntuser-window-l1-1-0

IsWindow
KillTimer
GetWindowRect
SetTimer

api-ms-win-core-psm-app-l1-1-0

PsmRegisterAppStateChangeNotification
PsmUnregisterAppStateChangeNotification

api-ms-win-crt-time-l1-1-0

_time64
clock

api-ms-win-security-appcontainer-l1-1-0

GetAppContainerNamedObjectPath

api-ms-win-core-namedpipe-ansi-l1-1-0

WaitNamedPipeA

api-ms-win-core-io-l1-1-0

GetOverlappedResult

mfplat

MFCreateMediaType
MFCreateAttributes
MFShutdown
MFCreateWaveFormatExFromMFMediaType
MFStartup

mfreadwrite

MFCreateSourceReaderFromURL

xaudio2_9

ord2
ord1
ord6
ord5

Exports

Exports

CreateDebugOverlay
GetSharedWorldFactory

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 517KB - Virtual size: 517KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/Instructions!.txt
mrgt09/Loader.exe
.exe windows:5 windows x86 arch:x86

Password: infected

12e12319f1029ec4f8fcbed7e82df162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
LocalFree
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/Windows.UI.Xaml.dll
.dll windows:10 windows x64 arch:x64

Password: infected

0d1246f49153f4a5a0e00197b6c15dc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

??0facet@locale@std@@IEAA@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?widen@?$ctype@G@std@@QEBAGD@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?is@?$ctype@G@std@@QEBA_NFG@Z
??1facet@locale@std@@MEAA@XZ
_Wcsxfrm
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1_Locinfo@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
?id@?$collate@G@std@@2V0locale@2@A
_Mtx_init_in_situ
??0_Lockit@std@@QEAA@H@Z
_Mtx_lock
?_Raise_handler@std@@3P6AXAEBVexception@stdext@@@ZEA
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Lockit@std@@QEAA@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@G@std@@QEBAPEBGPEAGPEBG@Z
_Mtx_unlock
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QEAA@PEAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?epptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?setg@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG00@Z
?egptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?eback@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?tolower@?$ctype@G@std@@QEBAGG@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXPEAG0@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UEAA@XZ
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UEAA@XZ
?pbase@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@N@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAA@XZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGD@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@G@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAA_JPEBG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAPEAV12@PEAG_J@Z
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEAG_J@Z
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JXZ
?gptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?pptr@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEBAPEAGXZ
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAA_JPEBG_J@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QEAAGG@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAXH@Z
?fill@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAGXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAAXXZ
?flags@ios_base@std@@QEBAHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MEAAHXZ
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IEAAPEAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UEAA@XZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?good@ios_base@std@@QEBA_NXZ
?tie@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_ostream@GU?$char_traits@G@std@@@2@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@GU?$char_traits@G@std@@@std@@QEBAPEAV?$basic_streambuf@GU?$char_traits@G@std@@@2@XZ
_Wcscoll
?_Xbad_function_call@std@@YAXXZ

api-ms-win-crt-string-l1-1-0

wcscspn
memset
wcscmp
wcsncmp

api-ms-win-crt-math-l1-1-0

floorf
cosf
_finite
logf
fmodf
fminf
fmaxf
_fdtest
sinf
ceilf
_isnan
atan2f
tanf
sqrtf

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_invoke_watson

api-ms-win-crt-private-l1-1-0

_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__itow_s
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__seh_filter_dll
_o__wcsicmp
_o__wcsnicmp
_o__wcstoi64
memmove
_o__wsplitpath_s
_o__wtoi
_o_abort
_o_bsearch
_o_calloc
_o_ceil
_o_cos
_o_exp
_o_floor
_o_fmod
_o_free
_o_isalpha
_o_isspace
_o_iswalnum
_o_iswblank
_o_iswcntrl
_o_iswdigit
_o_iswgraph
_o_iswprint
_o_iswpunct
_o_iswspace
_o_log
_o_log2f
_o_lroundf
_o_malloc
_o_pow
_o_powf
_o_realloc
_o_round
_o_sin
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_towupper
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstod
_o_wcstol
_o_wcstoll
_o_wcstoul
_o_wcstoull
wcsstr
__std_type_info_compare
wcschr
strchr
__C_specific_handler
wcsrchr
__CxxFrameHandler3
_o__execute_onexit_table
_o__errno
_o__dtest
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__beginthreadex
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetProcAddress
GetModuleHandleExW
GetModuleFileNameA
GetModuleHandleW
FreeLibrary
FindResourceExW
LoadResource
GetModuleFileNameW
LoadLibraryExW
LockResource

api-ms-win-core-featurestaging-l1-1-0

RecordFeatureError
GetFeatureEnabledState
UnsubscribeFeatureStateChangeNotification
SubscribeFeatureStateChangeNotification
RecordFeatureUsage

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSectionEx
CreateEventW
TryAcquireSRWLockExclusive
EnterCriticalSection
CreateMutexW
SetEvent
OpenEventW
WaitForMultipleObjectsEx
AcquireSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
LeaveCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
OpenMutexW
ReleaseSemaphore
CreateSemaphoreExW
ResetEvent
AcquireSRWLockShared
CreateMutexExW
InitializeSRWLock
ReleaseSRWLockShared
ReleaseSRWLockExclusive
CreateEventExW
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapSize
HeapReAlloc
HeapCreate
GetProcessHeap
HeapFree
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceEnableLevel
TraceEvent
UnregisterTraceGuids
TraceMessage
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolWait
SubmitThreadpoolWork
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolCleanupGroup
CloseThreadpoolCleanupGroupMembers
CreateThreadpoolCleanupGroup
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks

api-ms-win-core-processthreads-l1-1-0

GetProcessId
SetPriorityClass
GetCurrentProcess
GetPriorityClass
OpenProcessToken
SwitchToThread
TlsAlloc
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
SetThreadPriority
GetCurrentThread
GetThreadPriority
TlsFree
GetExitCodeProcess
OpenThreadToken
TlsGetValue
CreateThread
TlsSetValue

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetWindowsDirectoryW
GetSystemTimeAsFileTime
GetSystemInfo
GetVersionExW
GetTickCount64

api-ms-win-core-localization-l1-2-0

GetUserDefaultLCID
LCMapStringEx
FormatMessageW
GetLocaleInfoEx
ResolveLocaleName
LocaleNameToLCID
SetProcessPreferredUILanguages
FindNLSStringEx
GetLocaleInfoW
GetThreadUILanguage

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-featurestaging-l1-1-1

GetFeatureVariant

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventRegister
EventProviderEnabled
EventWriteTransfer
EventSetInformation
EventUnregister

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

coremessaging

CoreUICreate
CreateDispatcherQueueController

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureStackBackTrace
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

api-ms-win-core-string-l1-1-0

CompareStringEx
CompareStringOrdinal
GetStringTypeExW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceInitialize
InitOnceComplete
InitOnceBeginInitialize
Sleep

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-rtcore-ntuser-window-l1-1-0

GetForegroundWindow
SetTimer
GetWindow
GetMessageW
KillTimer
IsWindow
SetParent
GetQueueStatus
GetAncestor
SetWindowLongPtrW
DispatchMessageW
ScreenToClient
TranslateMessage
PostQuitMessage
PeekMessageW
GetClientRect
GetFocus
SetWindowLongW
GetWindowThreadProcessId
RegisterWindowMessageW
GetDesktopWindow
GetWindowTextW
SendMessageW
DefWindowProcW
GetPropW
RemovePropW
SetPropW
ClientToScreen
ShowWindow
SetWindowPos
DestroyWindow
CreateWindowExW
RegisterClassExW
RegisterClassW
GetWindowLongPtrW
PostMessageW
FindWindowW
GetWindowRect
GetMessageTime
GetClassInfoW
IsChild
GetClassNameW
EnumChildWindows
SetFocus
CallWindowProcW
GetCursorPos
GetParent

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathFindExtensionW
PathCombineW
PathAddBackslashW

api-ms-win-rtcore-ntuser-wmpointer-l1-1-0

GetPointerDeviceRects
GetPointerDeviceProperties
EnableMouseInPointer
GetPointerInfo
GetPointerDevices
GetPointerFrameInfoHistory

api-ms-win-core-kernel32-legacy-l1-1-1

PowerCreateRequest
PowerClearRequest
PowerSetRequest

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-oobe-notification-l1-1-0

OOBEComplete

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-processtopology-obsolete-l1-1-0

GetProcessAffinityMask

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW
K32GetProcessMemoryInfo

api-ms-win-core-file-l1-1-0

GetFileAttributesW
SetEndOfFile
SetFilePointerEx
WriteFile
ReadFile
GetTempFileNameW
GetFileSizeEx
GetFileSize
CreateFileW
GetFileTime

api-ms-win-core-processthreads-l1-1-1

OpenProcess
GetThreadTimes
IsProcessorFeaturePresent

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualProtect
OpenFileMappingW
VirtualFree
VirtualAlloc
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
SearchPathW
ExpandEnvironmentStringsW

api-ms-win-security-base-l1-1-0

GetTokenInformation
DuplicateTokenEx

api-ms-win-core-url-l1-1-0

PathCreateFromUrlW
UrlCreateFromPathW
UrlCanonicalizeW

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
GetDynamicTimeZoneInformation

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage
GetUserDefaultUILanguage

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

ntdll

RtlAcquireSRWLockShared
RtlReleaseSRWLockShared
RtlClearBits
RtlInitializeBitMap
NtQueryInformationThread
NtSetInformationVirtualMemory
RtlFindClearBitsAndSet
RtlRaiseException
RtlAreBitsClear
RtlAllocateHeap
RtlInitializeSRWLock
RtlCompareMemory
NtQuerySecurityAttributesToken
RtlAcquireSRWLockExclusive
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlLengthSid
RtlFreeHeap
RtlFreeSid
RtlUnsubscribeWnfStateChangeNotification
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlAllocateAndInitializeSid
RtlPublishWnfStateData
NtPowerInformation
RtlGetDeviceFamilyInfoEnum
RtlIsMultiSessionSku
RtlCopyUnicodeString
RtlNtStatusToDosError
ZwQueryWnfStateData
RtlInitUnicodeString
RtlQueryPackageClaims
RtlReleaseSRWLockExclusive

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects

api-ms-win-dx-d3dkmt-l1-1-0

GdiEntry13

api-ms-win-core-heap-l2-1-0

LocalFree
GlobalAlloc
LocalAlloc

api-ms-win-core-errorhandling-l1-1-3

TerminateProcessOnMemoryExhaustion

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

bcp47langs

GetApplicationLanguages
Bcp47GetNlsForm
GetFontFallbackLanguageList
Bcp47FromLcid
Bcp47FromHkl
Bcp47GetLanguageName
Bcp47GetAbbreviation
ClearApplicationLanguageOverride
LanguageListAsMuiForm
SetApplicationLanguageOverride

combase

ord134
ord90
ord157

iertutil

ord811
PrivateCoInternetCombineIUri

dcomp

ord1045
ord1040

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalLock

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-path-l1-1-0

PathCchAppend

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch
StrCSpnW

Exports

Exports

CreateString
CreateXamlUIPresenter
DeleteString
DisableDeferredInvoke
DllCanUnloadNow
DllGetActivationFactory
DllMain
GetDependencyObjectAddress
GetErrorContextIndex
GetGlobalModuleParams
GetStringLen
GetStringRawBuffer
InitializeXamlDiagnosticsEx
OverrideXamlMetadataProvider
OverrideXamlResourcePropertyBag

Sections

.text
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 504KB - Virtual size: 503KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/WindowsCodecsRaw.dll
.dll windows:10 windows x64 arch:x64

Password: infected

3e017d2a373236275eed4a9a07ef23d3

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:40:cc:72:95:ab:69:b3:e7:44:d0:1b:f1:57:28:56:16:fc:aa:cc:5d:2a:ca:a0:28:d3:5e:b9:23:62:45:42
Signer

Actual PE Digest

93:40:cc:72:95:ab:69:b3:e7:44:d0:1b:f1:57:28:56:16:fc:aa:cc:5d:2a:ca:a0:28:d3:5e:b9:23:62:45:42

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp_win

?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memset
strncmp
strcmp

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__execute_onexit_table
_o__gmtime64_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__localtime64_s
_o__mktime64
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__strdup
_o__stricmp
_o___stdio_common_vswprintf
_o__strnicmp
memmove
_o__swab
_o__errno
_o_atoi
_o_calloc
_o_fclose
_o_fopen_s
_o_fread
_o_free
_o_fseek
_o_ftell
_o_isdigit
_o_isspace
_o_log
_o_malloc
_o_pow
_o_powf
_o_qsort
_o_sqrt
_o_strcat_s
_o_strcpy_s
_o_strftime
_o_strncpy_s
_o_terminate
_o_tolower
_o_toupper
_o_wmemcpy_s
__CxxFrameHandler3
_CxxThrowException
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsnprintf_s
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o___stdio_common_vfscanf
_o__aligned_malloc
_o__aligned_free
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_o___stdio_common_vswprintf_s
memchr
memcmp
memcpy

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
LeaveCriticalSection
ReleaseSRWLockShared
InitializeSRWLock

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
PropVariantClear
CreateStreamOnHGlobal
PropVariantCopy
CoCreateInstance

api-ms-win-core-libraryloader-l1-2-0

LockResource
SizeofResource
DisableThreadLibraryCalls
LoadResource
FindResourceExW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

propsys

PropVariantCompareEx
PropVariantChangeType
PSCreateMemoryPropertyStore

oleaut32

VariantInit
SystemTimeToVariantTime

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetCurrentProcessorNumber

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapSize
HeapAlloc
HeapReAlloc
HeapFree
HeapDestroy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent

api-ms-win-core-shlwapi-obsolete-l1-1-0

QISearch

api-ms-win-ntuser-rectangle-l1-1-0

IntersectRect

mscms

CreateMultiProfileTransform
DeleteColorTransform
CloseColorProfile
TranslateBitmapBits
OpenColorProfileW

kernel32

OutputDebugStringA
UnmapViewOfFile
CreateFileA
CloseHandle
GetSystemInfo
GetFileSizeEx
CreateFileMappingW
QueryPerformanceFrequency
CreateThreadpoolWork
SubmitThreadpoolWork
GetActiveProcessorCount
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
MapViewOfFile

gdi32

CombineRgn
CreateRectRgn
GetRegionData
DeleteObject
GetRgnBox

advapi32

CryptGenRandom
CryptAcquireContextW
CryptReleaseContext

ws2_32

ntohs
htonl

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-math-l1-1-0

logf
floorf
expf
ceilf
cosf
sqrtf

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 777KB - Virtual size: 777KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27.5MB - Virtual size: 27.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/mshtml.dll
.dll windows:10 windows x64 arch:x64

Password: infected

a1964081fa46daae3201398b60d0563a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcrt

wcspbrk
strncpy_s
_lock
_unlock
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_XcptFilter
_amsg_exit
_initterm
tanf
_statusfp
_beginthreadex
fwprintf
_flushall
fclose
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
__CxxFrameHandler3
malloc
free
realloc
strtoul
strpbrk
bsearch_s
modf
wcstod
wcstok_s
towlower
_wtoi64
_aligned_free
_aligned_malloc
_stricmp
iswgraph
_itoa_s
swprintf_s
bsearch
_finite
_wtoi
_isnan
_ui64tow_s
_wcstoui64
_wtof
iswalnum
iswdigit
iswalpha
_wcslwr_s
_i64tow_s
wcscat_s
_ultow_s
__C_specific_handler
qsort
wcscpy_s
_vsnprintf
_wcsupr
_wcslwr
tolower
wcsncpy_s
strstr
strchr
strncmp
wcsrchr
_wcsupr_s
_itow_s
abort
wcstol
wcsncmp
_wtol
_wcsnicmp
memmove_s
memcpy_s
_errno
wcstoul
rand_s
fflush
strnlen
wcscspn
wcstombs_s
towupper
iswlower
strrchr
_strnicmp
isalpha
isxdigit
isdigit
wcsncat_s
_fpclass
_mbsicmp
_mbscspn
_mbsspn
_mbsstr
isspace
_mbschr
_ismbcdigit
_mbscmp
iswcntrl
_ultoa_s
swscanf_s
_wcsrev
wcsspn
exit
fprintf
_fileno
_isatty
fwrite
atof
atoi
strtol
qsort_s
rand
sin
powf
memset
memmove
memcpy
wcsstr
_ltow
_ltow_s
_clearfp
_controlfp_s
iswascii
calloc
_resetstkoflw
_wcsicmp
wcsnlen
sinf
sqrt
sqrtf
strcmp
tan
_vsnprintf_s
wcschr
_vsnwprintf
__iob_func
iswspace
iswpunct
_purecall
_HUGE
_CxxThrowException
_setjmp
acosf
asinf
atan2
atan2f
ceil
ceilf
cos
cosf
floor
floorf
fmod
fmodf
memcmp
wcscmp

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameA
DebugBreak
GetProcAddress
IsDebuggerPresent
OutputDebugStringW
SetLastError
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
OpenSemaphoreW
QueryPerformanceCounter
GetProfileIntA
GlobalFree
GetTickCount
PowerSetRequest
PowerClearRequest
PowerCreateRequest
LoadLibraryExW
MulDiv
GetTickCount64
GetSystemTimeAsFileTime
CreateMutexExW
CreateSemaphoreExW
CreateThreadpoolTimer
WideCharToMultiByte
GlobalSize
GlobalLock
GlobalUnlock
IsDBCSLeadByteEx
MultiByteToWideChar
OpenProcess
GetCPInfo
GetSystemInfo
GetSystemDefaultLocaleName
GetUserDefaultLocaleName
GlobalMemoryStatusEx
FormatMessageW
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
SubmitThreadpoolWork
GetFullPathNameW
SetFilePointer
WriteFile
ReadFile
GlobalAlloc
GetTempPathW
GetTempFileNameW
CreateFileW
GetFileSize
DeleteFileW
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
FindClose
CopyFileW
GetFileType
WaitForMultipleObjectsEx
CreateEventExW
Sleep
ResolveLocaleName
GetLocaleInfoEx
GetUserGeoID
GetGeoInfoW
IsValidLocaleName
GetEnvironmentVariableW
SetEnvironmentVariableW
InitializeCriticalSectionAndSpinCount
CreateMutexW
GetFileAttributesW
InitOnceExecuteOnce
CompareStringEx
GetSystemTimeAdjustment
GetVersionExW
TrySubmitThreadpoolCallback
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
LoadLibraryW
ResumeThread
GetUserDefaultLCID
GetLocalTime
GetACP
LocaleNameToLCID
LCIDToLocaleName
GetUserDefaultUILanguage
IsValidCodePage
GetExitCodeThread
ResetEvent
lstrcmpiA
lstrcmpA
InitOnceInitialize
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
CompareFileTime
TerminateThread
GetActiveProcessorCount
GetFileTime
DeleteFiber
SwitchToFiber
CreateFiber
ConvertThreadToFiber
ConvertFiberToThread
CompareStringOrdinal
SetEndOfFile
CreateFileMappingW
FlushViewOfFile
lstrcmpW
GetLocaleInfoW
GetDiskFreeSpaceW
FileTimeToSystemTime
CompareStringW
LCMapStringW
GetFileSizeEx
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetCurrentThread
lstrcmpiW
VerSetConditionMask
VerifyVersionInfoW
SetThreadPreferredUILanguages
GetCommandLineW
GlobalDeleteAtom
GlobalAddAtomW
GlobalFindAtomW
HeapSetInformation
GetStringTypeExA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SleepConditionVariableSRW
WaitForSingleObjectEx
WerGetFlags
WerSetFlags
InitializeCriticalSectionEx
ReleaseSemaphore
GetLastError
ReleaseMutex
RaiseException
InitializeSRWLock
ReleaseSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
FlsSetValue
HeapDestroy
MapViewOfFile
OpenFileMappingW
GetCurrentProcessId
HeapCreate
FlsAlloc
InitializeCriticalSection
TlsAlloc
AddAtomW
TlsSetValue
TlsGetValue
GetModuleFileNameW
LocalFree
LocalAlloc
FindAtomW
DeleteAtom
UnmapViewOfFile
TlsFree
FlsFree
RaiseFailFastException
GetModuleHandleW
DeleteCriticalSection
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetEvent
FreeLibrary
CreateThread
CreateEventW
GetModuleHandleExW
FreeLibraryAndExitThread
CloseHandle
WaitForSingleObject
GetCurrentProcess
ActivateActCtx
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
QueueUserWorkItem
GlobalFlags
FindResourceExA
LocalSize
GlobalReAlloc
WTSGetActiveConsoleSessionId
LCMapStringEx
ResolveDelayLoadedAPI
DelayLoadFailureHook
QueryPerformanceFrequency

api-ms-win-downlevel-advapi32-l1-1-0

EventRegister
EventActivityIdControl
EventWrite
EventWriteTransfer
RegCreateKeyExW
RegSetValueExW
DuplicateTokenEx
EventWriteEx
OpenProcessToken
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegOpenKeyExA
RegDeleteTreeW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
EventUnregister
CreateProcessAsUserW
OpenThreadToken
GetTokenInformation

api-ms-win-downlevel-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-downlevel-shlwapi-l1-1-0

StrStrIW
StrCmpNIA
IsInternetESCEnabled
PathCreateFromUrlW
PathQuoteSpacesW
StrChrNIW
StrCmpNICW
UrlEscapeW
UrlCombineW
StrCmpNIW
StrCmpICW
UrlUnescapeW
PathRemoveFileSpecW
HashData
StrCmpNCW
PathGetArgsW
StrCmpICA
StrStrA
PathRemoveBlanksW
UrlIsW
UrlCreateFromPathW
QISearch
StrChrW
PathStripPathW
StrCmpW
StrCpyNW
StrStrW
StrCmpCW
StrCmpNW
StrToIntExW
PathIsFileSpecW
ParseURLW
PathFileExistsW
StrTrimW
PathFindExtensionW
UrlGetLocationW
SHLoadIndirectString
StrPBrkW
PathIsRelativeW
PathGetCharTypeW
StrToInt64ExW
PathSearchAndQualifyW
PathUnquoteSpacesW
IsCharSpaceW
StrStrIA
StrCmpNICA
UrlApplySchemeW
PathIsURLW
StrToIntW
GetAcceptLanguagesW
StrChrA
UrlGetPartW
StrCmpCA
UrlCanonicalizeW
PathFindFileNameW
StrCmpIW
PathIsUNCW
StrCSpnW
PathGetDriveNumberW
StrDupW

api-ms-win-downlevel-user32-l1-1-0

CharLowerBuffW
CharLowerW
CharUpperW
CharNextW
LoadStringW
CharLowerA
IsCharAlphaNumericW
IsCharAlphaW

gdi32

DeleteDC
SetWorldTransform
SetGraphicsMode
CreateDIBSection
ExtTextOutW
SetTextAlign
GetTextColor
GetBkColor
SetStretchBltMode
StretchDIBits
SetDIBits
GetCurrentObject
GetClipRgn
ExtSelectClipRgn
SetBrushOrgEx
CreatePatternBrush
CreateBitmap
Ellipse
Polyline
Polygon
LineTo
MoveToEx
PatBlt
CreatePen
SetDCPenColor
ExtCreatePen
UnrealizeObject
SetBkMode
CreateHatchBrush
SetDCBrushColor
SetROP2
GetFontUnicodeRanges
GetGlyphOutlineW
GetCharWidthW
GetFontData
GetOutlineTextMetricsW
AddFontMemResourceEx
GetTextFaceW
RemoveFontMemResourceEx
StretchBlt
GdiFlush
Rectangle
CreateSolidBrush
GetTextCharsetInfo
TranslateCharsetInfo
ExtEscape
EndDoc
StartDocW
CreateEnhMetaFileW
CloseEnhMetaFile
GetEnhMetaFileW
EqualRgn
ExtCreateRegion
GetRegionData
OffsetViewportOrgEx
RealizePalette
SelectPalette
GetPaletteEntries
DeleteObject
SelectObject
GetObjectType
GetDeviceCaps
CreateRectRgn
BitBlt
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
CreateRectRgnIndirect
GetRandomRgn
OffsetRgn
GetClipBox
SetViewportOrgEx
CombineRgn
GetRgnBox
RestoreDC
SaveDC
GetViewportOrgEx
CreatePolygonRgn
EnumFontFamiliesExW
EnumFontsW
CreateFontIndirectW
GetTextCharset
SelectClipRgn
DeleteMetaFile
CreateMetaFileW
SetMapMode
SetWindowOrgEx
SetWindowExtEx
CloseMetaFile
SetViewportExtEx
PlayMetaFile
GetWindowOrgEx
GetWindowExtEx
LPtoDP
SetTextColor
SetBkColor
GetStockObject
IntersectClipRect
GetTextMetricsW
GetTextExtentPoint32W
GetObjectW
GetDIBits
GetNearestPaletteIndex
EnumObjects
GetEnhMetaFileHeader
GetDIBColorTable
SetDIBColorTable
SetMetaFileBitsEx
SetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
DeleteEnhMetaFile
AbortDoc
StartPage
EndPage
CreateICW
CreateDCW

user32

CheckMenuRadioItem
CreatePopupMenu
AppendMenuW
GetMenuStringW
ToUnicodeEx
SubtractRect
UnionRect
MsgWaitForMultipleObjects
GetCaretBlinkTime
GetComboBoxInfo
DrawFocusRect
SendMessageA
ScrollDC
GetLayeredWindowAttributes
CreateCaret
DestroyCaret
SetCaretPos
GetLastInputInfo
EnumDisplaySettingsW
DisplayConfigGetDeviceInfo
GetDisplayConfigBufferSizes
RegisterClassW
GetWindowTextW
FindWindowW
GetLastActivePopup
DrawFrameControl
ShowCaret
HideCaret
GetCaretPos
GetKeyboardLayout
InsertMenuItemW
GetMenuItemInfoW
SetWindowsHookExW
PostThreadMessageW
GetSysColorBrush
IsDlgButtonChecked
CallWindowProcW
RemovePropW
GetUpdateRect
FindWindowExW
IsWindowVisible
CopyRect
CallNextHookEx
QueryDisplayConfig
InflateRect
GetUpdateRgn
InvalidateRgn
GetWindowDC
LockWindowUpdate
DestroyIcon
AdjustWindowRectEx
BringWindowToTop
GetSystemMenu
GetWindowLongA
SetWindowLongA
GetShellWindow
GetKeyboardLayoutList
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
RegisterClipboardFormatA
GetClassInfoExW
UnregisterClassW
GetDpiForSystem
LoadBitmapW
TrackPopupMenu
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
SetRect
GetKeyboardLayoutNameW
DestroyCursor
GetIconInfo
ChildWindowFromPoint
MessageBeep
UpdateLayeredWindow
GetClassInfoW
SetCursorPos
SetRectEmpty
GetWindowRgn
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
InSendMessage
SetMenuItemInfoW
ShowCursor
TrackPopupMenuEx
DestroyAcceleratorTable
TranslateAcceleratorW
AttachThreadInput
IsClipboardFormatAvailable
GetClipboardFormatNameW
GetWindowPlacement
GetWindowLongPtrA
GetTopWindow
RemoveMenu
MoveWindow
UnhookWindowsHookEx
UnregisterClassA
GetDlgItem
LoadIconW
SendDlgItemMessageW
LoadImageW
GetWindow
SetWindowLongPtrW
DefWindowProcW
PostMessageW
GetParent
SetActiveWindow
GetWindowLongPtrW
GetKeyState
GetWindowThreadProcessId
GetDCEx
ReleaseDC
RegisterClipboardFormatW
RegisterWindowMessageW
GetDoubleClickTime
IsWindow
DestroyWindow
GetClientRect
FillRect
AllowSetForegroundWindow
GetClassNameW
IsWinEventHookInstalled
NotifyWinEvent
SetTimer
GetDesktopWindow
TranslateMessage
MessageBoxW
DialogBoxParamW
SetWindowTextW
EndDialog
GetFocus
ValidateRect
SetCursor
LoadCursorW
SendMessageW
KillTimer
EnumChildWindows
IsIconic
GetAncestor
GetSystemMetrics
GetMessageExtraInfo
GetCursorInfo
ChildWindowFromPointEx
ScreenToClient
GetCursorPos
WindowFromPoint
IsChild
MapWindowPoints
GetAsyncKeyState
GetMenuState
InsertMenuW
DeleteMenu
LoadMenuW
GetSubMenu
EnableMenuItem
DestroyMenu
GetCapture
ReleaseCapture
IsWindowUnicode
UpdateWindow
EnableWindow
SendMessageTimeoutW
EnumWindows
GetSysColor
GetForegroundWindow
WinHelpW
SetDlgItemTextW
CheckDlgButton
GetDlgItemTextW
InSendMessageEx
ShowWindow
SetWindowPos
SetForegroundWindow
SetFocus
ClientToScreen
SystemParametersInfoW
MonitorFromWindow
GetActiveWindow
GetWindowRect
GetMessagePos
PtInRect
GetKeyboardState
MapVirtualKeyExW
ToAsciiEx
IsRectEmpty
IntersectRect
LoadAcceleratorsW
CopyAcceleratorTableW
VkKeyScanW
GetMenuItemCount
GetMenuItemID
CheckMenuItem
MonitorFromRect
GetMonitorInfoW
GetMessageW
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
PostQuitMessage
MonitorFromPoint
GetDC
RedrawWindow
CreateAcceleratorTableW
OffsetRect
EqualRect
SetWindowRgn
SetPropW
SetParent
CreateWindowExW
SetLayeredWindowAttributes
SetCapture
GetWindowLongW
SetWindowLongW
IsWindowEnabled
GetCursor
LoadCursorA
GetPropW
InvalidateRect
ValidateRgn
BeginPaint
EndPaint
WindowFromDC
GetMessageTime
WaitMessage
RegisterClassExW

iertutil

ord32
ord764
ord209
ord690
ord19
ord21
ord775
CreateIUriBuilder
ord700
ord18
ord96
ord25
ord681
GetIUriPriv
ord820
ord26
CreateUriWithFragment
ord174
ord56
ord58
ord793
ord688
ord606
ord139
ord325
ord916
ord656
ord661
ord665
ord651
ord655
ord682
ord667
ord650
ord678
ord660
ord677
ord658
ord662
ord652
ord663
ord654
ord54
ord110
ord151
ord111
ord17
ord44
ord30
ord134
IntlPercentEncodeNormalize
ord466
ord597
ord594
ord792
ord177
ord603
ord779
ord781
ord774
ord765
ord138
ord607
ord281
ord282
ord35
ord42
GetPortFromUrlScheme
ord210
ord398
ord50
ord82
ord679
ord791
ord796
ord49
CreateUri
ord701
ord657
ord600
ord605

ntdll

NtQueryLicenseValue
NtCreateFile
RtlInitUnicodeString
NtQuerySystemInformation
RtlDllShutdownInProgress
NtClose

rpcrt4

RpcAsyncInitializeHandle
Ndr64AsyncClientCall
NdrClientCall3
RpcBindingCreateW
RpcBindingFree
RpcAsyncCancelCall
RpcAsyncCompleteCall
I_RpcExceptionFilter
UuidCreate
RpcBindingBind

api-ms-win-core-path-l1-1-0

PathCchAddBackslash
PathCchCanonicalize
PathCchAppend
PathCchCombine

sspicli

GetUserNameExW

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
FlushFileBuffers
GetFileInformationByHandle
CreateDirectoryW
GetDiskFreeSpaceExW
GetFullPathNameA
GetFileAttributesExW
FileTimeToLocalFileTime
SetFilePointerEx
GetLongPathNameW

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetLogicalProcessorInformation
GetVersionExA

api-ms-win-core-libraryloader-l1-2-0

LoadResource
SizeofResource
FindResourceExW
LockResource
LoadLibraryExA

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsA
GetStdHandle
SearchPathW

api-ms-win-core-file-l2-1-0

MoveFileExW
GetFileInformationByHandleEx

api-ms-win-core-synch-l1-1-0

TryAcquireSRWLockExclusive
TryEnterCriticalSection
OpenEventW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
CancelIoEx
DeviceIoControl

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolThreadMaximum
DisassociateCurrentThreadFromCallback
CloseThreadpool
CreateThreadpool

api-ms-win-core-handle-l1-1-0

DuplicateHandle

api-ms-win-core-localization-l1-2-0

GetThreadUILanguage
GetThreadPreferredUILanguages
GetSystemDefaultLCID
GetUserPreferredUILanguages
GetUserDefaultLangID
IsDBCSLeadByte

api-ms-win-core-string-l1-1-0

GetStringTypeW

api-ms-win-core-memory-l1-1-0

VirtualAlloc
VirtualQuery
VirtualProtect
VirtualFree

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-core-com-l1-1-0

IIDFromString
ProgIDFromCLSID
CoGetStandardMarshal

api-ms-win-core-memory-l1-1-1

ResetWriteWatch
VirtualUnlock
GetWriteWatch

api-ms-win-core-string-l2-1-0

IsCharUpperW
IsCharLowerW
CharPrevW

api-ms-win-core-processthreads-l1-1-0

SuspendThread
SwitchToThread
GetProcessTimes
OpenThread
ProcessIdToSessionId
SetThreadPriority
GetProcessIdOfThread
GetProcessId

api-ms-win-core-heap-l1-1-0

HeapUnlock
HeapSize
HeapLock
HeapReAlloc

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo
GetProductInfo

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-heap-l2-1-0

LocalReAlloc

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-realtime-l1-1-0

QueryProcessCycleTime
QueryThreadCycleTime

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-datetime-l1-1-2

GetDurationFormatEx

api-ms-win-core-registry-l1-1-0

RegEnumValueW
RegDeleteValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadsFromDll

winhttp

WinHttpGetIEProxyConfigForCurrentUser

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processthreads-l1-1-1

GetThreadContext

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo
SetConsoleTextAttribute

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

kernelbase

EnumUILanguagesW
lstrlenW
lstrlenA
StrToIntA
OpenGlobalizationUserSettingsKey
GetSystemDefaultUILanguage
GetNumberFormatW

api-ms-win-downlevel-shell32-l1-1-0

CommandLineToArgvW

Exports

Exports

ClearPhishingFilterData
ConvertAndEscapePostData
CreateCoreWebView
CreateHTMLPropertyPage
DllCanUnloadNow
DllEnumClassObjects
DllGetClassObject
GetColorValueFromString
GetWebPlatformObject
IEIsXMLNSRegistered
IERegisterXMLNS
InitializeLocalHtmlEngine
MatchExactGetIDsOfNames
PrintHTML
RunHTMLApplication
ShowHTMLDialog
ShowHTMLDialogEx
ShowModalDialog
ShowModelessHTMLDialog
TravelLogCreateInstance
TravelLogStgCreateInstance
UninitializeLocalHtmlEngine

Sections

.text
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 179KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 908KB - Virtual size: 907KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 538KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/updater/manager/2gjqsj37k9.txt
mrgt09/updater/manager/2zbw02ysgw.txt
mrgt09/updater/manager/4bdv5tn0xg.txt
mrgt09/updater/manager/56vsnydfkg.txt
mrgt09/updater/manager/67w1hiokyk.txt
mrgt09/updater/manager/8aqb19axll.txt
mrgt09/updater/manager/9h2dtr9rsf.txt
mrgt09/updater/manager/a73yp9dg52.txt
mrgt09/updater/manager/ai6tdhl9yk.txt
mrgt09/updater/manager/ait82rgw1i.txt
mrgt09/updater/manager/azocyn0ryh.txt
mrgt09/updater/manager/b95kw3xjde.txt
mrgt09/updater/manager/dta6vilkme.txt
mrgt09/updater/manager/ey4nzxxx8k.txt
mrgt09/updater/manager/gu3k1fvvdt.txt
mrgt09/updater/manager/k8ugmy3znq.txt
mrgt09/updater/manager/o6uen621mn.txt
mrgt09/updater/manager/of7v1tsupr.txt
mrgt09/updater/manager/ombiwa08eh.txt
mrgt09/updater/manager/owue5xjs21.txt
mrgt09/updater/manager/p1e4821wuv.txt
mrgt09/updater/manager/qlsdxw6s1m.txt
mrgt09/updater/manager/sgq7sq5dn6.txt
mrgt09/updater/manager/sv6d8lf3gi.txt
mrgt09/updater/manager/t9oanyai7x.txt
mrgt09/updater/manager/uh55dhy0va.txt
mrgt09/updater/manager/vq7a9q37lj.txt
mrgt09/updater/manager/w1aumnnipy.txt
mrgt09/updater/manager/w4886ycpaj.txt
mrgt09/updater/manager/w5oztd1ox8.txt
mrgt09/updater/manager/we2abxjemg.txt
mrgt09/updater/manager/zg9bujkkka.txt
mrgt09/updater/manager/zi8uvbjiyt.txt
mrgt09/wmp.dll
.dll regsvr32 windows:10 windows x64 arch:x64

Password: infected

36b9b1016d85dfa1274194edc17cae71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-string-l1-1-0

strcmp
wcscspn
wcspbrk
memset
strncmp
wcscmp
wcsncpy
wcsnlen
strnlen
wcsspn
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-time-l1-1-0

clock
_time32

api-ms-win-crt-private-l1-1-0

_o__wtof
_o__wtoi
_o__wtoi64
_o__wtol
_o_atan2
_o_atoi
_o_bsearch
_o_calloc
_o_ceil
_o_cos
_o_exit
_o_exp
_o_floor
_o_free
_o_isdigit
_o_isspace
_o_iswalnum
_o_iswalpha
_o_iswascii
_o_iswcntrl
_o_iswdigit
_o_iswprint
_o_iswspace
_o_iswxdigit
_o_isxdigit
_o_ldexp
_o_log
_o_malloc
_o_memcpy_s
_o_pow
_o_powf
_o_qsort
_o_qsort_s
_o_rand
_o_rand_s
_o_realloc
_o_sin
_o_sqrt
_o_srand
_o_strncpy_s
_o_terminate
_o_tolower
_o_toupper
_o_towlower
_o_towupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsftime
_o_wcsncpy_s
_o_wcstod
_o_wcstok_s
_o_wcstol
memmove
_o_wcstoul
wcsrchr
wcsstr
wcschr
__CxxFrameHandler3
_o__seh_filter_dll
_o__register_onexit_function
_o__purecall
_o__memicmp
_o__wsplitpath_s
_o__ltow
_o__localtime32
_o__wcsupr_s
_o__wcstoui64
_o__itow_s
_o__itow
_o__itoa_s
_o__wcsnicmp
strchr
_o__wcslwr
_o__wcsicoll
_o__wcsicmp
_o__ultow_s
_o__strnicmp
_o__stricmp
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__endthread
_o__difftime32
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__beginthreadex
_o__beginthread
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___acrt_iob_func
__C_specific_handler
__std_terminate
__CxxFrameHandler4
_CxxThrowException
memcmp
memcpy

ntdll

RtlNtStatusToDosError
RtlGetPersistedStateLocation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

kernel32

EncodePointer
HeapAlloc
DecodePointer
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibraryAndExitThread
GetUserDefaultLCID
CompareStringOrdinal
MoveFileW
GetFileSize
WideCharToMultiByte
GetLocaleInfoW
CeipIsOptedIn
GlobalAlloc
GlobalFree
GetExitCodeThread
GetLocalTime
GetVolumeInformationW
GetTickCount64
SetThreadExecutionState
GetCurrentDirectoryW
WriteFile
Sleep
TerminateThread
GlobalMemoryStatusEx
WaitForMultipleObjects
DeviceIoControl
SetErrorMode
GetComputerNameW
ReleaseSemaphore
CreateSemaphoreW
ExitThread
GetThreadPriority
ExpandEnvironmentStringsW
GetComputerNameExW
SetFilePointer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
LoadLibraryExA
GetThreadLocale
GetFileAttributesExW
HeapFree
GetProcessHeap
GetDriveTypeW
GlobalUnlock
GlobalLock
FindPackagesByPackageFamily
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateThread
GetDiskFreeSpaceExW
SetFileAttributesW
GetCurrentProcessId
DeleteFileW
GetTickCount
FindClose
FindNextFileW
FindFirstFileW
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
CreateEventW
WaitForSingleObject
DebugBreak
OpenEventW
LocalFree
FormatMessageW
GetUserDefaultUILanguage
SetThreadPriority
SetEvent
lstrlenW
GetVersionExW
GetCurrentThread
RaiseFailFastException
GetCurrentProcess
VirtualFree
GetCurrentThreadId
SetLastError
CopyFileW
SystemTimeToFileTime
GetSystemTime
LockResource
lstrcpyW
HeapDestroy
DisableThreadLibraryCalls
HeapSetInformation
ReadFile
CreateFileW
GetShortPathNameW
FindResourceW
LoadLibraryW
MulDiv
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetModuleFileNameW
FindResourceExW
LoadResource
SizeofResource
MultiByteToWideChar
GetSystemInfo
VirtualQuery
VirtualAlloc
VirtualProtect
lstrcpynW
lstrcmpiW
GetModuleHandleW
LoadLibraryExW
GetProcAddress
GetLastError
FreeLibrary
BindIoCompletionCallback
CreateToolhelp32Snapshot
Process32NextW
CloseThreadpoolTimer
CreateThreadpoolTimer
CompareFileTime
FileTimeToSystemTime
CreateMutexW
ReleaseMutex
CopyFileExW
LocalFileTimeToFileTime
CreateDirectoryW
RemoveDirectoryW
GetDateFormatW
GetTimeFormatW
GetVersionExA
ExitProcess
QueryPerformanceFrequency
lstrcmpW
LocalAlloc
DuplicateHandle
HeapCreate
HeapReAlloc
HeapSize
GetLocaleInfoA
GetFileInformationByHandle
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetFileType
SetEndOfFile
FlushFileBuffers
OpenMutexW
OpenFileMappingW
GetFullPathNameW
GetLongPathNameW
GetTempFileNameW
IsValidLocale
GetProcessTimes
OpenThread
LCMapStringW
GlobalMemoryStatus
GetTempPathW
GetFileAttributesW
GetPrivateProfileStringW
OutputDebugStringW
MoveFileExW
InitializeCriticalSectionEx
GetDiskFreeSpaceW
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeEnvironmentStringsA
lstrcatW
FileTimeToLocalFileTime
GetNumberFormatW
GetModuleHandleA
GetACP
GetModuleFileNameA
CreateProcessW
GetExitCodeProcess
Process32FirstW
DelayLoadFailureHook
ResolveDelayLoadedAPI
FindFirstFileExW
GetOverlappedResult
ReadDirectoryChangesW
GetProcessMitigationPolicy
ProcessIdToSessionId
FindNLSString
TryEnterCriticalSection
SetFilePointerEx
WaitForMultipleObjectsEx
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GlobalDeleteAtom
GlobalAddAtomW
GlobalSize
GlobalReAlloc
GetSystemPowerStatus
lstrlenA
GetTimeZoneInformation

oleaut32

SysFreeString
VarUI4FromStr
VariantChangeType
VariantClear
SysStringLen
SysAllocStringLen
SysAllocString
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
SafeArrayGetElemsize
SafeArrayGetDim
OleCreatePropertyFrame
VariantChangeTypeEx
SafeArrayCreateVectorEx
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
OleCreatePropertyFrameIndirect
VariantInit
SetErrorInfo
VarCmp
VariantTimeToSystemTime
DispCallFunc
VarR8FromUI8
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreateVector
SystemTimeToVariantTime
CreateErrorInfo
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound

api-ms-win-core-registry-l2-1-0

RegDeleteKeyW
RegEnumKeyW

api-ms-win-core-com-l1-1-0

CoMarshalInterface
CoUnmarshalInterface
CoReleaseMarshalData
CoSetProxyBlanket
StringFromIID
CoRegisterClassObject
GetHGlobalFromStream
StringFromCLSID
CoRevokeClassObject
CoCreateFreeThreadedMarshaler
CoCreateGuid
PropVariantCopy
IIDFromString
CoWaitForMultipleHandles
CoTaskMemRealloc
CoGetTreatAsClass
CoFreeUnusedLibraries
CLSIDFromString
CoTaskMemFree
CLSIDFromProgID
CreateStreamOnHGlobal
StringFromGUID2
CoGetInterfaceAndReleaseStream
CoTaskMemAlloc
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoDisconnectObject
PropVariantClear
CoInitializeEx
CoGetStandardMarshal
CoUninitialize
CoGetClassObject

api-ms-win-core-string-l2-1-0

CharNextW
CharPrevW
CharLowerW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegDeleteValueW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegQueryInfoKeyW
RegGetValueW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage
RegisterTraceGuidsW
UnregisterTraceGuids
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
GetTraceEnableLevel

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventEnabled
EventSetInformation
EventUnregister
EventRegister
EventWrite

api-ms-win-core-libraryloader-l1-2-0

LoadStringA
LoadStringW
GetModuleHandleExW
FreeResource

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW
GetFileVersionInfoSizeW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-mm-time-l1-1-0

timeEndPeriod
timeGetTime
timeBeginPeriod

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathRemoveBackslashW
PathFindExtensionW
PathRemoveFileSpecW

api-ms-win-shcore-comhelpers-l1-1-0

IUnknown_QueryService

api-ms-win-security-cryptoapi-l1-1-0

CryptAcquireContextW
CryptGenRandom

api-ms-win-core-url-l1-1-0

UrlCombineW
UrlCanonicalizeW

api-ms-win-core-com-private-l1-1-0

CoRegisterMessageFilter

api-ms-win-security-base-l1-1-0

GetAce
EqualSid
GetAclInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
MakeSelfRelativeSD
AllocateAndInitializeSid
DuplicateTokenEx
SetFileSecurityW
GetSecurityDescriptorLength
IsValidSecurityDescriptor
GetSecurityDescriptorControl
CreateWellKnownSid
MapGenericMask
GetTokenInformation
FreeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
AccessCheck
GetWindowsAccountDomainSid
GetFileSecurityW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-perfcounters-l1-1-0

PerfStopProvider
PerfSetCounterSetInfo
PerfStartProviderEx

api-ms-win-core-sysinfo-l2-1-0

GetUserNameW

api-ms-win-core-processthreads-l1-1-0

CreateProcessAsUserW
TlsSetValue
CreateProcessA
OpenThreadToken
OpenProcessToken
TlsGetValue

api-ms-win-core-stringansi-l1-1-0

CharNextA

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIA

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW

wmvcore

WMValidateData
WMCreateSyncReader
WMCreateWriter
WMIsContentProtected
WMCreateReader
WMCreateEditor
WMCreateProfileManager

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
CreateEventExW
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-localization-l1-2-0

GetUserDefaultLocaleName
GetGeoInfoW
LocaleNameToLCID
GetSystemDefaultLCID
GetUserDefaultLangID
GetUserGeoID

api-ms-win-core-sysinfo-l1-2-0

GetProductInfo

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoActivateInstance

api-ms-win-core-sysinfo-l1-1-0

GetVersion
GetWindowsDirectoryW
GetSystemDirectoryW

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-string-l1-1-0

GetStringTypeExW
CompareStringW

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpool
CreateThreadpool
WaitForThreadpoolWaitCallbacks

api-ms-win-core-file-l1-1-0

GetFileSizeEx
QueryDosDeviceW

api-ms-win-core-localization-l1-2-1

EnumSystemLocalesEx

gdiplus

GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipGetPropertyItemSize
GdipGetImagePalette
GdipGetImagePaletteSize
GdipFillPath
GdipGetImageHorizontalResolution
GdipGetImagePixelFormat
GdipGetPropertyItem
GdipLoadImageFromStream
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipSetSolidFillColor
GdipImageRotateFlip
GdipCreateHBITMAPFromBitmap
GdipSetPixelOffsetMode
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipRotateMatrix
GdipCreateHICONFromBitmap
GdipDrawImageI
GdipDeleteGraphics
GdipDrawImageRectI
GdiplusShutdown
GdipGetImageEncodersSize
GdipSetWorldTransform
GdipGetDC
GdipSetLineBlend
GdipFillRectangleI
GdipCreateBitmapFromHBITMAP
GdipCreatePath
GdipDeletePath
GdipAddPathRectangleI
GdipCreatePathGradientFromPath
GdipSetPathGradientCenterColor
GdipSetPathGradientCenterPointI
GdipSetPathGradientFocusScales
GdipGetPropertySize
GdipLoadImageFromFile
GdipCreateBitmapFromResource
GdipCreateBitmapFromStream
GdipSetLineSigmaBlend
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipSaveImageToStream
GdipGetTextureTransform
GdipTranslateTextureTransform
GdipGetImageEncoders
GdipResetTextureTransform
GdipCreateFromHDC
GdipReleaseDC
GdipSetTextureTransform
GdipCreateTexture
GdipSetTextureWrapMode
GdipTranslateWorldTransform
GdipGetImageWidth
GdipDrawCachedBitmap
GdipCreateCachedBitmap
GdipCreateSolidFill
GdipGetAllPropertyItems
GdipCreatePen1
GdipDeletePen
GdipDrawRectangleI
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipCreateBitmapFromHICON
GdipGetImageHeight
GdipCreateBitmapFromGdiDib
GdipSaveImageToFile
GdipSetPropertyItem
GdiplusStartup
GdipCreateBitmapFromScan0
GdipSetSmoothingMode
GdipDeleteBrush
GdipCloneBrush
GdipCreateImageAttributes
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetCompositingQuality
GdipDeleteCachedBitmap
GdipSetPathGradientBlend
GdipCreateLineBrushFromRectI
GdipFree

gdi32

Polyline
DPtoLP
DeleteObject
GetDeviceCaps
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPointW
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
CreateRectRgnIndirect
CreateCompatibleDC
GetClipBox
OffsetViewportOrgEx
GetStockObject
ExcludeClipRect
RectVisible
SetLayout
SetStretchBltMode
SetBkMode
SetTextColor
CreateFontW
GetObjectW
CreateCompatibleBitmap
CreateRectRgn
CombineRgn
OffsetRgn
StretchBlt
StretchDIBits
CreateSolidBrush
SetRectRgn
GetRgnBox
PtInRegion
SetBkColor
PatBlt
IntersectClipRect
CreatePen
Rectangle
GetLayout
BitBlt
GetObjectType
GetBkColor
ExtTextOutW
SetTextAlign
TextOutW
GetObjectA
GetDIBColorTable
CreateDIBSection
CreateICW
SetDIBits
GetDIBits
SetDIBitsToDevice
ExtCreateRegion
SetDIBColorTable
ExtSelectClipRgn
GetRegionData
GetTextAlign
SelectPalette
RealizePalette
GetPaletteEntries
SetPaletteEntries
GetSystemPaletteEntries
CreatePalette
SelectClipRgn
GdiFlush
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
Ellipse
MoveToEx
LineTo
GetTextColor
SetTextCharacterExtra
CreateBrushIndirect
RoundRect
OffsetWindowOrgEx
GetTextExtentPoint32W

user32

DrawTextExW
SetGestureConfig
CloseGestureInfoHandle
SendMessageCallbackW
SetMenuInfo
SetMenuItemBitmaps
DrawMenuBar
GetScrollRange
GetWindowDC
SystemParametersInfoA
CopyAcceleratorTableW
GetDpiForWindow
UpdateLayeredWindowIndirect
TrackMouseEvent
GetScrollPos
GetQueueStatus
RegisterClipboardFormatW
SystemParametersInfoForDpi
IsMenu
EnumDisplayDevicesW
SetPropW
GetPropW
BringWindowToTop
GetClassLongPtrW
ShowCursor
GetShellWindow
SetLayeredWindowAttributes
EnumDisplayMonitors
RegisterWindowMessageA
CheckRadioButton
GetDlgItemInt
ShowScrollBar
GetScrollBarInfo
GetDlgItemTextW
EnumChildWindows
IsDlgButtonChecked
CheckDlgButton
GetMessageExtraInfo
NotifyWinEvent
GetWindowInfo
CloseWindow
EnumWindows
SetClassLongW
GetDoubleClickTime
CloseClipboard
GetClipboardData
OpenClipboard
GetClipboardOwner
DrawEdge
GetNextDlgTabItem
WindowFromDC
GetScrollInfo
GetMessageTime
SetClassLongPtrW
DrawFocusRect
GetMessagePos
InflateRect
MonitorFromRect
IsZoomed
GetSystemMenu
GetSysColor
MsgWaitForMultipleObjectsEx
InSendMessage
PostThreadMessageW
GetClassNameW
SendMessageTimeoutA
SendMessageTimeoutW
DestroyCursor
MonitorFromWindow
GetDesktopWindow
SetParent
GetClassInfoW
MsgWaitForMultipleObjects
SendDlgItemMessageW
SetDlgItemInt
SetDlgItemTextW
EndDialog
LoadIconW
VkKeyScanW
GetDlgCtrlID
DrawTextW
GetSystemMetricsForDpi
GetWindowLongPtrW
SetWindowLongPtrW
GetDC
ReleaseDC
GetDialogBaseUnits
EndPaint
GetClientRect
BeginPaint
GetFocus
IsChild
IsDialogMessageW
WinHelpW
MoveWindow
ShowWindow
IsWindow
RegisterClassExW
GetClassInfoExW
wsprintfW
LoadCursorW
DestroyWindow
DefWindowProcW
CreateWindowExW
GetDlgItem
SendMessageW
CallWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
MessageBoxW
LoadImageW
GetMenuItemCount
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
PostMessageW
GetWindowRect
PtInRect
GetActiveWindow
LoadMenuW
LoadAcceleratorsW
SetWindowPos
InvalidateRect
GetWindowLongW
PostQuitMessage
SetFocus
MapWindowPoints
MessageBeep
RemoveMenu
AppendMenuW
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
MonitorFromPoint
GetMonitorInfoW
GetParent
IsWindowVisible
SetWindowLongW
FillRect
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
DestroyAcceleratorTable
UnionRect
GetKeyState
UnregisterClassW
CopyRect
InvalidateRgn
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetCursorPos
SetCursor
SystemParametersInfoW
ClientToScreen
SetRectEmpty
IsRectEmpty
SetRect
GetSubMenu
TrackPopupMenu
EnableWindow
SetWindowTextW
UpdateWindow
CreateDialogParamW
GetWindowTextLengthW
GetWindowTextW
SetTimer
FrameRect
KillTimer
IsWindowUnicode
IsWindowEnabled
AdjustWindowRectEx
IsIconic
GetWindowPlacement
GetAsyncKeyState
SetActiveWindow
SetForegroundWindow
RedrawWindow
GetWindowThreadProcessId
GetTopWindow
GetWindow
GetMenuStringW
GetMenuItemID
EnableMenuItem
DeleteMenu
CheckMenuRadioItem
InsertMenuW
CreateMenu
CheckMenuItem
GetIconInfo
GetSysColorBrush
DrawIconEx
InsertMenuItemW
DestroyIcon
GetMenuInfo
GetAncestor
FindWindowW
SetThreadDpiAwarenessContext
AllowSetForegroundWindow
DialogBoxParamW
GetMenu
GetWindowRgn
CallNextHookEx
FindWindowExW
GetClassLongW
SetWindowPlacement
SetMenu
RegisterClassW
RegisterWindowMessageW
ChangeWindowMessageFilterEx
SetWindowsHookExW
UnhookWindowsHookEx
TranslateAcceleratorW
GetUpdateRect
GetGestureInfo
GetSystemMetrics
ValidateRect

ole32

WriteClassStm
CoAllowSetForegroundWindow
IsAccelerator
OleRegGetUserType
CreateDataAdviseHolder
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleSaveToStream
OleLoadFromStream
CreateBindCtx
CoInitialize
ReleaseStgMedium
GetRunningObjectTable
OleRegEnumVerbs
CreateOleAdviseHolder
OleRegGetMiscStatus

dwmapi

DwmIsCompositionEnabled

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-featurestaging-l1-1-0

UnsubscribeFeatureStateChangeNotification
RecordFeatureUsage
SubscribeFeatureStateChangeNotification

bcrypt

BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptGetProperty
BCryptDestroyKey
BCryptVerifySignature
BCryptImportKeyPair
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCreateHash

mfperfhelper

ord1
ord101
ord58
ord100

api-ms-win-core-io-l1-1-1

CancelIo

api-ms-win-core-com-l1-1-2

CoFileTimeNow

api-ms-win-core-io-l1-1-0

CancelIoEx

api-ms-win-crt-math-l1-1-0

sqrtf
sinf
tanf
cosf
logf

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 7.8MB - Virtual size: 7.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGELK
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 824KB - Virtual size: 824KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/x64/opengl64.dll
.exe windows:6 windows x64 arch:x64

Password: infected

12c058d908f07eb19d3f1f0a4bb41bef

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:52:fd:13:81:7d:a3:86:5d:e4:84:46:8c:35:09:a5:26:83:ae:ac:37:64:c9:0f:42:89:b7:70:65:88:10:df
Signer

Actual PE Digest

0c:52:fd:13:81:7d:a3:86:5d:e4:84:46:8c:35:09:a5:26:83:ae:ac:37:64:c9:0f:42:89:b7:70:65:88:10:df

Digest Algorithm

sha256

PE Digest Matches

true

b4:28:b6:ea:a9:f1:d8:dd:26:dd:e6:4d:49:5f:06:c6:e0:8c:f6:c4
Signer

Actual PE Digest

b4:28:b6:ea:a9:f1:d8:dd:26:dd:e6:4d:49:5f:06:c6:e0:8c:f6:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

xinput1_3

ord3
ord2

advapi32

CryptReleaseContext
OpenProcessToken
RegDeleteTreeW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyExW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
RegCloseKey
RegCreateKeyExW

user32

WindowFromPoint
ClipCursor
GetDlgItem
SetDlgItemTextW
GetSystemMetrics
SetForegroundWindow
SetWindowTextW
GetWindowRect
MessageBoxW
ScreenToClient
GetWindowLongW
GetTopWindow
EnumDisplayDevicesW
GetKeyboardLayout
DisableProcessWindowsGhosting
TranslateMessage
DispatchMessageW
GetMessageExtraInfo
SendMessageW
DefWindowProcW
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoA
ReleaseDC
GetWindowInfo
EnumDisplayMonitors
SetWindowLongPtrW
GetProcessWindowStation
GetUserObjectInformationW
GetCursorPos
SetCursor
SetCursorPos
ClientToScreen
RegisterClassW
UnregisterClassW
CreateWindowExW
GetClipCursor
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
GetWindowPlacement
SetWindowPlacement
IsIconic
IsZoomed
GetDC
GetForegroundWindow
SetActiveWindow
UpdateWindow
EnableMenuItem
GetSystemMenu
IsWindowEnabled
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
ShowCursor
AdjustWindowRectEx
GetClientRect
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
MonitorFromPoint
SystemParametersInfoW
EnumDisplaySettingsW
CreateIconIndirect
LoadImageW
LoadIconW
LoadCursorFromFileW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassLongPtrW
RegisterClassExW
MoveWindow
MsgWaitForMultipleObjects
SetRect
IsWindow
GetWindowLongPtrW
SetWindowLongW
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
RegisterTouchWindow
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetKeyState
GetFocus
EndDialog
DialogBoxParamW
SetWindowPos
PostQuitMessage
UnregisterHotKey
RegisterHotKey
PeekMessageW
GetActiveWindow
GetRawInputData
SetFocus

gdi32

PtInRegion
SelectObject
CreateCompatibleDC
DeleteDC
GetTextExtentPoint32W
SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetTextMetricsW
CreateFontW
CreateBitmap
GetDeviceCaps
CreateFontIndirectW
CreateRectRgn
CreateRoundRectRgn
DeleteObject

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertOpenSystemStoreW
CertGetNameStringW
CertEnumCertificatesInStore

ws2_32

accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
__WSAFDIsSet
htonl
htons
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
gethostname
WSAStartup
WSACleanup
WSAGetLastError
getaddrinfo
freeaddrinfo
getnameinfo
WSAIoctl
WSASetLastError
getsockopt
inet_pton

wldap32

ord143
ord46
ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60

normaliz

IdnToAscii

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

d3dcompiler_43

D3DCompile
D3DReflect

dbghelp

SymFunctionTableAccess64
MiniDumpWriteDump
SymRefreshModuleList
StackWalk64
SymFromAddr
SymInitializeW
SymGetLineFromAddr64
SymGetModuleBase64
SymGetModuleInfo64
SymSetOptions
SymGetModuleInfoW64
SymGetOptions

winmm

timeBeginPeriod

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
VerSetConditionMask
RtlCaptureStackBackTrace
CreateToolhelp32Snapshot
K32GetProcessMemoryInfo
K32GetModuleFileNameExW
K32EnumProcessModulesEx
SystemTimeToFileTime
FileTimeToSystemTime
MoveFileW
CopyFileW
ReOpenFile
UnmapViewOfFile
MapViewOfFile
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
GlobalMemoryStatusEx
GetProcessId
ResumeThread
SuspendThread
OpenThread
GetCurrentProcessId
SetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
OutputDebugStringW
SetThreadErrorMode
PeekNamedPipe
QueryPerformanceFrequency
SetEvent
ReleaseSemaphore
GetEnvironmentVariableW
CreateFileMappingW
GetCurrentDirectoryW
Sleep
GetCurrentProcess
LoadLibraryExA
VirtualQuery
CreateSemaphoreA
GetProcessTimes
TerminateProcess
GetExitCodeProcess
LocalFree
SwitchToThread
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
ExpandEnvironmentStringsA
WaitForMultipleObjects
WaitForSingleObjectEx
SleepEx
InitializeCriticalSectionEx
GetTickCount64
FormatMessageA
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
WideCharToMultiByte
MultiByteToWideChar
CreateFiber
DeleteFiber
SwitchToFiber
CreateEventW
GetDateFormatEx
GetTimeFormatEx
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
CreateThread
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentThread
SetThreadPriority
ResolveLocaleName
GetCurrencyFormatEx
GetNumberFormatEx
LocaleNameToLCID
LCIDToLocaleName
GetUserGeoID
GetVersionExW
CreateProcessW
GetLogicalProcessorInformationEx
GetNativeSystemInfo
GetGeoInfoW
GetDynamicTimeZoneInformation
GetLocaleInfoEx
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadResource
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetACP
GetThreadContext
GetEnvironmentVariableA
GetStartupInfoW
LoadLibraryA
VirtualUnlock
GetLargePageMinimum
FlsSetValue
FlsAlloc
GetModuleHandleExA
SetErrorMode
MulDiv
GlobalFree
SetConsoleWindowInfo
SetConsoleTextAttribute
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
AttachConsole
FreeConsole
AllocConsole
GlobalLock
GlobalUnlock
GlobalAlloc
GetVersion
GetProcessHandleCount
CreateWaitableTimerW
SetWaitableTimer
Process32NextW
DebugBreak
LockResource
Process32FirstW
GetConsoleWindow
SetConsoleCtrlHandler
GetUserDefaultLocaleName
GetUserPreferredUILanguages
GetSystemPowerStatus
VerifyVersionInfoW
GetComputerNameW
QueryFullProcessImageNameW
lstrlenW
FormatMessageW
SetThreadAffinityMask
LoadLibraryW
FindResourceW
InitializeCriticalSection
SetCriticalSectionSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentThreadId
GetStdHandle
GetCommandLineW
FindClose
FindFirstFileW
GetFileType
OpenProcess
WriteConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapSetInformation
SetHandleInformation
CreatePipe
CreateDirectoryW
CreateFileW
DeleteFileW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFinalPathNameByHandleW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
RaiseException
GetLastError
SetLastError
GetOverlappedResult
ResetEvent
WaitForSingleObject
SizeofResource

comdlg32

ChooseFontW

shell32

ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
SHGetFolderPathW
SHCreateItemFromParsingName

ole32

RevokeDragDrop
ReleaseStgMedium
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize
OleInitialize
RegisterDragDrop
CoTaskMemFree
OleUninitialize

oleaut32

VariantCopy
SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysFreeString

iphlpapi

GetAdaptersAddresses

setupapi

SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_IDW

dwmapi

DwmExtendFrameIntoClientArea
DwmGetCompositionTimingInfo
DwmSetWindowAttribute
DwmIsCompositionEnabled

imm32

ImmGetDescriptionW
ImmGetIMEFileNameW
ImmGetProperty
ImmCreateContext
ImmDestroyContext
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

uiautomationcore

UiaRaiseAutomationPropertyChangedEvent
UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaHostProviderFromHwnd
UiaClientsAreListening

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser

opengl32

glPolygonMode
glScissor
glStencilFunc
glStencilMask
glStencilOp
glGetString
glTexImage2D
glTexParameteri
glTexSubImage2D
glGenTextures
glViewport
glEnable
glDisable
wglCreateContext
glBlendFunc
glPixelStorei
wglDeleteContext
wglGetProcAddress
wglMakeCurrent
glBindTexture
glAlphaFunc
glDeleteTextures
glTexEnvi

msvcp140

_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Thrd_yield

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbgeng

DebugCreate

bcrypt

BCryptGenRandom

vcruntime140

__intrinsic_setjmp
__current_exception_context
__current_exception
__RTDynamicCast
__std_type_info_name
__std_type_info_compare
__RTtypeid
__CxxFrameHandler3
strchr
longjmp
__std_exception_destroy
__std_exception_copy
__std_terminate
memchr
_set_purecall_handler
__C_specific_handler
wcsrchr
strstr
wcschr
_CxxThrowException
_purecall
memcpy
memmove
memset
wcsstr
memcmp
strrchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-convert-l1-1-0

strtod
_wtof
_wtoi64
_wtoi
atoi
wcstod
_wcstoui64
_wcstoi64
_strtoi64
atof
strtol
strtoul
strtoll
wcstoul

api-ms-win-crt-utility-l1-1-0

srand
div
rand
qsort
bsearch

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
fputs
fwrite
_read
_write
_close
_open
setbuf
fread
ferror
fclose
_setmode
_fileno
clearerr
_lseeki64
_set_fmode
feof
fseek
ftell
__acrt_iob_func
__stdio_common_vsprintf
fgets
__stdio_common_vsscanf
_wfopen
fopen
__stdio_common_vfwprintf
__stdio_common_vswprintf
fputc
fflush

api-ms-win-crt-string-l1-1-0

isxdigit
tolower
isalpha
strpbrk
wcsncmp
isalnum
_strdup
strcspn
_strnicmp
_stricmp
wcsncpy
isdigit
iswdigit
iswspace
strcmp
isupper
islower
isgraph
strncmp
isspace
strncat
toupper
strncpy
strspn
isprint
iswpunct
iswlower
iswxdigit
iswalpha
iswalnum

api-ms-win-crt-heap-l1-1-0

_heapchk
_set_new_mode
_aligned_free
_aligned_malloc
realloc
_get_heap_handle
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

floor
logf
truncf
floorf
ceil
fmod
ceilf
_dsign
__setusermatherr
_dtest
trunc
modf
_isnan
round
asin
frexp
powf
_finite
cosf
sinf
atan
atan2
cos
log
sin
pow
sqrt
tan

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_getpid
_errno
exit
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_register_onexit_function
_set_app_type
_initialize_onexit_table
_exit
raise
__sys_nerr
_initterm
strerror
_initterm_e
_beginthreadex
abort
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
signal
terminate
strerror_s
_get_narrow_winmain_command_line

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_cputs

api-ms-win-crt-time-l1-1-0

__tzname
_tzset
_gmtime64_s
_gmtime64
_time64
__timezone

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_stat64i32
_fstat64i32

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

png_access_version_number
png_benign_error
png_build_grayscale_palette
png_calloc
png_chunk_benign_error
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_chunk_cache_max
png_get_chunk_malloc_max
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_current_pass_number
png_get_current_row_number
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_int_32
png_get_interlace_type
png_get_io_chunk_name
png_get_io_chunk_type
png_get_io_ptr
png_get_io_state
png_get_libpng_ver
png_get_mem_ptr
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pHYs_dpi
png_get_pixel_aspect_ratio
png_get_pixel_aspect_ratio_fixed
png_get_pixels_per_inch
png_get_pixels_per_meter
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sCAL_fixed
png_get_sCAL_s
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_16
png_get_uint_31
png_get_uint_32
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_inches
png_get_x_offset_inches_fixed
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_inch
png_get_x_pixels_per_meter
png_get_y_offset_inches
png_get_y_offset_inches_fixed
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_inch
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_longjmp
png_malloc
png_malloc_default
png_malloc_warn
png_permit_mng_features
png_read_end
png_read_image
png_read_info
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_bKGD
png_set_background
png_set_background_fixed
png_set_benign_errors
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_chunk_cache_max
png_set_chunk_malloc_max
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_error_fn
png_set_expand
png_set_expand_16
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_filter_heuristics_fixed
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gamma_fixed
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_longjmp_fn
png_set_mem_fn
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_quantize
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sCAL_fixed
png_set_sCAL_s
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_png
png_write_row
png_write_rows
png_write_sig

Sections

.text
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/x64/trading_api64.dll
.dll windows:5 windows x64 arch:x64

Password: infected

f7d326cb8fdda36f97bcf61c5e808a67

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:4f:46:6c:ec:cb:e9:d6:be:e8:1f:54:35:e6:4d:47
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/10/2018, 00:00

Not After

07/10/2021, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d6:f4:f2:14:01:39:23:fa:d2:a1:74:05:1b:dd:82:d1:27:84:25:17
Signer

Actual PE Digest

d6:f4:f2:14:01:39:23:fa:d2:a1:74:05:1b:dd:82:d1:27:84:25:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
LoadLibraryExA
LoadLibraryExW
GetModuleFileNameW
GetExitCodeProcess
GetModuleHandleExW
GetCommandLineW
GetEnvironmentVariableA
SetEnvironmentVariableA
OutputDebugStringA
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
OpenProcess
FreeLibrary
GetModuleHandleA
GetProcAddress
SetEndOfFile
ReadConsoleW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStringTypeW
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadFile

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteW

Exports

Exports

CAddAppDependencyResult_t_RemoveCallResult
CAddAppDependencyResult_t_SetCallResult
CAddUGCDependencyResult_t_RemoveCallResult
CAddUGCDependencyResult_t_SetCallResult
CAssociateWithClanResult_t_RemoveCallResult
CAssociateWithClanResult_t_SetCallResult
CChangeNumOpenSlotsCallback_t_RemoveCallResult
CChangeNumOpenSlotsCallback_t_SetCallResult
CCheckFileSignature_t_RemoveCallResult
CCheckFileSignature_t_SetCallResult
CClanOfficerListResponse_t_RemoveCallResult
CClanOfficerListResponse_t_SetCallResult
CComputeNewPlayerCompatibilityResult_t_RemoveCallResult
CComputeNewPlayerCompatibilityResult_t_SetCallResult
CCreateBeaconCallback_t_RemoveCallResult
CCreateBeaconCallback_t_SetCallResult
CCreateItemResult_t_RemoveCallResult
CCreateItemResult_t_SetCallResult
CDeleteItemResult_t_RemoveCallResult
CDeleteItemResult_t_SetCallResult
CDurationControl_t_RemoveCallResult
CDurationControl_t_SetCallResult
CEncryptedAppTicketResponse_t_RemoveCallResult
CEncryptedAppTicketResponse_t_SetCallResult
CFileDetailsResult_t_RemoveCallResult
CFileDetailsResult_t_SetCallResult
CFriendsEnumerateFollowingList_t_RemoveCallResult
CFriendsEnumerateFollowingList_t_SetCallResult
CFriendsGetFollowerCount_t_RemoveCallResult
CFriendsGetFollowerCount_t_SetCallResult
CFriendsIsFollowing_t_RemoveCallResult
CFriendsIsFollowing_t_SetCallResult
CGSReputation_t_RemoveCallResult
CGSReputation_t_SetCallResult
CGSStatsReceived_t_RemoveCallResult
CGSStatsReceived_t_SetCallResult
CGSStatsStored_t_RemoveCallResult
CGSStatsStored_t_SetCallResult
CGetAppDependenciesResult_t_RemoveCallResult
CGetAppDependenciesResult_t_SetCallResult
CGetOPFSettingsResult_t_RemoveCallback
CGetOPFSettingsResult_t_SetCallback
CGetUserItemVoteResult_t_RemoveCallResult
CGetUserItemVoteResult_t_SetCallResult
CGlobalAchievementPercentagesReady_t_RemoveCallResult
CGlobalAchievementPercentagesReady_t_SetCallResult
CGlobalStatsReceived_t_RemoveCallResult
CGlobalStatsReceived_t_SetCallResult
CHTML_BrowserReady_t_RemoveCallResult
CHTML_BrowserReady_t_SetCallResult
CJoinClanChatRoomCompletionResult_t_RemoveCallResult
CJoinClanChatRoomCompletionResult_t_SetCallResult
CJoinPartyCallback_t_RemoveCallResult
CJoinPartyCallback_t_SetCallResult
CLeaderboardFindResult_t_RemoveCallResult
CLeaderboardFindResult_t_SetCallResult
CLeaderboardScoreUploaded_t_RemoveCallResult
CLeaderboardScoreUploaded_t_SetCallResult
CLeaderboardScoresDownloaded_t_RemoveCallResult
CLeaderboardScoresDownloaded_t_SetCallResult
CLeaderboardUGCSet_t_RemoveCallResult
CLeaderboardUGCSet_t_SetCallResult
CLobbyCreated_t_RemoveCallResult
CLobbyCreated_t_SetCallResult
CLobbyEnter_t_RemoveCallResult
CLobbyEnter_t_SetCallResult
CLobbyMatchList_t_RemoveCallResult
CLobbyMatchList_t_SetCallResult
CMarketEligibilityResponse_t_RemoveCallResult
CMarketEligibilityResponse_t_SetCallResult
CNumberOfCurrentPlayers_t_RemoveCallResult
CNumberOfCurrentPlayers_t_SetCallResult
CRemoteStorageDeletePublishedFileResult_t_RemoveCallResult
CRemoteStorageDeletePublishedFileResult_t_SetCallResult
CRemoteStorageDownloadUGCResult_t_RemoveCallResult
CRemoteStorageDownloadUGCResult_t_SetCallResult
CRemoteStorageEnumeratePublishedFilesByUserActionResult_t_RemoveCallResult
CRemoteStorageEnumeratePublishedFilesByUserActionResult_t_SetCallResult
CRemoteStorageEnumerateUserPublishedFilesResult_t_RemoveCallResult
CRemoteStorageEnumerateUserPublishedFilesResult_t_SetCallResult
CRemoteStorageEnumerateUserSubscribedFilesResult_t_RemoveCallResult
CRemoteStorageEnumerateUserSubscribedFilesResult_t_SetCallResult
CRemoteStorageEnumerateWorkshopFilesResult_t_RemoveCallResult
CRemoteStorageEnumerateWorkshopFilesResult_t_SetCallResult
CRemoteStorageFileReadAsyncComplete_t_RemoveCallResult
CRemoteStorageFileReadAsyncComplete_t_SetCallResult
CRemoteStorageFileShareResult_t_RemoveCallResult
CRemoteStorageFileShareResult_t_SetCallResult
CRemoteStorageFileWriteAsyncComplete_t_RemoveCallResult
CRemoteStorageFileWriteAsyncComplete_t_SetCallResult
CRemoteStorageGetPublishedFileDetailsResult_t_RemoveCallResult
CRemoteStorageGetPublishedFileDetailsResult_t_SetCallResult
CRemoteStorageGetPublishedItemVoteDetailsResult_t_RemoveCallResult
CRemoteStorageGetPublishedItemVoteDetailsResult_t_SetCallResult
CRemoteStoragePublishFileProgress_t_RemoveCallResult
CRemoteStoragePublishFileProgress_t_SetCallResult
CRemoteStorageSetUserPublishedFileActionResult_t_RemoveCallResult
CRemoteStorageSetUserPublishedFileActionResult_t_SetCallResult
CRemoteStorageSubscribePublishedFileResult_t_RemoveCallResult
CRemoteStorageSubscribePublishedFileResult_t_SetCallResult
CRemoteStorageUnsubscribePublishedFileResult_t_RemoveCallResult
CRemoteStorageUnsubscribePublishedFileResult_t_SetCallResult
CRemoteStorageUpdatePublishedFileResult_t_RemoveCallResult
CRemoteStorageUpdatePublishedFileResult_t_SetCallResult
CRemoteStorageUpdateUserPublishedItemVoteResult_t_RemoveCallResult
CRemoteStorageUpdateUserPublishedItemVoteResult_t_SetCallResult
CRemoveAppDependencyResult_t_RemoveCallResult
CRemoveAppDependencyResult_t_SetCallResult
CRemoveUGCDependencyResult_t_RemoveCallResult
CRemoveUGCDependencyResult_t_SetCallResult
CSetPersonaNameResponse_t_RemoveCallResult
CSetPersonaNameResponse_t_SetCallResult
CSetUserItemVoteResult_t_RemoveCallResult
CSetUserItemVoteResult_t_SetCallResult
CStartPlaytimeTrackingResult_t_RemoveCallResult
CStartPlaytimeTrackingResult_t_SetCallResult
CSteamInventoryEligiblePromoItemDefIDs_t_RemoveCallResult
CSteamInventoryEligiblePromoItemDefIDs_t_SetCallResult
CSteamInventoryRequestPricesResult_t_RemoveCallResult
CSteamInventoryRequestPricesResult_t_SetCallResult
CSteamInventoryStartPurchaseResult_t_RemoveCallResult
CSteamInventoryStartPurchaseResult_t_SetCallResult
CSteamUGCQueryCompleted_t_RemoveCallResult
CSteamUGCQueryCompleted_t_SetCallResult
CStopPlaytimeTrackingResult_t_RemoveCallResult
CStopPlaytimeTrackingResult_t_SetCallResult
CStoreAuthURLResponse_t_RemoveCallResult
CStoreAuthURLResponse_t_SetCallResult
CSubmitItemUpdateResult_t_RemoveCallResult
CSubmitItemUpdateResult_t_SetCallResult
CUserFavoriteItemsListChanged_t_RemoveCallResult
CUserFavoriteItemsListChanged_t_SetCallResult
CUserStatsReceived_t_RemoveCallResult
CUserStatsReceived_t_RemoveCallback
CUserStatsReceived_t_SetCallResult
CUserStatsReceived_t_SetCallback
GetHSteamPipe
GetHSteamUser
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_ISteamAppList_GetAppBuildId
SteamAPI_ISteamAppList_GetAppInstallDir
SteamAPI_ISteamAppList_GetAppName
SteamAPI_ISteamAppList_GetInstalledApps
SteamAPI_ISteamAppList_GetNumInstalledApps
SteamAPI_ISteamApps_BGetDLCDataByIndex
SteamAPI_ISteamApps_BIsAppInstalled
SteamAPI_ISteamApps_BIsCybercafe
SteamAPI_ISteamApps_BIsDlcInstalled
SteamAPI_ISteamApps_BIsLowViolence
SteamAPI_ISteamApps_BIsSubscribed
SteamAPI_ISteamApps_BIsSubscribedApp
SteamAPI_ISteamApps_BIsSubscribedFromFamilySharing
SteamAPI_ISteamApps_BIsSubscribedFromFreeWeekend
SteamAPI_ISteamApps_BIsVACBanned
SteamAPI_ISteamApps_GetAppBuildId
SteamAPI_ISteamApps_GetAppInstallDir
SteamAPI_ISteamApps_GetAppOwner
SteamAPI_ISteamApps_GetAvailableGameLanguages
SteamAPI_ISteamApps_GetCurrentBetaName
SteamAPI_ISteamApps_GetCurrentGameLanguage
SteamAPI_ISteamApps_GetDLCCount
SteamAPI_ISteamApps_GetDlcDownloadProgress
SteamAPI_ISteamApps_GetEarliestPurchaseUnixTime
SteamAPI_ISteamApps_GetFileDetails
SteamAPI_ISteamApps_GetInstalledDepots
SteamAPI_ISteamApps_GetLaunchCommandLine
SteamAPI_ISteamApps_GetLaunchQueryParam
SteamAPI_ISteamApps_InstallDLC
SteamAPI_ISteamApps_MarkContentCorrupt
SteamAPI_ISteamApps_RequestAllProofOfPurchaseKeys
SteamAPI_ISteamApps_RequestAppProofOfPurchaseKey
SteamAPI_ISteamApps_UninstallDLC
SteamAPI_ISteamClient_BReleaseSteamPipe
SteamAPI_ISteamClient_BShutdownIfAllPipesClosed
SteamAPI_ISteamClient_ConnectToGlobalUser
SteamAPI_ISteamClient_CreateLocalUser
SteamAPI_ISteamClient_CreateSteamPipe
SteamAPI_ISteamClient_GetIPCCallCount
SteamAPI_ISteamClient_GetISteamAppList
SteamAPI_ISteamClient_GetISteamApps
SteamAPI_ISteamClient_GetISteamController
SteamAPI_ISteamClient_GetISteamFriends
SteamAPI_ISteamClient_GetISteamGameSearch
SteamAPI_ISteamClient_GetISteamGameServer
SteamAPI_ISteamClient_GetISteamGameServerStats
SteamAPI_ISteamClient_GetISteamGenericInterface
SteamAPI_ISteamClient_GetISteamHTMLSurface
SteamAPI_ISteamClient_GetISteamHTTP
SteamAPI_ISteamClient_GetISteamInput
SteamAPI_ISteamClient_GetISteamInventory
SteamAPI_ISteamClient_GetISteamMatchmaking
SteamAPI_ISteamClient_GetISteamMatchmakingServers
SteamAPI_ISteamClient_GetISteamMusic
SteamAPI_ISteamClient_GetISteamMusicRemote
SteamAPI_ISteamClient_GetISteamNetworking
SteamAPI_ISteamClient_GetISteamParentalSettings
SteamAPI_ISteamClient_GetISteamParties
SteamAPI_ISteamClient_GetISteamRemotePlay
SteamAPI_ISteamClient_GetISteamRemoteStorage
SteamAPI_ISteamClient_GetISteamScreenshots
SteamAPI_ISteamClient_GetISteamUGC
SteamAPI_ISteamClient_GetISteamUser
SteamAPI_ISteamClient_GetISteamUserStats
SteamAPI_ISteamClient_GetISteamUtils
SteamAPI_ISteamClient_GetISteamVideo
SteamAPI_ISteamClient_ReleaseUser
SteamAPI_ISteamClient_SetLocalIPBinding
SteamAPI_ISteamClient_SetWarningMessageHook
SteamAPI_ISteamController_ActivateActionSet
SteamAPI_ISteamController_ActivateActionSetLayer
SteamAPI_ISteamController_DeactivateActionSetLayer
SteamAPI_ISteamController_DeactivateAllActionSetLayers
SteamAPI_ISteamController_GetActionOriginFromXboxOrigin
SteamAPI_ISteamController_GetActionSetHandle
SteamAPI_ISteamController_GetActiveActionSetLayers
SteamAPI_ISteamController_GetAnalogActionData
SteamAPI_ISteamController_GetAnalogActionHandle
SteamAPI_ISteamController_GetAnalogActionOrigins
SteamAPI_ISteamController_GetConnectedControllers
SteamAPI_ISteamController_GetControllerBindingRevision
SteamAPI_ISteamController_GetControllerForGamepadIndex
SteamAPI_ISteamController_GetCurrentActionSet
SteamAPI_ISteamController_GetDigitalActionData
SteamAPI_ISteamController_GetDigitalActionHandle
SteamAPI_ISteamController_GetDigitalActionOrigins
SteamAPI_ISteamController_GetGamepadIndexForController
SteamAPI_ISteamController_GetGlyphForActionOrigin
SteamAPI_ISteamController_GetGlyphForXboxOrigin
SteamAPI_ISteamController_GetInputTypeForHandle
SteamAPI_ISteamController_GetMotionData
SteamAPI_ISteamController_GetStringForActionOrigin
SteamAPI_ISteamController_GetStringForXboxOrigin
SteamAPI_ISteamController_Init
SteamAPI_ISteamController_RunFrame
SteamAPI_ISteamController_SetLEDColor
SteamAPI_ISteamController_ShowBindingPanel
SteamAPI_ISteamController_Shutdown
SteamAPI_ISteamController_StopAnalogActionMomentum
SteamAPI_ISteamController_TranslateActionOrigin
SteamAPI_ISteamController_TriggerHapticPulse
SteamAPI_ISteamController_TriggerRepeatedHapticPulse
SteamAPI_ISteamController_TriggerVibration
SteamAPI_ISteamFriends_ActivateGameOverlay
SteamAPI_ISteamFriends_ActivateGameOverlayInviteDialog
SteamAPI_ISteamFriends_ActivateGameOverlayToStore
SteamAPI_ISteamFriends_ActivateGameOverlayToUser
SteamAPI_ISteamFriends_ActivateGameOverlayToWebPage
SteamAPI_ISteamFriends_ClearRichPresence
SteamAPI_ISteamFriends_CloseClanChatWindowInSteam
SteamAPI_ISteamFriends_DownloadClanActivityCounts
SteamAPI_ISteamFriends_EnumerateFollowingList
SteamAPI_ISteamFriends_GetChatMemberByIndex
SteamAPI_ISteamFriends_GetClanActivityCounts
SteamAPI_ISteamFriends_GetClanByIndex
SteamAPI_ISteamFriends_GetClanChatMemberCount
SteamAPI_ISteamFriends_GetClanChatMessage
SteamAPI_ISteamFriends_GetClanCount
SteamAPI_ISteamFriends_GetClanName
SteamAPI_ISteamFriends_GetClanOfficerByIndex
SteamAPI_ISteamFriends_GetClanOfficerCount
SteamAPI_ISteamFriends_GetClanOwner
SteamAPI_ISteamFriends_GetClanTag
SteamAPI_ISteamFriends_GetCoplayFriend
SteamAPI_ISteamFriends_GetCoplayFriendCount
SteamAPI_ISteamFriends_GetFollowerCount
SteamAPI_ISteamFriends_GetFriendByIndex
SteamAPI_ISteamFriends_GetFriendCoplayGame
SteamAPI_ISteamFriends_GetFriendCoplayTime
SteamAPI_ISteamFriends_GetFriendCount
SteamAPI_ISteamFriends_GetFriendCountFromSource
SteamAPI_ISteamFriends_GetFriendFromSourceByIndex
SteamAPI_ISteamFriends_GetFriendGamePlayed
SteamAPI_ISteamFriends_GetFriendMessage
SteamAPI_ISteamFriends_GetFriendPersonaName
SteamAPI_ISteamFriends_GetFriendPersonaNameHistory
SteamAPI_ISteamFriends_GetFriendPersonaState
SteamAPI_ISteamFriends_GetFriendRelationship
SteamAPI_ISteamFriends_GetFriendRichPresence
SteamAPI_ISteamFriends_GetFriendRichPresenceKeyByIndex
SteamAPI_ISteamFriends_GetFriendRichPresenceKeyCount
SteamAPI_ISteamFriends_GetFriendSteamLevel
SteamAPI_ISteamFriends_GetFriendsGroupCount
SteamAPI_ISteamFriends_GetFriendsGroupIDByIndex
SteamAPI_ISteamFriends_GetFriendsGroupMembersCount
SteamAPI_ISteamFriends_GetFriendsGroupMembersList
SteamAPI_ISteamFriends_GetFriendsGroupName
SteamAPI_ISteamFriends_GetLargeFriendAvatar
SteamAPI_ISteamFriends_GetMediumFriendAvatar
SteamAPI_ISteamFriends_GetNumChatsWithUnreadPriorityMessages
SteamAPI_ISteamFriends_GetPersonaName
SteamAPI_ISteamFriends_GetPersonaState
SteamAPI_ISteamFriends_GetPlayerNickname
SteamAPI_ISteamFriends_GetSmallFriendAvatar
SteamAPI_ISteamFriends_GetUserRestrictions
SteamAPI_ISteamFriends_HasFriend
SteamAPI_ISteamFriends_InviteUserToGame
SteamAPI_ISteamFriends_IsClanChatAdmin
SteamAPI_ISteamFriends_IsClanChatWindowOpenInSteam
SteamAPI_ISteamFriends_IsClanOfficialGameGroup
SteamAPI_ISteamFriends_IsClanPublic
SteamAPI_ISteamFriends_IsFollowing
SteamAPI_ISteamFriends_IsUserInSource
SteamAPI_ISteamFriends_JoinClanChatRoom
SteamAPI_ISteamFriends_LeaveClanChatRoom
SteamAPI_ISteamFriends_OpenClanChatWindowInSteam
SteamAPI_ISteamFriends_ReplyToFriendMessage
SteamAPI_ISteamFriends_RequestClanOfficerList
SteamAPI_ISteamFriends_RequestFriendRichPresence
SteamAPI_ISteamFriends_RequestUserInformation
SteamAPI_ISteamFriends_SendClanChatMessage
SteamAPI_ISteamFriends_SetInGameVoiceSpeaking
SteamAPI_ISteamFriends_SetListenForFriendsMessages
SteamAPI_ISteamFriends_SetPersonaName
SteamAPI_ISteamFriends_SetPlayedWith
SteamAPI_ISteamFriends_SetRichPresence
SteamAPI_ISteamGameSearch_AcceptGame
SteamAPI_ISteamGameSearch_AddGameSearchParams
SteamAPI_ISteamGameSearch_CancelRequestPlayersForGame
SteamAPI_ISteamGameSearch_DeclineGame
SteamAPI_ISteamGameSearch_EndGame
SteamAPI_ISteamGameSearch_EndGameSearch
SteamAPI_ISteamGameSearch_HostConfirmGameStart
SteamAPI_ISteamGameSearch_RequestPlayersForGame
SteamAPI_ISteamGameSearch_RetrieveConnectionDetails
SteamAPI_ISteamGameSearch_SearchForGameSolo
SteamAPI_ISteamGameSearch_SearchForGameWithLobby
SteamAPI_ISteamGameSearch_SetConnectionDetails
SteamAPI_ISteamGameSearch_SetGameHostParams
SteamAPI_ISteamGameSearch_SubmitPlayerResult
SteamAPI_ISteamGameServerStats_ClearUserAchievement
SteamAPI_ISteamGameServerStats_GetUserAchievement
SteamAPI_ISteamGameServerStats_GetUserStat
SteamAPI_ISteamGameServerStats_GetUserStat0
SteamAPI_ISteamGameServerStats_RequestUserStats
SteamAPI_ISteamGameServerStats_SetUserAchievement
SteamAPI_ISteamGameServerStats_SetUserStat
SteamAPI_ISteamGameServerStats_SetUserStat0
SteamAPI_ISteamGameServerStats_StoreUserStats
SteamAPI_ISteamGameServerStats_UpdateUserAvgRateStat
SteamAPI_ISteamGameServer_AssociateWithClan
SteamAPI_ISteamGameServer_BLoggedOn
SteamAPI_ISteamGameServer_BSecure
SteamAPI_ISteamGameServer_BUpdateUserData
SteamAPI_ISteamGameServer_BeginAuthSession
SteamAPI_ISteamGameServer_CancelAuthTicket
SteamAPI_ISteamGameServer_ClearAllKeyValues
SteamAPI_ISteamGameServer_ComputeNewPlayerCompatibility
SteamAPI_ISteamGameServer_CreateUnauthenticatedUserConnection
SteamAPI_ISteamGameServer_EnableHeartbeats
SteamAPI_ISteamGameServer_EndAuthSession
SteamAPI_ISteamGameServer_ForceHeartbeat
SteamAPI_ISteamGameServer_GetAuthSessionTicket
SteamAPI_ISteamGameServer_GetGameplayStats
SteamAPI_ISteamGameServer_GetNextOutgoingPacket
SteamAPI_ISteamGameServer_GetPublicIP
SteamAPI_ISteamGameServer_GetServerReputation
SteamAPI_ISteamGameServer_GetSteamID
SteamAPI_ISteamGameServer_HandleIncomingPacket
SteamAPI_ISteamGameServer_InitGameServer
SteamAPI_ISteamGameServer_LogOff
SteamAPI_ISteamGameServer_LogOn
SteamAPI_ISteamGameServer_LogOnAnonymous
SteamAPI_ISteamGameServer_RequestUserGroupStatus
SteamAPI_ISteamGameServer_SendUserConnectAndAuthenticate
SteamAPI_ISteamGameServer_SendUserDisconnect
SteamAPI_ISteamGameServer_SetBotPlayerCount
SteamAPI_ISteamGameServer_SetDedicatedServer
SteamAPI_ISteamGameServer_SetGameData
SteamAPI_ISteamGameServer_SetGameDescription
SteamAPI_ISteamGameServer_SetGameTags
SteamAPI_ISteamGameServer_SetHeartbeatInterval
SteamAPI_ISteamGameServer_SetKeyValue
SteamAPI_ISteamGameServer_SetMapName
SteamAPI_ISteamGameServer_SetMaxPlayerCount
SteamAPI_ISteamGameServer_SetModDir
SteamAPI_ISteamGameServer_SetPasswordProtected
SteamAPI_ISteamGameServer_SetProduct
SteamAPI_ISteamGameServer_SetRegion
SteamAPI_ISteamGameServer_SetServerName
SteamAPI_ISteamGameServer_SetSpectatorPort
SteamAPI_ISteamGameServer_SetSpectatorServerName
SteamAPI_ISteamGameServer_UserHasLicenseForApp
SteamAPI_ISteamGameServer_WasRestartRequested
SteamAPI_ISteamHTMLSurface_AddHeader
SteamAPI_ISteamHTMLSurface_AllowStartRequest
SteamAPI_ISteamHTMLSurface_CopyToClipboard
SteamAPI_ISteamHTMLSurface_CreateBrowser
SteamAPI_ISteamHTMLSurface_DestructISteamHTMLSurface
SteamAPI_ISteamHTMLSurface_ExecuteJavascript
SteamAPI_ISteamHTMLSurface_Find
SteamAPI_ISteamHTMLSurface_GetLinkAtPosition
SteamAPI_ISteamHTMLSurface_GoBack
SteamAPI_ISteamHTMLSurface_GoForward
SteamAPI_ISteamHTMLSurface_Init
SteamAPI_ISteamHTMLSurface_JSDialogResponse
SteamAPI_ISteamHTMLSurface_KeyChar
SteamAPI_ISteamHTMLSurface_KeyDown
SteamAPI_ISteamHTMLSurface_KeyUp
SteamAPI_ISteamHTMLSurface_LoadURL
SteamAPI_ISteamHTMLSurface_MouseDoubleClick
SteamAPI_ISteamHTMLSurface_MouseDown
SteamAPI_ISteamHTMLSurface_MouseMove
SteamAPI_ISteamHTMLSurface_MouseUp
SteamAPI_ISteamHTMLSurface_MouseWheel
SteamAPI_ISteamHTMLSurface_OpenDeveloperTools
SteamAPI_ISteamHTMLSurface_PasteFromClipboard
SteamAPI_ISteamHTMLSurface_Reload
SteamAPI_ISteamHTMLSurface_RemoveBrowser
SteamAPI_ISteamHTMLSurface_SetBackgroundMode
SteamAPI_ISteamHTMLSurface_SetCookie
SteamAPI_ISteamHTMLSurface_SetDPIScalingFactor
SteamAPI_ISteamHTMLSurface_SetHorizontalScroll
SteamAPI_ISteamHTMLSurface_SetKeyFocus
SteamAPI_ISteamHTMLSurface_SetPageScaleFactor
SteamAPI_ISteamHTMLSurface_SetSize
SteamAPI_ISteamHTMLSurface_SetVerticalScroll
SteamAPI_ISteamHTMLSurface_Shutdown
SteamAPI_ISteamHTMLSurface_StopFind
SteamAPI_ISteamHTMLSurface_StopLoad
SteamAPI_ISteamHTMLSurface_ViewSource
SteamAPI_ISteamHTTP_CreateCookieContainer
SteamAPI_ISteamHTTP_CreateHTTPRequest
SteamAPI_ISteamHTTP_DeferHTTPRequest
SteamAPI_ISteamHTTP_GetHTTPDownloadProgressPct
SteamAPI_ISteamHTTP_GetHTTPRequestWasTimedOut
SteamAPI_ISteamHTTP_GetHTTPResponseBodyData
SteamAPI_ISteamHTTP_GetHTTPResponseBodySize
SteamAPI_ISteamHTTP_GetHTTPResponseHeaderSize
SteamAPI_ISteamHTTP_GetHTTPResponseHeaderValue
SteamAPI_ISteamHTTP_GetHTTPStreamingResponseBodyData
SteamAPI_ISteamHTTP_PrioritizeHTTPRequest
SteamAPI_ISteamHTTP_ReleaseCookieContainer
SteamAPI_ISteamHTTP_ReleaseHTTPRequest
SteamAPI_ISteamHTTP_SendHTTPRequest
SteamAPI_ISteamHTTP_SendHTTPRequestAndStreamResponse
SteamAPI_ISteamHTTP_SetCookie
SteamAPI_ISteamHTTP_SetHTTPRequestAbsoluteTimeoutMS
SteamAPI_ISteamHTTP_SetHTTPRequestContextValue
SteamAPI_ISteamHTTP_SetHTTPRequestCookieContainer
SteamAPI_ISteamHTTP_SetHTTPRequestGetOrPostParameter
SteamAPI_ISteamHTTP_SetHTTPRequestHeaderValue
SteamAPI_ISteamHTTP_SetHTTPRequestNetworkActivityTimeout
SteamAPI_ISteamHTTP_SetHTTPRequestRawPostBody
SteamAPI_ISteamHTTP_SetHTTPRequestRequiresVerifiedCertificate
SteamAPI_ISteamHTTP_SetHTTPRequestUserAgentInfo
SteamAPI_ISteamInput_ActivateActionSet
SteamAPI_ISteamInput_ActivateActionSetLayer
SteamAPI_ISteamInput_DeactivateActionSetLayer
SteamAPI_ISteamInput_DeactivateAllActionSetLayers
SteamAPI_ISteamInput_GetActionOriginFromXboxOrigin
SteamAPI_ISteamInput_GetActionSetHandle
SteamAPI_ISteamInput_GetActiveActionSetLayers
SteamAPI_ISteamInput_GetAnalogActionData
SteamAPI_ISteamInput_GetAnalogActionHandle
SteamAPI_ISteamInput_GetAnalogActionOrigins
SteamAPI_ISteamInput_GetConnectedControllers
SteamAPI_ISteamInput_GetControllerForGamepadIndex
SteamAPI_ISteamInput_GetCurrentActionSet
SteamAPI_ISteamInput_GetDeviceBindingRevision
SteamAPI_ISteamInput_GetDigitalActionData
SteamAPI_ISteamInput_GetDigitalActionHandle
SteamAPI_ISteamInput_GetDigitalActionOrigins
SteamAPI_ISteamInput_GetGamepadIndexForController
SteamAPI_ISteamInput_GetGlyphForActionOrigin
SteamAPI_ISteamInput_GetGlyphForXboxOrigin
SteamAPI_ISteamInput_GetInputTypeForHandle
SteamAPI_ISteamInput_GetMotionData
SteamAPI_ISteamInput_GetRemotePlaySessionID
SteamAPI_ISteamInput_GetStringForActionOrigin
SteamAPI_ISteamInput_GetStringForXboxOrigin
SteamAPI_ISteamInput_Init
SteamAPI_ISteamInput_RunFrame
SteamAPI_ISteamInput_SetLEDColor
SteamAPI_ISteamInput_ShowBindingPanel
SteamAPI_ISteamInput_Shutdown
SteamAPI_ISteamInput_StopAnalogActionMomentum
SteamAPI_ISteamInput_TranslateActionOrigin
SteamAPI_ISteamInput_TriggerHapticPulse
SteamAPI_ISteamInput_TriggerRepeatedHapticPulse
SteamAPI_ISteamInput_TriggerVibration
SteamAPI_ISteamInventory_AddPromoItem
SteamAPI_ISteamInventory_AddPromoItems
SteamAPI_ISteamInventory_CheckResultSteamID
SteamAPI_ISteamInventory_ConsumeItem
SteamAPI_ISteamInventory_DeserializeResult
SteamAPI_ISteamInventory_DestroyResult
SteamAPI_ISteamInventory_ExchangeItems
SteamAPI_ISteamInventory_GenerateItems
SteamAPI_ISteamInventory_GetAllItems
SteamAPI_ISteamInventory_GetEligiblePromoItemDefinitionIDs
SteamAPI_ISteamInventory_GetItemDefinitionIDs
SteamAPI_ISteamInventory_GetItemDefinitionProperty
SteamAPI_ISteamInventory_GetItemPrice
SteamAPI_ISteamInventory_GetItemsByID
SteamAPI_ISteamInventory_GetItemsWithPrices
SteamAPI_ISteamInventory_GetNumItemsWithPrices
SteamAPI_ISteamInventory_GetResultItemProperty
SteamAPI_ISteamInventory_GetResultItems

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/x64/tradingnetworkingsockets.dll
.dll windows:6 windows x64 arch:x64

e917d42bcc53c047e3b944d762080d33

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:89:b3:bc:eb:44:09:89:0a:32:d7:19:76:b1:32:a4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

07/10/2021, 00:00

Not After

09/10/2024, 23:59

Subject

CN=Valve Corp.,O=Valve Corp.,L=Bellevue,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:8a:01:bb:57:5d:f5:1e:0c:89:2b:3d:f2:dd:29:b9:31:92:f0:e3
Signer

Actual PE Digest

fa:8a:01:bb:57:5d:f5:1e:0c:89:2b:3d:f2:dd:29:b9:31:92:f0:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
CloseHandle
RaiseException
GetLastError
SetEvent
WaitForSingleObject
CreateEventA
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
LocalFree
FormatMessageA
WideCharToMultiByte
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
TerminateProcess
HeapSize
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
GetFileSizeEx
GetFullPathNameW
SetEndOfFile
SetStdHandle
SetFilePointerEx
FlushFileBuffers
GetCurrentProcess
IsDebuggerPresent
GetCurrentDirectoryW
FindClose
FindFirstFileW
FindNextFileW
SetLastError
MultiByteToWideChar
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlVirtualUnwind
GetCurrentProcessId
GetSystemTimeAsFileTime
DeleteFiber
ConvertFiberToThread
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
WaitForSingleObjectEx
GetExitCodeThread
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
EncodePointer
DecodePointer
GetCPInfo
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ReadFile
SetEnvironmentVariableW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetConsoleOutputCP
ExitProcess
SetConsoleCtrlHandler
GetModuleFileNameW
HeapFree
HeapAlloc
HeapReAlloc
CompareStringW
LCMapStringW

ws2_32

WSASendTo
WSAEventSelect
WSAEnumNetworkEvents
WSAGetLastError
getaddrinfo
socket
setsockopt
recvfrom
ntohl
htonl
getsockname
freeaddrinfo
gethostname
WSACleanup
ioctlsocket
closesocket
bind
WSAStartup
recv
send
WSASetLastError

winmm

timeBeginPeriod
timeEndPeriod

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource

Exports

Exports

SteamDatagramClient_Init
SteamDatagramClient_InitSteam_InternalV1
SteamDatagramClient_Kill
SteamDatagramClient_SetCredentialsDurableCacheCallbacks
SteamDatagramServer_Init
SteamDatagramServer_InitSteam_InternalV1
SteamDatagramServer_Kill
SteamDatagram_GetNetworkConfigURL
SteamDatagram_Internal_SteamAPIKludge
SteamDatagram_SetAppID
SteamDatagram_SetNetworkConfig
SteamDatagram_SetUniverse
SteamGameServerNetworkingMessages_LibV2
SteamGameServerNetworkingSockets_LibV12
SteamNetworkingIPAddr_GetFakeIPType
SteamNetworkingIPAddr_ParseString
SteamNetworkingIPAddr_ToString
SteamNetworkingIdentity_ParseString
SteamNetworkingIdentity_ToString
SteamNetworkingMessages_LibV2
SteamNetworkingSockets_DefaultPreFormatDebugOutputHandler
SteamNetworkingSockets_LibV12
SteamNetworkingSockets_Poll
SteamNetworkingSockets_SetEnvironmentVariable
SteamNetworkingSockets_SetLockAcquiredCallback
SteamNetworkingSockets_SetLockHeldCallback
SteamNetworkingSockets_SetLockWaitWarningThreshold
SteamNetworkingSockets_SetManualPollMode
SteamNetworkingSockets_SetPreFormatDebugOutputHandler
SteamNetworkingSockets_SetServiceThreadInitCallback
SteamNetworkingUtils_GetIPv4FakeIPType
SteamNetworkingUtils_LibV4

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 885KB - Virtual size: 884KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/x86/AbRoot.dll
.dll windows:6 windows x64 arch:x64

4a5f3c3aa39a4e0497dff0471239d5f9

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

31:2d:0c:97:cc:ba:c2:81:b3:1b:a6:76:b9:dd:dc:6b:20:de:64:ee:77:34:c1:91:30:07:cb:95:ea:90:ee:28
Signer

Actual PE Digest

31:2d:0c:97:cc:ba:c2:81:b3:1b:a6:76:b9:dd:dc:6b:20:de:64:ee:77:34:c1:91:30:07:cb:95:ea:90:ee:28

Digest Algorithm

sha256

PE Digest Matches

true

1a:bd:90:c9:f7:38:de:94:47:52:67:07:37:e3:1d:20:9e:cc:94:f0
Signer

Actual PE Digest

1a:bd:90:c9:f7:38:de:94:47:52:67:07:37:e3:1d:20:9e:cc:94:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
FormatMessageW
GetProcAddress
LoadLibraryExW
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetLastError
OutputDebugStringW
HeapAlloc
DeleteCriticalSection
GetProcessHeap
CreateEventExW
WaitForMultipleObjectsEx
SetEvent
CloseHandle
DecodePointer
InitializeSRWLock
TryAcquireSRWLockShared
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

vcruntime140

_CxxThrowException
__C_specific_handler
memset
__std_type_info_destroy_list
memmove
__current_exception_context
__current_exception
_SetWinRTOutOfMemoryExceptionCallback
__GetPlatformExceptionInfo
__std_exception_copy
__std_exception_destroy
__std_terminate
_purecall
__CxxFrameHandler3
memcpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_invoke_watson
__p___wargv
__p___argc
_invalid_parameter_noinfo_noreturn
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_configure_wide_argv
_register_onexit_function
_execute_onexit_table
_initterm_e
_initterm
_cexit
_crt_atexit

api-ms-win-crt-heap-l1-1-0

_aligned_offset_malloc
_aligned_free
free
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

wcscpy_s

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

ole32

CoTaskMemAlloc
CoGetApartmentType
CoMarshalInterThreadInterfaceInStream
CoAddRefServerProcess
CoGetContextToken
CoGetInterfaceAndReleaseStream
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoReleaseServerProcess
CoGetObjectContext

oleaut32

SysAllocStringLen
SysFreeString

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsDeleteString
WindowsCompareStringOrdinal
WindowsIsStringEmpty
WindowsDuplicateString
WindowsStringHasEmbeddedNull
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
GetRestrictedErrorInfo
RoTransformError
RoOriginateError

api-ms-win-core-winrt-l1-1-0

RoRegisterForApartmentShutdown
RoUnregisterForApartmentShutdown
RoGetActivationFactory
RoGetApartmentIdentifier
RoInitialize
RoUninitialize
RoRevokeActivationFactories
RoRegisterActivationFactories

api-ms-win-crt-math-l1-1-0

ceilf

Exports

Exports

?<Dispose>@Exception@Platform@@UE$AAAXXZ
?<Dispose>@String@Platform@@UE$AAAXXZ
?<Dispose>@Type@Platform@@UE$AAAXXZ
??0AccessDeniedException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0AccessDeniedException@Platform@@QE$AAA@XZ
??0Attribute@Metadata@Platform@@QE$AAA@XZ
??0Boolean@Platform@@QEAA@_N@Z
??0COMException@Platform@@QE$AAA@H@Z
??0COMException@Platform@@QE$AAA@HPE$AAVString@1@@Z
??0ChangedStateException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0ChangedStateException@Platform@@QE$AAA@XZ
??0ClassNotRegisteredException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0ClassNotRegisteredException@Platform@@QE$AAA@XZ
??0Delegate@Platform@@QE$AAA@XZ
??0DisconnectedException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0DisconnectedException@Platform@@QE$AAA@XZ
??0Enum@Platform@@QE$AAA@XZ
??0Exception@Platform@@QE$AAA@H@Z
??0Exception@Platform@@QE$AAA@HPE$AAVString@1@@Z
??0FailureException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0FailureException@Platform@@QE$AAA@XZ
??0GridLength@Xaml@UI@Windows@@QEAA@NW4GridUnitType@123@@Z
??0IntPtr@Platform@@QEAA@H@Z
??0IntPtr@Platform@@QEAA@PEAX@Z
??0InvalidArgumentException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0InvalidArgumentException@Platform@@QE$AAA@XZ
??0InvalidCastException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0InvalidCastException@Platform@@QE$AAA@XZ
??0MTAThreadAttribute@Platform@@QE$AAA@XZ
??0NotImplementedException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0NotImplementedException@Platform@@QE$AAA@XZ
??0NullReferenceException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0NullReferenceException@Platform@@QE$AAA@XZ
??0Object@Platform@@QE$AAA@XZ
??0ObjectDisposedException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0ObjectDisposedException@Platform@@QE$AAA@XZ
??0OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAA@XZ
??0OperationCanceledException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0OperationCanceledException@Platform@@QE$AAA@XZ
??0OutOfBoundsException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0OutOfBoundsException@Platform@@QE$AAA@XZ
??0OutOfMemoryException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0OutOfMemoryException@Platform@@QE$AAA@XZ
??0Rect@Foundation@Windows@@QEAA@VPoint@12@0@Z
??0Rect@Foundation@Windows@@QEAA@VPoint@12@VSize@12@@Z
??0RepeatBehavior@Animation@Media@Xaml@UI@Windows@@QEAA@N@Z
??0STAThreadAttribute@Platform@@QE$AAA@XZ
??0SizeT@Platform@@QEAA@H@Z
??0SizeT@Platform@@QEAA@PEAX@Z
??0Type@Platform@@QE$AAA@PE$AAVObject@1@@Z
??0Type@Platform@@QE$AAA@VIntPtr@1@@Z
??0Type@Platform@@QE$AAA@VTypeName@Interop@Xaml@UI@Windows@@@Z
??0ValueType@Platform@@QE$AAA@XZ
??0WrongThreadException@Platform@@QE$AAA@PE$AAVString@1@@Z
??0WrongThreadException@Platform@@QE$AAA@XZ
??0char16@default@@QEAA@_W@Z
??0float32@default@@QEAA@M@Z
??0float64@default@@QEAA@N@Z
??0int16@default@@QEAA@F@Z
??0int32@default@@QEAA@H@Z
??0int64@default@@QEAA@_J@Z
??0int8@default@@QEAA@C@Z
??0uint16@default@@QEAA@G@Z
??0uint32@default@@QEAA@I@Z
??0uint64@default@@QEAA@_K@Z
??0uint8@default@@QEAA@E@Z
??BIntPtr@Platform@@SA?AV01@H@Z
??BIntPtr@Platform@@SA?AV01@PEAX@Z
??BIntPtr@Platform@@SAPEAXV01@@Z
??BType@Platform@@SA?AVTypeName@Interop@Xaml@UI@Windows@@PE$AAV01@@Z
??BType@Platform@@SAPE$AAV01@VTypeName@Interop@Xaml@UI@Windows@@@Z
??DMatrix3D@Media3D@Media@Xaml@UI@Windows@@SA?AV012345@V012345@0@Z
??GDuration@Xaml@UI@Windows@@SA?AV0123@V0123@0@Z
??HDuration@Xaml@UI@Windows@@SA?AV0123@V0123@0@Z
??MDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
??NDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
??ODuration@Xaml@UI@Windows@@SA_NV0123@0@Z
??PDuration@Xaml@UI@Windows@@SA_NV0123@0@Z
?AlignedAllocate@Heap@Details@Platform@@SAPEAX_K00@Z
?AlignedAllocate@Heap@Details@Platform@@SAPEAX_K0@Z
?AlignedAllocateException@Heap@Details@Platform@@SAPEAX_K00@Z
?AlignedAllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?AlignedFree@Heap@Details@Platform@@SAXPEAX@Z
?AlignedFreeException@Heap@Details@Platform@@SAXPEAX@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K0@Z
?Allocate@Heap@Details@Platform@@SAPEAX_K@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K0@Z
?AllocateException@Heap@Details@Platform@@SAPEAX_K@Z
?Compare@Duration@Xaml@UI@Windows@@SAHV1234@0@Z
?Contains@Rect@Foundation@Windows@@QEAA_NVPoint@23@@Z
?CreateException@Exception@Platform@@SAPE$AAV12@H@Z
?CreateException@Exception@Platform@@SAPE$AAV12@HPE$AAVString@2@@Z
?CreateValue@Details@Platform@@YAPE$AAVObject@2@W4TypeCode@2@PEBX@Z
?EnableFactoryCache@@YAXXZ
?EnumerateAllocatedObjects@Heap@Details@Platform@@SAXPE$AAVHeapEntryHandler@23@@Z
?Equals@Attribute@Metadata@Platform@@QE$AAA_NPE$AAVObject@3@@Z
?Equals@Boolean@Platform@@QEAA_NPE$AAVObject@2@@Z
?Equals@Delegate@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@Enum@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@Exception@Platform@@UE$AAA_NPE$AAVObject@2@@Z
?Equals@MTAThreadAttribute@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@Object@Platform@@QE$AAA_NPE$AAV12@@Z
?Equals@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAA_NPE$AAVObject@4@@Z
?Equals@STAThreadAttribute@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@Type@Platform@@UE$AAA_NPE$AAVObject@2@@Z
?Equals@ValueType@Platform@@QE$AAA_NPE$AAVObject@2@@Z
?Equals@char16@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@float32@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@float64@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@int16@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@int32@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@int64@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@int8@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@uint16@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@uint32@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@uint64@default@@QEAA_NPE$AAVObject@Platform@@@Z
?Equals@uint8@default@@QEAA_NPE$AAVObject@Platform@@@Z
?EventSourceAdd@Details@Platform@@YA?AVEventRegistrationToken@Foundation@Windows@@PEAPEAXPEAUEventLock@12@PE$AAVDelegate@2@@Z
?EventSourceGetTargetArray@Details@Platform@@YAPEAXPEAXPEAUEventLock@12@@Z
?EventSourceGetTargetArrayEvent@Details@Platform@@YAPEAXPEAXIPEBXPEA_J@Z
?EventSourceGetTargetArraySize@Details@Platform@@YAIPEAX@Z
?EventSourceInitialize@Details@Platform@@YAXPEAPEAX@Z
?EventSourceRemove@Details@Platform@@YAXPEAPEAXPEAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
?EventSourceUninitialize@Details@Platform@@YAXPEAPEAX@Z
?FlushFactoryCache@@YAXXZ
?Free@Heap@Details@Platform@@SAXPEAX@Z
?FreeException@Heap@Details@Platform@@SAXPEAX@Z
?GetActivationFactory@Details@Platform@@YAJPEAVModuleBase@1WRL@Microsoft@@PEAUHSTRING__@@PEAPEAUIActivationFactory@@@Z
?GetActivationFactoryByPCWSTR@@YAJPEAXAEAVGuid@Platform@@PEAPEAX@Z
?GetCmdArguments@Details@Platform@@YAPEAPEA_WPEAH@Z
?GetHashCode@Attribute@Metadata@Platform@@QE$AAAHXZ
?GetHashCode@Boolean@Platform@@QEAAHXZ
?GetHashCode@Delegate@Platform@@QE$AAAHXZ
?GetHashCode@Enum@Platform@@QE$AAAHXZ
?GetHashCode@Exception@Platform@@UE$AAAHXZ
?GetHashCode@Guid@Platform@@QEAAHXZ
?GetHashCode@MTAThreadAttribute@Platform@@QE$AAAHXZ
?GetHashCode@Object@Platform@@QE$AAAHXZ
?GetHashCode@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAAHXZ
?GetHashCode@STAThreadAttribute@Platform@@QE$AAAHXZ
?GetHashCode@Type@Platform@@UE$AAAHXZ
?GetHashCode@ValueType@Platform@@QE$AAAHXZ
?GetHashCode@char16@default@@QEAAHXZ
?GetHashCode@float32@default@@QEAAHXZ
?GetHashCode@float64@default@@QEAAHXZ
?GetHashCode@int16@default@@QEAAHXZ
?GetHashCode@int32@default@@QEAAHXZ
?GetHashCode@int64@default@@QEAAHXZ
?GetHashCode@int8@default@@QEAAHXZ
?GetHashCode@uint16@default@@QEAAHXZ
?GetHashCode@uint32@default@@QEAAHXZ
?GetHashCode@uint64@default@@QEAAHXZ
?GetHashCode@uint8@default@@QEAAHXZ
?GetIBoxArrayVtable@Details@Platform@@YAPEAXPEAX@Z
?GetIBoxVtable@Details@Platform@@YAPEAXPEAX@Z
?GetIidsFn@@YAJHPEAKPEBU__s_GUID@@PEAPEAVGuid@Platform@@@Z
?GetObjectContext@Details@Platform@@YAPEAUIUnknown@@XZ
?GetProxyImpl@Details@Platform@@YAJPEAUIUnknown@@AEBU_GUID@@0PEAPEAU3@@Z
?GetType@Boolean@Platform@@QEAAPE$AAVType@2@XZ
?GetType@Guid@Platform@@QEAAPE$AAVType@2@XZ
?GetType@Object@Platform@@QE$AAAPE$AAVType@2@XZ
?GetType@char16@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@float32@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@float64@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@int16@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@int32@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@int64@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@int8@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@uint16@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@uint32@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@uint64@default@@QEAAPE$AAVType@Platform@@XZ
?GetType@uint8@default@@QEAAPE$AAVType@Platform@@XZ
?GetTypeCode@Type@Platform@@SA?AW4TypeCode@2@PE$AAV12@@Z
?GetWeakReference@Details@Platform@@YAPEAU__abi_IUnknown@@QE$ADVObject@2@@Z
?InitControlBlock@ControlBlock@Details@Platform@@AEAAXPEAX_N11@Z
?InitializeData@Details@Platform@@YAJH@Z
?Intersect@Rect@Foundation@Windows@@QEAAXV123@@Z
?IntersectsWith@Rect@Foundation@Windows@@QEAA_NV123@@Z
?Invert@Matrix3D@Media3D@Media@Xaml@UI@Windows@@QEAAXXZ
?ReCreateException@Exception@Platform@@SAPE$AAV12@H@Z
?ReferenceEquals@Object@Platform@@SA_NPE$AAV12@0@Z
?ReferenceEquals@Object@Platform@@SA_NPE$AAVString@2@0@Z
?RegisterFactories@Details@Platform@@YAPE$AAVObject@2@PEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@P6AXXZ@Z
?ReleaseInContextImpl@Details@Platform@@YAJPEAUIUnknown@@0@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AEAAXXZ
?ResolveWeakReference@Details@Platform@@YAPE$AAVObject@2@AEBU_GUID@@PEAPEAU__abi_IUnknown@@@Z
?RunApplicationServer@Details@Platform@@YAXPEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@PEB_W@Z
?RunServer@Details@Platform@@YAXPEAPEAVModuleBase@1WRL@Microsoft@@PEAPEAU__abi_Module@@PEB_W@Z
?TerminateModule@Details@Platform@@YA_NPEAVModuleBase@1WRL@Microsoft@@@Z
?ToInt32@IntPtr@Platform@@QEAAHXZ
?ToString@Attribute@Metadata@Platform@@QE$AAAPE$AAVString@3@XZ
?ToString@Boolean@Platform@@QEAAPE$AAVString@2@XZ
?ToString@Delegate@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@Enum@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@Exception@Platform@@UE$AAAPE$AAVString@2@XZ
?ToString@Guid@Platform@@QEAAPE$AAVString@2@XZ
?ToString@MTAThreadAttribute@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@OnePhaseConstructedAttribute@CompilerServices@Runtime@Platform@@QE$AAAPE$AAVString@4@XZ
?ToString@STAThreadAttribute@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@Type@Platform@@UE$AAAPE$AAVString@2@XZ
?ToString@ValueType@Platform@@QE$AAAPE$AAVString@2@XZ
?ToString@char16@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@float32@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@float64@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int16@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int32@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int64@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@int8@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint16@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint32@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint64@default@@QEAAPE$AAVString@Platform@@XZ
?ToString@uint8@default@@QEAAPE$AAVString@Platform@@XZ
?UninitializeData@Details@Platform@@YAXH@Z
?Union@Rect@Foundation@Windows@@QEAAXV123@@Z
?Union@Rect@Foundation@Windows@@QEAAXVPoint@23@@Z
?WriteLine@Console@Details@Platform@@SAXPE$AAVObject@3@@Z
?WriteLine@Console@Details@Platform@@SAXPE$AAVString@3@@Z
?WriteLine@Console@Details@Platform@@SAXXZ
?__abi_FailFast@@YAXXZ
?__abi_ObjectToString@__abi_details@@YAPE$AAVString@Platform@@PE$AAVObject@3@_N@Z
?__abi_Resolve@ControlBlock@Details@Platform@@UEAAJAEAVGuid@3@PEAPEAU__abi_IInspectable@@@Z
?__abi_WinRTraiseAccessDeniedException@@YAXXZ
?__abi_WinRTraiseCOMException@@YAXJ@Z
?__abi_WinRTraiseChangedStateException@@YAXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YAXXZ
?__abi_WinRTraiseDisconnectedException@@YAXXZ
?__abi_WinRTraiseFailureException@@YAXXZ
?__abi_WinRTraiseInvalidArgumentException@@YAXXZ
?__abi_WinRTraiseInvalidCastException@@YAXXZ
?__abi_WinRTraiseNotImplementedException@@YAXXZ
?__abi_WinRTraiseNullReferenceException@@YAXXZ
?__abi_WinRTraiseObjectDisposedException@@YAXXZ
?__abi_WinRTraiseOperationCanceledException@@YAXXZ
?__abi_WinRTraiseOutOfBoundsException@@YAXXZ
?__abi_WinRTraiseOutOfMemoryException@@YAXXZ
?__abi_WinRTraiseWrongThreadException@@YAXXZ
?__abi_cast_Object_to_String@__abi_details@@YAPE$AAVString@Platform@@_NPE$AAVObject@3@@Z
?__abi_cast_String_to_Object@__abi_details@@YAPE$AAVObject@Platform@@PE$AAVString@3@@Z
?__abi_make_type_id@@YAPE$AAVType@Platform@@AEBU__abi_type_descriptor@@@Z
?__abi_translateCurrentException@@YAJ_N@Z
?__getActivationFactoryByHSTRING@@YAJPEAUHSTRING__@@AEAVGuid@Platform@@PEAPEAX@Z
?get@Bottom@Rect@Foundation@Windows@@QEAAMXZ
?get@BreakOnAllocationId@Heap@Details@Platform@@SAHXZ
?get@BreakOnFreeId@Heap@Details@Platform@@SAHXZ
?get@CurrentAllocationId@Heap@Details@Platform@@SAHXZ
?get@Empty@Rect@Foundation@Windows@@SA?AV234@XZ
?get@Empty@Size@Foundation@Windows@@SA?AV234@XZ
?get@FullName@Type@Platform@@QE$AAAPE$AAVString@3@XZ
?get@HasInverse@Matrix3D@Media3D@Media@Xaml@UI@Windows@@QEAA_NXZ
?get@Message@Exception@Platform@@QE$AAAPE$AAVString@3@XZ
?get@ObjectCount@Heap@Details@Platform@@SAHXZ
?get@Right@Rect@Foundation@Windows@@QEAAMXZ
?get@TrackingLevel@Heap@Details@Platform@@SA?AW4HeapAllocationTrackingLevel@34@XZ
?set@BreakOnAllocationId@Heap@Details@Platform@@SAXH@Z
?set@BreakOnFreeId@Heap@Details@Platform@@SAXH@Z
?set@TrackingLevel@Heap@Details@Platform@@SAXW4HeapAllocationTrackingLevel@34@@Z

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-core-profile-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5f:3f:72:a9:0d:1b:b9:0f:31:df:c3:c2:81:ef:56:73:e3:d5:f3:b0:6f:40:dd:85:41:eb:20:5b:73:f5:08:f1
Signer

Actual PE Digest

5f:3f:72:a9:0d:1b:b9:0f:31:df:c3:c2:81:ef:56:73:e3:d5:f3:b0:6f:40:dd:85:41:eb:20:5b:73:f5:08:f1

Digest Algorithm

sha256

PE Digest Matches

true

c2:52:7c:b8:6d:76:c7:79:18:1c:fc:56:30:40:6f:11:ca:31:69:36
Signer

Actual PE Digest

c2:52:7c:b8:6d:76:c7:79:18:1c:fc:56:30:40:6f:11:ca:31:69:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

QueryPerformanceCounter
QueryPerformanceFrequency

Sections

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-core-rtlsupport-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f5:ec:83:e1:f0:57:33:6d:ea:35:e3:a0:f2:f4:79:ec:45:81:9f:2e:35:73:b2:e7:8a:eb:de:11:f4:80:c9:5d
Signer

Actual PE Digest

f5:ec:83:e1:f0:57:33:6d:ea:35:e3:a0:f2:f4:79:ec:45:81:9f:2e:35:73:b2:e7:8a:eb:de:11:f4:80:c9:5d

Digest Algorithm

sha256

PE Digest Matches

true

64:e9:ed:cc:72:0c:b7:d1:30:dc:d9:d9:69:a4:24:77:16:31:95:79
Signer

Actual PE Digest

64:e9:ed:cc:72:0c:b7:d1:30:dc:d9:d9:69:a4:24:77:16:31:95:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

RtlAddFunctionTable
RtlCaptureContext
RtlCaptureStackBackTrace
RtlCompareMemory
RtlDeleteFunctionTable
RtlInstallFunctionTableCallback
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlRaiseException
RtlRestoreContext
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-core-string-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:f7:59:ab:ab:36:6b:42:ba:c7:18:ac:2c:aa:8b:7d:2a:a3:03:60:d7:f7:eb:e4:3f:1e:80:a0:b4:c0:6d:a0
Signer

Actual PE Digest

23:f7:59:ab:ab:36:6b:42:ba:c7:18:ac:2c:aa:8b:7d:2a:a3:03:60:d7:f7:eb:e4:3f:1e:80:a0:b4:c0:6d:a0

Digest Algorithm

sha256

PE Digest Matches

true

a4:dd:9d:4f:3d:e2:1f:37:9b:d2:36:25:fb:92:c5:dc:63:08:f3:97
Signer

Actual PE Digest

a4:dd:9d:4f:3d:e2:1f:37:9b:d2:36:25:fb:92:c5:dc:63:08:f3:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

CompareStringEx
CompareStringOrdinal
CompareStringW
FoldStringW
GetStringTypeExW
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

Sections

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-core-synch-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bd:2e:df:93:66:8f:63:8d:ba:91:83:45:84:44:22:43:bd:1e:59:5d:5b:63:12:fb:df:3e:63:d0:62:f9:c6:7e
Signer

Actual PE Digest

bd:2e:df:93:66:8f:63:8d:ba:91:83:45:84:44:22:43:bd:1e:59:5d:5b:63:12:fb:df:3e:63:d0:62:f9:c6:7e

Digest Algorithm

sha256

PE Digest Matches

true

63:1f:d0:c3:03:31:f9:92:bc:68:de:99:6a:f4:ce:2a:06:6a:59:bf
Signer

Actual PE Digest

63:1f:d0:c3:03:31:f9:92:bc:68:de:99:6a:f4:ce:2a:06:6a:59:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

AcquireSRWLockExclusive
AcquireSRWLockShared
CancelWaitableTimer
CreateEventA
CreateEventExA
CreateEventExW
CreateEventW
CreateMutexA
CreateMutexExA
CreateMutexExW
CreateMutexW
CreateSemaphoreExW
CreateWaitableTimerExW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSRWLock
LeaveCriticalSection
OpenEventA
OpenEventW
OpenMutexW
OpenSemaphoreW
OpenWaitableTimerW
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ResetEvent
SetCriticalSectionSpinCount
SetEvent
SetWaitableTimer
SetWaitableTimerEx
SleepEx
TryAcquireSRWLockExclusive
TryAcquireSRWLockShared
TryEnterCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-core-synch-l1-2-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d5:7a:e9:28:76:29:a9:dd:7e:32:0b:ca:61:66:77:95:fc:93:7b:de:af:79:0e:5c:cf:df:10:01:19:98:22:76
Signer

Actual PE Digest

d5:7a:e9:28:76:29:a9:dd:7e:32:0b:ca:61:66:77:95:fc:93:7b:de:af:79:0e:5c:cf:df:10:01:19:98:22:76

Digest Algorithm

sha256

PE Digest Matches

true

75:ed:b7:f2:16:e8:88:7f:f3:08:76:dc:5d:c9:7c:2a:e4:6c:42:f4
Signer

Actual PE Digest

75:ed:b7:f2:16:e8:88:7f:f3:08:76:dc:5d:c9:7c:2a:e4:6c:42:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

DeleteSynchronizationBarrier
EnterSynchronizationBarrier
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeSynchronizationBarrier
SignalObjectAndWait
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
WaitOnAddress
WakeAllConditionVariable
WakeByAddressAll
WakeByAddressSingle
WakeConditionVariable

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-core-sysinfo-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:27:75:72:0b:20:29:90:7d:8c:9e:91:41:f4:60:f6:13:7f:23:e6:db:39:b5:52:53:24:b2:ff:c5:aa:82:6c
Signer

Actual PE Digest

12:27:75:72:0b:20:29:90:7d:8c:9e:91:41:f4:60:f6:13:7f:23:e6:db:39:b5:52:53:24:b2:ff:c5:aa:82:6c

Digest Algorithm

sha256

PE Digest Matches

true

cb:85:e7:0e:53:77:0d:c1:23:1e:66:5c:b5:7f:87:65:9a:ef:64:d1
Signer

Actual PE Digest

cb:85:e7:0e:53:77:0d:c1:23:1e:66:5c:b5:7f:87:65:9a:ef:64:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

GetComputerNameExA
GetComputerNameExW
GetLocalTime
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetTickCount
GetTickCount64
GetVersion
GetVersionExA
GetVersionExW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalMemoryStatusEx
SetLocalTime

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-core-timezone-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:6e:05:70:ac:35:c5:e2:d4:9f:8e:22:79:f9:17:3e:2b:3a:d6:d9:78:48:5c:de:73:97:04:6d:84:13:14:35
Signer

Actual PE Digest

34:6e:05:70:ac:35:c5:e2:d4:9f:8e:22:79:f9:17:3e:2b:3a:d6:d9:78:48:5c:de:73:97:04:6d:84:13:14:35

Digest Algorithm

sha256

PE Digest Matches

true

79:39:32:96:a7:50:8e:b4:c7:6d:f9:16:21:28:3e:64:08:f9:7e:77
Signer

Actual PE Digest

79:39:32:96:a7:50:8e:b4:c7:6d:f9:16:21:28:3e:64:08:f9:7e:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

EnumDynamicTimeZoneInformation
FileTimeToSystemTime
GetDynamicTimeZoneInformation
GetDynamicTimeZoneInformationEffectiveYears
GetTimeZoneInformation
GetTimeZoneInformationForYear
SetDynamicTimeZoneInformation
SetTimeZoneInformation
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
SystemTimeToTzSpecificLocalTimeEx
TzSpecificLocalTimeToSystemTime
TzSpecificLocalTimeToSystemTimeEx

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-core-util-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:aa:33:af:38:5e:81:d6:7a:9d:39:f9:d7:b9:63:54:26:b3:cc:8e:4c:9c:e0:27:a7:6a:78:a9:3d:f9:8b:23
Signer

Actual PE Digest

66:aa:33:af:38:5e:81:d6:7a:9d:39:f9:d7:b9:63:54:26:b3:cc:8e:4c:9c:e0:27:a7:6a:78:a9:3d:f9:8b:23

Digest Algorithm

sha256

PE Digest Matches

true

30:50:36:e1:d2:8a:3a:ae:51:88:03:ee:e4:39:44:d8:86:85:29:de
Signer

Actual PE Digest

30:50:36:e1:d2:8a:3a:ae:51:88:03:ee:e4:39:44:d8:86:85:29:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

Beep
DecodePointer
DecodeSystemPointer
EncodePointer
EncodeSystemPointer

Sections

.rdata
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-conio-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d2:50:df:4e:50:dd:3b:af:f7:11:ea:2d:4b:2d:fb:a7:12:7b:a5:80:40:51:52:65:2f:89:14:79:4f:e7:7c:ba
Signer

Actual PE Digest

d2:50:df:4e:50:dd:3b:af:f7:11:ea:2d:4b:2d:fb:a7:12:7b:a5:80:40:51:52:65:2f:89:14:79:4f:e7:7c:ba

Digest Algorithm

sha256

PE Digest Matches

true

e1:e6:e3:77:f5:45:0f:39:9e:9f:35:cf:71:5a:fc:78:1f:bb:99:6c
Signer

Actual PE Digest

e1:e6:e3:77:f5:45:0f:39:9e:9f:35:cf:71:5a:fc:78:1f:bb:99:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

__conio_common_vcprintf
__conio_common_vcprintf_p
__conio_common_vcprintf_s
__conio_common_vcscanf
__conio_common_vcwprintf
__conio_common_vcwprintf_p
__conio_common_vcwprintf_s
__conio_common_vcwscanf
_cgets
_cgets_s
_cgetws
_cgetws_s
_cputs
_cputws
_getch
_getch_nolock
_getche
_getche_nolock
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_putch
_putch_nolock
_putwch
_putwch_nolock
_ungetch
_ungetch_nolock
_ungetwch
_ungetwch_nolock

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-convert-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

af:39:f7:9f:d5:a1:46:43:f5:a6:cd:a6:17:8d:2c:bc:99:5b:17:b6:f9:26:2b:86:77:07:e4:0f:72:7d:9f:44
Signer

Actual PE Digest

af:39:f7:9f:d5:a1:46:43:f5:a6:cd:a6:17:8d:2c:bc:99:5b:17:b6:f9:26:2b:86:77:07:e4:0f:72:7d:9f:44

Digest Algorithm

sha256

PE Digest Matches

true

6e:0c:10:bd:e8:f1:57:a4:46:f6:44:ba:7e:c8:8b:38:cd:fe:0e:9e
Signer

Actual PE Digest

6e:0c:10:bd:e8:f1:57:a4:46:f6:44:ba:7e:c8:8b:38:cd:fe:0e:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

__toascii
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_atoll_l
_ecvt
_ecvt_s
_fcvt
_fcvt_s
_gcvt
_gcvt_s
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_itoa
_itoa_s
_itow
_itow_s
_ltoa
_ltoa_s
_ltow
_ltow_s
_strtod_l
_strtof_l
_strtoi64
_strtoi64_l
_strtoimax_l
_strtol_l
_strtold_l
_strtoll_l
_strtoui64
_strtoui64_l
_strtoul_l
_strtoull_l
_strtoumax_l
_ui64toa
_ui64toa_s
_ui64tow
_ui64tow_s
_ultoa
_ultoa_s
_ultow
_ultow_s
_wcstod_l
_wcstof_l
_wcstoi64
_wcstoi64_l
_wcstoimax_l
_wcstol_l
_wcstold_l
_wcstoll_l
_wcstombs_l
_wcstombs_s_l
_wcstoui64
_wcstoui64_l
_wcstoul_l
_wcstoull_l
_wcstoumax_l
_wctomb_l
_wctomb_s_l
_wtof
_wtof_l
_wtoi
_wtoi64
_wtoi64_l
_wtoi_l
_wtol
_wtol_l
_wtoll
_wtoll_l
atof
atoi
atol
atoll
btowc
c16rtomb
c32rtomb
mbrtoc16
mbrtoc32
mbrtowc
mbsrtowcs
mbsrtowcs_s
mbstowcs
mbstowcs_s
mbtowc
strtod
strtof
strtoimax
strtol
strtold
strtoll
strtoul
strtoull
strtoumax
wcrtomb
wcrtomb_s
wcsrtombs
wcsrtombs_s
wcstod
wcstof
wcstoimax
wcstol
wcstold
wcstoll
wcstombs
wcstombs_s
wcstoul
wcstoull
wcstoumax
wctob
wctomb
wctomb_s
wctrans

Sections

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-environment-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:50:ab:7d:96:b1:03:e5:9c:33:57:e5:a2:a0:b0:20:c6:70:41:b6:fc:13:b7:33:4e:95:4a:ec:63:2c:b4:a8
Signer

Actual PE Digest

12:50:ab:7d:96:b1:03:e5:9c:33:57:e5:a2:a0:b0:20:c6:70:41:b6:fc:13:b7:33:4e:95:4a:ec:63:2c:b4:a8

Digest Algorithm

sha256

PE Digest Matches

true

c5:39:0c:5d:fd:6d:02:3f:78:e0:49:32:92:57:8b:49:82:d4:9a:26
Signer

Actual PE Digest

c5:39:0c:5d:fd:6d:02:3f:78:e0:49:32:92:57:8b:49:82:d4:9a:26

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

__p__environ
__p__wenviron
_dupenv_s
_putenv
_putenv_s
_searchenv
_searchenv_s
_wdupenv_s
_wgetcwd
_wgetdcwd
_wgetenv
_wgetenv_s
_wputenv
_wputenv_s
_wsearchenv
_wsearchenv_s
getenv
getenv_s

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-filesystem-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fc:47:2d:ca:6b:a1:9d:72:3c:5f:36:47:b3:d2:7a:57:1a:d1:90:9b:a8:d2:90:fd:0a:65:1c:c0:c9:09:c1:97
Signer

Actual PE Digest

fc:47:2d:ca:6b:a1:9d:72:3c:5f:36:47:b3:d2:7a:57:1a:d1:90:9b:a8:d2:90:fd:0a:65:1c:c0:c9:09:c1:97

Digest Algorithm

sha256

PE Digest Matches

true

f9:a5:18:70:cc:4c:b9:ed:b4:4d:b8:5d:43:4e:52:ff:7d:59:3a:56
Signer

Actual PE Digest

f9:a5:18:70:cc:4c:b9:ed:b4:4d:b8:5d:43:4e:52:ff:7d:59:3a:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

_access
_access_s
_chdir
_chdrive
_chmod
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_fullpath
_getdiskfree
_getdrive
_getdrives
_lock_file
_makepath
_makepath_s
_mkdir
_rmdir
_splitpath
_splitpath_s
_stat32
_stat32i64
_stat64
_stat64i32
_umask
_umask_s
_unlink
_unlock_file
_waccess
_waccess_s
_wchdir
_wchmod
_wfindfirst32
_wfindfirst32i64
_wfindfirst64
_wfindfirst64i32
_wfindnext32
_wfindnext32i64
_wfindnext64
_wfindnext64i32
_wfullpath
_wmakepath
_wmakepath_s
_wmkdir
_wremove
_wrename
_wrmdir
_wsplitpath
_wsplitpath_s
_wstat32
_wstat32i64
_wstat64
_wstat64i32
_wunlink
remove
rename

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-heap-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6e:d6:5e:72:3e:36:d8:eb:18:5a:15:7c:b7:d1:d7:a2:94:3a:0a:f8:1d:12:ef:82:99:65:78:35:67:28:54:40
Signer

Actual PE Digest

6e:d6:5e:72:3e:36:d8:eb:18:5a:15:7c:b7:d1:d7:a2:94:3a:0a:f8:1d:12:ef:82:99:65:78:35:67:28:54:40

Digest Algorithm

sha256

PE Digest Matches

true

14:b3:5f:6d:73:dc:fc:c0:a9:10:3a:cd:c2:7b:b5:5b:25:79:6e:80
Signer

Actual PE Digest

14:b3:5f:6d:73:dc:fc:c0:a9:10:3a:cd:c2:7b:b5:5b:25:79:6e:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_callnewh
_calloc_base
_expand
_free_base
_get_heap_handle
_heapchk
_heapmin
_heapwalk
_malloc_base
_msize
_query_new_handler
_query_new_mode
_realloc_base
_recalloc
_set_new_mode
calloc
free
malloc
realloc

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-locale-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5a:45:92:9b:72:0d:e4:40:22:56:a2:e1:f6:2a:62:af:87:6b:ea:09:d2:31:d1:f8:19:7d:a0:d3:5a:75:b8:04
Signer

Actual PE Digest

5a:45:92:9b:72:0d:e4:40:22:56:a2:e1:f6:2a:62:af:87:6b:ea:09:d2:31:d1:f8:19:7d:a0:d3:5a:75:b8:04

Digest Algorithm

sha256

PE Digest Matches

true

82:4d:d6:e4:c3:34:d8:4e:2e:38:55:84:0c:2d:a8:9f:20:c3:1b:a7
Signer

Actual PE Digest

82:4d:d6:e4:c3:34:d8:4e:2e:38:55:84:0c:2d:a8:9f:20:c3:1b:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

___lc_codepage_func
___lc_collate_cp_func
___lc_locale_name_func
___mb_cur_max_func
___mb_cur_max_l_func
__initialize_lconv_for_unsigned_char
__pctype_func
__pwctype_func
_configthreadlocale
_create_locale
_free_locale
_get_current_locale
_getmbcp
_lock_locales
_setmbcp
_unlock_locales
_wcreate_locale
_wsetlocale
localeconv
setlocale

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-math-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:0e:44:23:c0:fa:ef:3c:a2:b9:75:e9:78:49:ba:5a:76:a5:a1:f0:55:ca:52:1a:c2:9d:09:8f:b9:66:36:9d
Signer

Actual PE Digest

3a:0e:44:23:c0:fa:ef:3c:a2:b9:75:e9:78:49:ba:5a:76:a5:a1:f0:55:ca:52:1a:c2:9d:09:8f:b9:66:36:9d

Digest Algorithm

sha256

PE Digest Matches

true

33:29:11:ca:36:3c:eb:96:9c:d1:1e:07:b1:15:13:e0:5d:32:92:a8
Signer

Actual PE Digest

33:29:11:ca:36:3c:eb:96:9c:d1:1e:07:b1:15:13:e0:5d:32:92:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

_Cbuild
_Cmulcc
_Cmulcr
_FCbuild
_FCmulcc
_FCmulcr
_LCbuild
_LCmulcc
_LCmulcr
__setusermatherr
_cabs
_chgsign
_chgsignf
_copysign
_copysignf
_d_int
_dclass
_dexp
_dlog
_dnorm
_dpcomp
_dpoly
_dscale
_dsign
_dsin
_dtest
_dunscale
_except1
_fd_int
_fdclass
_fdexp
_fdlog
_fdnorm
_fdopen
_fdpcomp
_fdpoly
_fdscale
_fdsign
_fdsin
_fdtest
_fdunscale
_finite
_finitef
_fpclass
_fpclassf
_get_FMA3_enable
_hypot
_hypotf
_isnan
_isnanf
_j0
_j1
_jn
_ld_int
_ldclass
_ldexp
_ldlog
_ldpcomp
_ldpoly
_ldscale
_ldsign
_ldsin
_ldtest
_ldunscale
_logb
_logbf
_nextafter
_nextafterf
_scalb
_scalbf
_set_FMA3_enable
_y0
_y1
_yn
acos
acosf
acosh
acoshf
acoshl
asin
asinf
asinh
asinhf
asinhl
atan
atan2
atan2f
atanf
atanh
atanhf
atanhl
cabs
cabsf
cabsl
cacos
cacosf
cacosh
cacoshf
cacoshl
cacosl
carg
cargf
cargl
casin
casinf
casinh
casinhf
casinhl
casinl
catan
catanf
catanh
catanhf
catanhl
catanl
cbrt
cbrtf
cbrtl
ccos
ccosf
ccosh
ccoshf
ccoshl
ccosl
ceil
ceilf
cexp
cexpf
cexpl
cimag
cimagf
cimagl
clog
clog10
clog10f
clog10l
clogf
clogl
conj
conjf
conjl
copysign
copysignf
copysignl
cos
cosf
cosh
coshf
cpow
cpowf
cpowl
cproj
cprojf
cprojl
creal
crealf
creall
csin
csinf
csinh
csinhf
csinhl
csinl
csqrt
csqrtf
csqrtl
ctan
ctanf
ctanh
ctanhf
ctanhl
ctanl
erf
erfc
erfcf
erfcl
erff
erfl
exp
exp2
exp2f
exp2l
expf
expm1
expm1f
expm1l
fabs
fdim
fdimf
fdiml
floor
floorf
fma
fmaf
fmal
fmax
fmaxf
fmaxl
fmin
fminf
fminl
fmod
fmodf
frexp
hypot
ilogb
ilogbf
ilogbl
ldexp
lgamma
lgammaf
lgammal
llrint
llrintf
llrintl
llround
llroundf
llroundl
log
log10
log10f
log1p
log1pf
log1pl
log2
log2f
log2l
logb
logbf
logbl
logf
lrint
lrintf
lrintl
lround
lroundf
lroundl
modf
modff
nan
nanf
nanl
nearbyint
nearbyintf
nearbyintl
nextafter
nextafterf
nextafterl
nexttoward
nexttowardf
nexttowardl
norm
normf
norml
pow
powf
remainder
remainderf
remainderl
remquo
remquof
remquol
rint
rintf
rintl
round
roundf
roundl
scalbln
scalblnf
scalblnl
scalbn
scalbnf
scalbnl
sin
sinf
sinh
sinhf
sqrt
sqrtf
tan
tanf
tanh
tanhf
tgamma
tgammaf
tgammal
trunc
truncf
truncl

Sections

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-multibyte-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:80:01:b3:58:1c:85:61:5d:26:39:4b:bf:53:f3:3a:df:7e:95:a1:d9:b9:09:26:4e:2d:38:3c:fa:3d:ac:d8
Signer

Actual PE Digest

14:80:01:b3:58:1c:85:61:5d:26:39:4b:bf:53:f3:3a:df:7e:95:a1:d9:b9:09:26:4e:2d:38:3c:fa:3d:ac:d8

Digest Algorithm

sha256

PE Digest Matches

true

07:eb:e8:45:ea:ad:1d:74:5f:21:29:93:a5:86:52:10:29:e7:63:5d
Signer

Actual PE Digest

07:eb:e8:45:ea:ad:1d:74:5f:21:29:93:a5:86:52:10:29:e7:63:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

__p__mbcasemap
__p__mbctype
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbblank
_ismbbblank_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct
_ismbbkpunct_l
_ismbblead
_ismbblead_l
_ismbbprint
_ismbbprint_l
_ismbbpunct
_ismbbpunct_l
_ismbbtrail
_ismbbtrail_l
_ismbcalnum
_ismbcalnum_l
_ismbcalpha
_ismbcalpha_l
_ismbcblank
_ismbcblank_l
_ismbcdigit
_ismbcdigit_l
_ismbcgraph
_ismbcgraph_l
_ismbchira
_ismbchira_l
_ismbckata
_ismbckata_l
_ismbcl0
_ismbcl0_l
_ismbcl1
_ismbcl1_l
_ismbcl2
_ismbcl2_l
_ismbclegal
_ismbclegal_l
_ismbclower
_ismbclower_l
_ismbcprint
_ismbcprint_l
_ismbcpunct
_ismbcpunct_l
_ismbcspace
_ismbcspace_l
_ismbcsymbol
_ismbcsymbol_l
_ismbcupper
_ismbcupper_l
_ismbslead
_ismbslead_l
_ismbstrail
_ismbstrail_l
_mbbtombc
_mbbtombc_l
_mbbtype
_mbbtype_l
_mbcasemap
_mbccpy
_mbccpy_l
_mbccpy_s
_mbccpy_s_l
_mbcjistojms
_mbcjistojms_l
_mbcjmstojis
_mbcjmstojis_l
_mbclen
_mbclen_l
_mbctohira
_mbctohira_l
_mbctokata
_mbctokata_l
_mbctolower
_mbctolower_l
_mbctombb
_mbctombb_l
_mbctoupper
_mbctoupper_l
_mblen_l
_mbsbtype
_mbsbtype_l
_mbscat_s
_mbscat_s_l
_mbschr
_mbschr_l
_mbscmp
_mbscmp_l
_mbscoll
_mbscoll_l
_mbscpy_s
_mbscpy_s_l
_mbscspn
_mbscspn_l
_mbsdec
_mbsdec_l
_mbsdup
_mbsicmp
_mbsicmp_l
_mbsicoll
_mbsicoll_l
_mbsinc
_mbsinc_l
_mbslen
_mbslen_l
_mbslwr
_mbslwr_l
_mbslwr_s
_mbslwr_s_l
_mbsnbcat
_mbsnbcat_l
_mbsnbcat_s
_mbsnbcat_s_l
_mbsnbcmp
_mbsnbcmp_l
_mbsnbcnt
_mbsnbcnt_l
_mbsnbcoll
_mbsnbcoll_l
_mbsnbcpy
_mbsnbcpy_l
_mbsnbcpy_s
_mbsnbcpy_s_l
_mbsnbicmp
_mbsnbicmp_l
_mbsnbicoll
_mbsnbicoll_l
_mbsnbset
_mbsnbset_l
_mbsnbset_s
_mbsnbset_s_l
_mbsncat
_mbsncat_l
_mbsncat_s
_mbsncat_s_l
_mbsnccnt
_mbsnccnt_l
_mbsncmp
_mbsncmp_l
_mbsncoll
_mbsncoll_l
_mbsncpy
_mbsncpy_l
_mbsncpy_s
_mbsncpy_s_l
_mbsnextc
_mbsnextc_l
_mbsnicmp
_mbsnicmp_l
_mbsnicoll
_mbsnicoll_l
_mbsninc
_mbsninc_l
_mbsnlen
_mbsnlen_l
_mbsnset
_mbsnset_l
_mbsnset_s
_mbsnset_s_l
_mbspbrk
_mbspbrk_l
_mbsrchr
_mbsrchr_l
_mbsrev
_mbsrev_l
_mbsset
_mbsset_l
_mbsset_s
_mbsset_s_l
_mbsspn
_mbsspn_l
_mbsspnp
_mbsspnp_l
_mbsstr
_mbsstr_l
_mbstok
_mbstok_l
_mbstok_s
_mbstok_s_l
_mbstowcs_l
_mbstowcs_s_l
_mbstrlen
_mbstrlen_l
_mbstrnlen
_mbstrnlen_l
_mbsupr
_mbsupr_l
_mbsupr_s
_mbsupr_s_l
_mbtowc_l

Sections

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-private-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d5:8f:19:a7:1e:bb:8d:26:d4:25:6c:ec:c1:c1:7f:98:c4:a6:fb:ab:28:b6:f5:96:0f:8f:e9:4f:79:e7:d0:a8
Signer

Actual PE Digest

d5:8f:19:a7:1e:bb:8d:26:d4:25:6c:ec:c1:c1:7f:98:c4:a6:fb:ab:28:b6:f5:96:0f:8f:e9:4f:79:e7:d0:a8

Digest Algorithm

sha256

PE Digest Matches

true

7a:e3:ab:1d:fc:78:38:8e:30:00:80:bc:88:2f:bb:19:eb:17:50:63
Signer

Actual PE Digest

7a:e3:ab:1d:fc:78:38:8e:30:00:80:bc:88:2f:bb:19:eb:17:50:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_IsExceptionObjectToBeDestroyed
_SetImageBase
_SetThrowImageBase
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__dcrt_get_wide_environment_from_os
__dcrt_initial_narrow_environment
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_o__Getdays
_o__Getmonths
_o__Gettnames
_o__Strftime
_o__W_Getdays
_o__W_Getmonths
_o__W_Gettnames
_o__Wcsftime
_o____lc_codepage_func
_o____lc_collate_cp_func
_o____lc_locale_name_func
_o____mb_cur_max_func
_o___acrt_iob_func
_o___conio_common_vcprintf
_o___conio_common_vcprintf_p
_o___conio_common_vcprintf_s
_o___conio_common_vcscanf
_o___conio_common_vcwprintf
_o___conio_common_vcwprintf_p
_o___conio_common_vcwprintf_s
_o___conio_common_vcwscanf
_o___daylight
_o___dstbias
_o___fpe_flt_rounds
_o___p___argc
_o___p___argv
_o___p___wargv
_o___p__acmdln
_o___p__commode
_o___p__environ
_o___p__fmode
_o___p__mbcasemap
_o___p__mbctype
_o___p__pgmptr
_o___p__wcmdln
_o___p__wenviron
_o___p__wpgmptr
_o___pctype_func
_o___pwctype_func
_o___std_exception_copy
_o___std_exception_destroy
_o___std_type_info_destroy_list
_o___std_type_info_name
_o___stdio_common_vfprintf
_o___stdio_common_vfprintf_p
_o___stdio_common_vfprintf_s
_o___stdio_common_vfscanf
_o___stdio_common_vfwprintf
_o___stdio_common_vfwprintf_p
_o___stdio_common_vfwprintf_s
_o___stdio_common_vfwscanf
_o___stdio_common_vsnprintf_s
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsprintf_p
_o___stdio_common_vsprintf_s
_o___stdio_common_vsscanf
_o___stdio_common_vswprintf
_o___stdio_common_vswprintf_p
_o___stdio_common_vswprintf_s
_o___stdio_common_vswscanf
_o___timezone
_o___tzname
_o___wcserror
_o__access
_o__access_s
_o__aligned_free
_o__aligned_malloc
_o__aligned_msize
_o__aligned_offset_malloc
_o__aligned_offset_realloc
_o__aligned_offset_recalloc
_o__aligned_realloc
_o__aligned_recalloc
_o__atodbl
_o__atodbl_l
_o__atof_l
_o__atoflt
_o__atoflt_l
_o__atoi64
_o__atoi64_l
_o__atoi_l
_o__atol_l
_o__atoldbl
_o__atoldbl_l
_o__atoll_l
_o__beep
_o__beginthread
_o__beginthreadex
_o__cabs
_o__callnewh
_o__calloc_base
_o__cexit
_o__cgets
_o__cgets_s
_o__cgetws
_o__cgetws_s
_o__chdir
_o__chdrive
_o__chmod
_o__chsize
_o__chsize_s
_o__close
_o__commit
_o__configthreadlocale
_o__configure_narrow_argv
_o__configure_wide_argv
_o__controlfp_s
_o__cputs
_o__cputws
_o__creat
_o__create_locale
_o__crt_atexit
_o__ctime32_s
_o__ctime64_s
_o__cwait
_o__d_int
_o__dclass
_o__difftime32
_o__difftime64
_o__dlog
_o__dnorm
_o__dpcomp
_o__dpoly
_o__dscale
_o__dsign
_o__dsin
_o__dtest
_o__dunscale
_o__dup
_o__dup2
_o__dupenv_s
_o__ecvt
_o__ecvt_s
_o__endthread
_o__endthreadex
_o__eof
_o__errno
_o__except1
_o__execute_onexit_table
_o__execv
_o__execve
_o__execvp
_o__execvpe
_o__exit
_o__expand
_o__fclose_nolock
_o__fcloseall
_o__fcvt
_o__fcvt_s
_o__fd_int
_o__fdclass
_o__fdexp
_o__fdlog
_o__fdopen
_o__fdpcomp
_o__fdpoly
_o__fdscale
_o__fdsign
_o__fdsin
_o__fflush_nolock
_o__fgetc_nolock
_o__fgetchar
_o__fgetwc_nolock
_o__fgetwchar
_o__filelength
_o__filelengthi64
_o__fileno
_o__findclose
_o__findfirst32
_o__findfirst32i64
_o__findfirst64
_o__findfirst64i32
_o__findnext32
_o__findnext32i64
_o__findnext64
_o__findnext64i32
_o__flushall
_o__fpclass
_o__fpclassf
_o__fputc_nolock
_o__fputchar
_o__fputwc_nolock
_o__fputwchar
_o__fread_nolock
_o__fread_nolock_s
_o__free_base
_o__free_locale
_o__fseek_nolock
_o__fseeki64
_o__fseeki64_nolock
_o__fsopen
_o__fstat32
_o__fstat32i64
_o__fstat64
_o__fstat64i32
_o__ftell_nolock
_o__ftelli64
_o__ftelli64_nolock
_o__ftime32
_o__ftime32_s
_o__ftime64
_o__ftime64_s
_o__fullpath
_o__futime32
_o__futime64
_o__fwrite_nolock
_o__gcvt
_o__gcvt_s
_o__get_daylight
_o__get_doserrno
_o__get_dstbias
_o__get_errno
_o__get_fmode
_o__get_heap_handle
_o__get_initial_narrow_environment
_o__get_initial_wide_environment
_o__get_invalid_parameter_handler
_o__get_narrow_winmain_command_line
_o__get_osfhandle
_o__get_pgmptr
_o__get_stream_buffer_pointers
_o__get_terminate
_o__get_thread_local_invalid_parameter_handler
_o__get_timezone
_o__get_tzname
_o__get_wide_winmain_command_line
_o__get_wpgmptr
_o__getc_nolock
_o__getch
_o__getch_nolock
_o__getche
_o__getche_nolock
_o__getcwd
_o__getdcwd
_o__getdiskfree
_o__getdllprocaddr
_o__getdrive
_o__getdrives
_o__getmbcp
_o__getsystime
_o__getw
_o__getwc_nolock
_o__getwch
_o__getwch_nolock
_o__getwche
_o__getwche_nolock
_o__getws
_o__getws_s
_o__gmtime32
_o__gmtime32_s
_o__gmtime64
_o__gmtime64_s
_o__heapchk
_o__heapmin
_o__hypot
_o__hypotf
_o__i64toa
_o__i64toa_s
_o__i64tow
_o__i64tow_s
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__invalid_parameter_noinfo_noreturn
_o__isatty
_o__isctype
_o__isctype_l
_o__isleadbyte_l
_o__ismbbalnum
_o__ismbbalnum_l
_o__ismbbalpha
_o__ismbbalpha_l
_o__ismbbblank
_o__ismbbblank_l
_o__ismbbgraph
_o__ismbbgraph_l
_o__ismbbkalnum
_o__ismbbkalnum_l
_o__ismbbkana
_o__ismbbkana_l
_o__ismbbkprint
_o__ismbbkprint_l
_o__ismbbkpunct
_o__ismbbkpunct_l
_o__ismbblead
_o__ismbblead_l
_o__ismbbprint
_o__ismbbprint_l
_o__ismbbpunct
_o__ismbbpunct_l
_o__ismbbtrail
_o__ismbbtrail_l
_o__ismbcalnum
_o__ismbcalnum_l
_o__ismbcalpha
_o__ismbcalpha_l
_o__ismbcblank
_o__ismbcblank_l
_o__ismbcdigit
_o__ismbcdigit_l
_o__ismbcgraph
_o__ismbcgraph_l
_o__ismbchira
_o__ismbchira_l
_o__ismbckata
_o__ismbckata_l
_o__ismbcl0
_o__ismbcl0_l
_o__ismbcl1
_o__ismbcl1_l
_o__ismbcl2
_o__ismbcl2_l
_o__ismbclegal
_o__ismbclegal_l
_o__ismbclower
_o__ismbclower_l
_o__ismbcprint
_o__ismbcprint_l
_o__ismbcpunct
_o__ismbcpunct_l
_o__ismbcspace
_o__ismbcspace_l
_o__ismbcsymbol
_o__ismbcsymbol_l
_o__ismbcupper
_o__ismbcupper_l
_o__ismbslead
_o__ismbslead_l
_o__ismbstrail
_o__ismbstrail_l
_o__iswctype_l
_o__itoa
_o__itoa_s
_o__itow
_o__itow_s
_o__j0
_o__j1
_o__jn
_o__kbhit
_o__ld_int
_o__ldclass
_o__ldexp
_o__ldlog
_o__ldpcomp
_o__ldpoly
_o__ldscale
_o__ldsign
_o__ldsin
_o__ldtest
_o__ldunscale
_o__lfind
_o__lfind_s
_o__loaddll
_o__localtime32
_o__localtime32_s
_o__localtime64
_o__localtime64_s
_o__lock_file
_o__locking
_o__logb
_o__logbf
_o__lsearch
_o__lsearch_s
_o__lseek
_o__lseeki64
_o__ltoa
_o__ltoa_s
_o__ltow
_o__ltow_s
_o__makepath
_o__makepath_s
_o__malloc_base
_o__mbbtombc
_o__mbbtombc_l
_o__mbbtype
_o__mbbtype_l
_o__mbccpy
_o__mbccpy_l
_o__mbccpy_s
_o__mbccpy_s_l
_o__mbcjistojms
_o__mbcjistojms_l
_o__mbcjmstojis
_o__mbcjmstojis_l
_o__mbclen
_o__mbclen_l
_o__mbctohira
_o__mbctohira_l
_o__mbctokata
_o__mbctokata_l
_o__mbctolower
_o__mbctolower_l
_o__mbctombb
_o__mbctombb_l
_o__mbctoupper
_o__mbctoupper_l
_o__mblen_l
_o__mbsbtype
_o__mbsbtype_l
_o__mbscat_s
_o__mbscat_s_l
_o__mbschr
_o__mbschr_l
_o__mbscmp
_o__mbscmp_l
_o__mbscoll
_o__mbscoll_l
_o__mbscpy_s
_o__mbscpy_s_l
_o__mbscspn
_o__mbscspn_l
_o__mbsdec
_o__mbsdec_l
_o__mbsicmp
_o__mbsicmp_l
_o__mbsicoll
_o__mbsicoll_l
_o__mbsinc
_o__mbsinc_l
_o__mbslen
_o__mbslen_l
_o__mbslwr
_o__mbslwr_l
_o__mbslwr_s
_o__mbslwr_s_l
_o__mbsnbcat
_o__mbsnbcat_l
_o__mbsnbcat_s
_o__mbsnbcat_s_l
_o__mbsnbcmp
_o__mbsnbcmp_l
_o__mbsnbcnt
_o__mbsnbcnt_l
_o__mbsnbcoll
_o__mbsnbcoll_l
_o__mbsnbcpy
_o__mbsnbcpy_l
_o__mbsnbcpy_s
_o__mbsnbcpy_s_l
_o__mbsnbicmp
_o__mbsnbicmp_l
_o__mbsnbicoll
_o__mbsnbicoll_l
_o__mbsnbset

Sections

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/api-ms-win-crt-process-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d7:4d:95:42:60:13:dc:77:da:2e:4b:f6:f5:c6:d7:36:3f:ab:86:9d:2f:12:c3:af:7c:3e:c8:72:2f:1e:2d:18
Signer

Actual PE Digest

d7:4d:95:42:60:13:dc:77:da:2e:4b:f6:f5:c6:d7:36:3f:ab:86:9d:2f:12:c3:af:7c:3e:c8:72:2f:1e:2d:18

Digest Algorithm

sha256

PE Digest Matches

true

ad:be:51:42:48:63:74:38:8d:7e:95:8b:ad:67:95:ca:63:a5:fd:b6
Signer

Actual PE Digest

ad:be:51:42:48:63:74:38:8d:7e:95:8b:ad:67:95:ca:63:a5:fd:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

_beep
_cwait
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_loaddll
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_unloaddll
_wexecl
_wexecle
_wexeclp
_wexeclpe
_wexecv
_wexecve
_wexecvp
_wexecvpe
_wspawnl
_wspawnle
_wspawnlp
_wspawnlpe
_wspawnv
_wspawnve
_wspawnvp
_wspawnvpe

Sections

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mrgt09/x86/opengl64.dll
.exe windows:6 windows x64 arch:x64

12c058d908f07eb19d3f1f0a4bb41bef

Code Sign

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:fe:7b:a4:82:f0:76:db:90:bc:c2:2b:2c:48:7c:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/02/2021, 00:00

Not After

29/02/2024, 23:59

Subject

CN=Epic Games Inc.,O=Epic Games Inc.,L=Cary,ST=North Carolina,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:52:fd:13:81:7d:a3:86:5d:e4:84:46:8c:35:09:a5:26:83:ae:ac:37:64:c9:0f:42:89:b7:70:65:88:10:df
Signer

Actual PE Digest

0c:52:fd:13:81:7d:a3:86:5d:e4:84:46:8c:35:09:a5:26:83:ae:ac:37:64:c9:0f:42:89:b7:70:65:88:10:df

Digest Algorithm

sha256

PE Digest Matches

true

b4:28:b6:ea:a9:f1:d8:dd:26:dd:e6:4d:49:5f:06:c6:e0:8c:f6:c4
Signer

Actual PE Digest

b4:28:b6:ea:a9:f1:d8:dd:26:dd:e6:4d:49:5f:06:c6:e0:8c:f6:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

xinput1_3

ord3
ord2

advapi32

CryptReleaseContext
OpenProcessToken
RegDeleteTreeW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegSetValueExW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyExW
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
RegCloseKey
RegCreateKeyExW

user32

WindowFromPoint
ClipCursor
GetDlgItem
SetDlgItemTextW
GetSystemMetrics
SetForegroundWindow
SetWindowTextW
GetWindowRect
MessageBoxW
ScreenToClient
GetWindowLongW
GetTopWindow
EnumDisplayDevicesW
GetKeyboardLayout
DisableProcessWindowsGhosting
TranslateMessage
DispatchMessageW
GetMessageExtraInfo
SendMessageW
DefWindowProcW
GetRawInputDeviceList
RegisterRawInputDevices
GetRawInputDeviceInfoA
ReleaseDC
GetWindowInfo
EnumDisplayMonitors
SetWindowLongPtrW
GetProcessWindowStation
GetUserObjectInformationW
GetCursorPos
SetCursor
SetCursorPos
ClientToScreen
RegisterClassW
UnregisterClassW
CreateWindowExW
GetClipCursor
DestroyWindow
ShowWindow
SetLayeredWindowAttributes
FlashWindowEx
GetWindowPlacement
SetWindowPlacement
IsIconic
IsZoomed
GetDC
GetForegroundWindow
SetActiveWindow
UpdateWindow
EnableMenuItem
GetSystemMenu
IsWindowEnabled
GetMonitorInfoW
MonitorFromWindow
MonitorFromRect
ShowCursor
AdjustWindowRectEx
GetClientRect
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
MonitorFromPoint
SystemParametersInfoW
EnumDisplaySettingsW
CreateIconIndirect
LoadImageW
LoadIconW
LoadCursorFromFileW
LoadCursorW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassLongPtrW
RegisterClassExW
MoveWindow
MsgWaitForMultipleObjects
SetRect
IsWindow
GetWindowLongPtrW
SetWindowLongW
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
RegisterTouchWindow
CloseTouchInputHandle
GetTouchInputInfo
GetAsyncKeyState
GetKeyState
GetFocus
EndDialog
DialogBoxParamW
SetWindowPos
PostQuitMessage
UnregisterHotKey
RegisterHotKey
PeekMessageW
GetActiveWindow
GetRawInputData
SetFocus

gdi32

PtInRegion
SelectObject
CreateCompatibleDC
DeleteDC
GetTextExtentPoint32W
SwapBuffers
SetPixelFormat
ChoosePixelFormat
GetTextMetricsW
CreateFontW
CreateBitmap
GetDeviceCaps
CreateFontIndirectW
CreateRectRgn
CreateRoundRectRgn
DeleteObject

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertOpenSystemStoreW
CertGetNameStringW
CertEnumCertificatesInStore

ws2_32

accept
bind
closesocket
connect
ioctlsocket
getpeername
getsockname
__WSAFDIsSet
htonl
htons
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket
gethostname
WSAStartup
WSACleanup
WSAGetLastError
getaddrinfo
freeaddrinfo
getnameinfo
WSAIoctl
WSASetLastError
getsockopt
inet_pton

wldap32

ord143
ord46
ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord60

normaliz

IdnToAscii

dxgi

CreateDXGIFactory1

d3d11

D3D11CreateDevice

d3dcompiler_43

D3DCompile
D3DReflect

dbghelp

SymFunctionTableAccess64
MiniDumpWriteDump
SymRefreshModuleList
StackWalk64
SymFromAddr
SymInitializeW
SymGetLineFromAddr64
SymGetModuleBase64
SymGetModuleInfo64
SymSetOptions
SymGetModuleInfoW64
SymGetOptions

winmm

timeBeginPeriod

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
VerSetConditionMask
RtlCaptureStackBackTrace
CreateToolhelp32Snapshot
K32GetProcessMemoryInfo
K32GetModuleFileNameExW
K32EnumProcessModulesEx
SystemTimeToFileTime
FileTimeToSystemTime
MoveFileW
CopyFileW
ReOpenFile
UnmapViewOfFile
MapViewOfFile
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
GlobalMemoryStatusEx
GetProcessId
ResumeThread
SuspendThread
OpenThread
GetCurrentProcessId
SetCurrentDirectoryW
GetLongPathNameW
GetTempPathW
OutputDebugStringW
SetThreadErrorMode
PeekNamedPipe
QueryPerformanceFrequency
SetEvent
ReleaseSemaphore
GetEnvironmentVariableW
CreateFileMappingW
GetCurrentDirectoryW
Sleep
GetCurrentProcess
LoadLibraryExA
VirtualQuery
CreateSemaphoreA
GetProcessTimes
TerminateProcess
GetExitCodeProcess
LocalFree
SwitchToThread
VerifyVersionInfoA
GetModuleHandleA
GetSystemDirectoryA
ExpandEnvironmentStringsA
WaitForMultipleObjects
WaitForSingleObjectEx
SleepEx
InitializeCriticalSectionEx
GetTickCount64
FormatMessageA
ReadConsoleW
ReadConsoleA
SetConsoleMode
GetConsoleMode
ConvertThreadToFiber
ConvertFiberToThread
WideCharToMultiByte
MultiByteToWideChar
CreateFiber
DeleteFiber
SwitchToFiber
CreateEventW
GetDateFormatEx
GetTimeFormatEx
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
CreateThread
GetSystemTime
GetSystemTimeAsFileTime
GetLocalTime
GetCurrentThread
SetThreadPriority
ResolveLocaleName
GetCurrencyFormatEx
GetNumberFormatEx
LocaleNameToLCID
LCIDToLocaleName
GetUserGeoID
GetVersionExW
CreateProcessW
GetLogicalProcessorInformationEx
GetNativeSystemInfo
GetGeoInfoW
GetDynamicTimeZoneInformation
GetLocaleInfoEx
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
LoadResource
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetACP
GetThreadContext
GetEnvironmentVariableA
GetStartupInfoW
LoadLibraryA
VirtualUnlock
GetLargePageMinimum
FlsSetValue
FlsAlloc
GetModuleHandleExA
SetErrorMode
MulDiv
GlobalFree
SetConsoleWindowInfo
SetConsoleTextAttribute
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
AttachConsole
FreeConsole
AllocConsole
GlobalLock
GlobalUnlock
GlobalAlloc
GetVersion
GetProcessHandleCount
CreateWaitableTimerW
SetWaitableTimer
Process32NextW
DebugBreak
LockResource
Process32FirstW
GetConsoleWindow
SetConsoleCtrlHandler
GetUserDefaultLocaleName
GetUserPreferredUILanguages
GetSystemPowerStatus
VerifyVersionInfoW
GetComputerNameW
QueryFullProcessImageNameW
lstrlenW
FormatMessageW
SetThreadAffinityMask
LoadLibraryW
FindResourceW
InitializeCriticalSection
SetCriticalSectionSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentThreadId
GetStdHandle
GetCommandLineW
FindClose
FindFirstFileW
GetFileType
OpenProcess
WriteConsoleW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
HeapSetInformation
SetHandleInformation
CreatePipe
CreateDirectoryW
CreateFileW
DeleteFileW
FindNextFileW
FlushFileBuffers
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFinalPathNameByHandleW
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
RaiseException
GetLastError
SetLastError
GetOverlappedResult
ResetEvent
WaitForSingleObject
SizeofResource

comdlg32

ChooseFontW

shell32

ShellExecuteW
ShellExecuteExW
SHGetKnownFolderPath
SHGetFolderPathW
SHCreateItemFromParsingName

ole32

RevokeDragDrop
ReleaseStgMedium
CoCreateInstance
CoUninitialize
CoCreateGuid
CoInitialize
OleInitialize
RegisterDragDrop
CoTaskMemFree
OleUninitialize

oleaut32

VariantCopy
SafeArrayCreateVector
SafeArrayPutElement
SysAllocString
SysFreeString

iphlpapi

GetAdaptersAddresses

setupapi

SetupDiOpenDevRegKey
SetupDiGetClassDevsExW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_Device_IDW

dwmapi

DwmExtendFrameIntoClientArea
DwmGetCompositionTimingInfo
DwmSetWindowAttribute
DwmIsCompositionEnabled

imm32

ImmGetDescriptionW
ImmGetIMEFileNameW
ImmGetProperty
ImmCreateContext
ImmDestroyContext
ImmGetContext
ImmReleaseContext
ImmAssociateContext
ImmGetCompositionStringW
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow

uiautomationcore

UiaRaiseAutomationPropertyChangedEvent
UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaHostProviderFromHwnd
UiaClientsAreListening

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser

opengl32

glPolygonMode
glScissor
glStencilFunc
glStencilMask
glStencilOp
glGetString
glTexImage2D
glTexParameteri
glTexSubImage2D
glGenTextures
glViewport
glEnable
glDisable
wglCreateContext
glBlendFunc
glPixelStorei
wglDeleteContext
wglGetProcAddress
wglMakeCurrent
glBindTexture
glAlphaFunc
glDeleteTextures
glTexEnvi

msvcp140

_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Thrd_yield

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

dbgeng

DebugCreate

bcrypt

BCryptGenRandom

vcruntime140

__intrinsic_setjmp
__current_exception_context
__current_exception
__RTDynamicCast
__std_type_info_name
__std_type_info_compare
__RTtypeid
__CxxFrameHandler3
strchr
longjmp
__std_exception_destroy
__std_exception_copy
__std_terminate
memchr
_set_purecall_handler
__C_specific_handler
wcsrchr
strstr
wcschr
_CxxThrowException
_purecall
memcpy
memmove
memset
wcsstr
memcmp
strrchr

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-convert-l1-1-0

strtod
_wtof
_wtoi64
_wtoi
atoi
wcstod
_wcstoui64
_wcstoi64
_strtoi64
atof
strtol
strtoul
strtoll
wcstoul

api-ms-win-crt-utility-l1-1-0

srand
div
rand
qsort
bsearch

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
fputs
fwrite
_read
_write
_close
_open
setbuf
fread
ferror
fclose
_setmode
_fileno
clearerr
_lseeki64
_set_fmode
feof
fseek
ftell
__acrt_iob_func
__stdio_common_vsprintf
fgets
__stdio_common_vsscanf
_wfopen
fopen
__stdio_common_vfwprintf
__stdio_common_vswprintf
fputc
fflush

api-ms-win-crt-string-l1-1-0

isxdigit
tolower
isalpha
strpbrk
wcsncmp
isalnum
_strdup
strcspn
_strnicmp
_stricmp
wcsncpy
isdigit
iswdigit
iswspace
strcmp
isupper
islower
isgraph
strncmp
isspace
strncat
toupper
strncpy
strspn
isprint
iswpunct
iswlower
iswxdigit
iswalpha
iswalnum

api-ms-win-crt-heap-l1-1-0

_heapchk
_set_new_mode
_aligned_free
_aligned_malloc
realloc
_get_heap_handle
calloc
free
malloc

api-ms-win-crt-math-l1-1-0

floor
logf
truncf
floorf
ceil
fmod
ceilf
_dsign
__setusermatherr
_dtest
trunc
modf
_isnan
round
asin
frexp
powf
_finite
cosf
sinf
atan
atan2
cos
log
sin
pow
sqrt
tan

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_getpid
_errno
exit
_invalid_parameter_noinfo_noreturn
_cexit
_crt_atexit
_register_onexit_function
_set_app_type
_initialize_onexit_table
_exit
raise
__sys_nerr
_initterm
strerror
_initterm_e
_beginthreadex
abort
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
signal
terminate
strerror_s
_get_narrow_winmain_command_line

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-conio-l1-1-0

_cputs

api-ms-win-crt-time-l1-1-0

__tzname
_tzset
_gmtime64_s
_gmtime64
_time64
__timezone

api-ms-win-crt-filesystem-l1-1-0

_stat64
_fstat64
_stat64i32
_fstat64i32

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

png_access_version_number
png_benign_error
png_build_grayscale_palette
png_calloc
png_chunk_benign_error
png_chunk_error
png_chunk_warning
png_convert_from_struct_tm
png_convert_from_time_t
png_convert_to_rfc1123
png_create_info_struct
png_create_read_struct
png_create_read_struct_2
png_create_write_struct
png_create_write_struct_2
png_data_freer
png_destroy_info_struct
png_destroy_read_struct
png_destroy_write_struct
png_error
png_free
png_free_data
png_free_default
png_get_IHDR
png_get_PLTE
png_get_bKGD
png_get_bit_depth
png_get_cHRM
png_get_cHRM_fixed
png_get_channels
png_get_chunk_cache_max
png_get_chunk_malloc_max
png_get_color_type
png_get_compression_buffer_size
png_get_compression_type
png_get_copyright
png_get_current_pass_number
png_get_current_row_number
png_get_error_ptr
png_get_filter_type
png_get_gAMA
png_get_gAMA_fixed
png_get_hIST
png_get_header_ver
png_get_header_version
png_get_iCCP
png_get_image_height
png_get_image_width
png_get_int_32
png_get_interlace_type
png_get_io_chunk_name
png_get_io_chunk_type
png_get_io_ptr
png_get_io_state
png_get_libpng_ver
png_get_mem_ptr
png_get_oFFs
png_get_pCAL
png_get_pHYs
png_get_pHYs_dpi
png_get_pixel_aspect_ratio
png_get_pixel_aspect_ratio_fixed
png_get_pixels_per_inch
png_get_pixels_per_meter
png_get_rgb_to_gray_status
png_get_rowbytes
png_get_rows
png_get_sBIT
png_get_sCAL
png_get_sCAL_fixed
png_get_sCAL_s
png_get_sPLT
png_get_sRGB
png_get_signature
png_get_tIME
png_get_tRNS
png_get_text
png_get_uint_16
png_get_uint_31
png_get_uint_32
png_get_unknown_chunks
png_get_user_chunk_ptr
png_get_user_height_max
png_get_user_transform_ptr
png_get_user_width_max
png_get_valid
png_get_x_offset_inches
png_get_x_offset_inches_fixed
png_get_x_offset_microns
png_get_x_offset_pixels
png_get_x_pixels_per_inch
png_get_x_pixels_per_meter
png_get_y_offset_inches
png_get_y_offset_inches_fixed
png_get_y_offset_microns
png_get_y_offset_pixels
png_get_y_pixels_per_inch
png_get_y_pixels_per_meter
png_handle_as_unknown
png_info_init_3
png_init_io
png_longjmp
png_malloc
png_malloc_default
png_malloc_warn
png_permit_mng_features
png_read_end
png_read_image
png_read_info
png_read_png
png_read_row
png_read_rows
png_read_update_info
png_reset_zstream
png_save_int_32
png_save_uint_16
png_save_uint_32
png_set_IHDR
png_set_PLTE
png_set_add_alpha
png_set_bKGD
png_set_background
png_set_background_fixed
png_set_benign_errors
png_set_bgr
png_set_cHRM
png_set_cHRM_fixed
png_set_chunk_cache_max
png_set_chunk_malloc_max
png_set_compression_buffer_size
png_set_compression_level
png_set_compression_mem_level
png_set_compression_method
png_set_compression_strategy
png_set_compression_window_bits
png_set_crc_action
png_set_error_fn
png_set_expand
png_set_expand_16
png_set_expand_gray_1_2_4_to_8
png_set_filler
png_set_filter
png_set_filter_heuristics
png_set_filter_heuristics_fixed
png_set_flush
png_set_gAMA
png_set_gAMA_fixed
png_set_gamma
png_set_gamma_fixed
png_set_gray_to_rgb
png_set_hIST
png_set_iCCP
png_set_interlace_handling
png_set_invalid
png_set_invert_alpha
png_set_invert_mono
png_set_keep_unknown_chunks
png_set_longjmp_fn
png_set_mem_fn
png_set_oFFs
png_set_pCAL
png_set_pHYs
png_set_packing
png_set_packswap
png_set_palette_to_rgb
png_set_quantize
png_set_read_fn
png_set_read_status_fn
png_set_read_user_chunk_fn
png_set_read_user_transform_fn
png_set_rgb_to_gray
png_set_rgb_to_gray_fixed
png_set_rows
png_set_sBIT
png_set_sCAL
png_set_sCAL_fixed
png_set_sCAL_s
png_set_sPLT
png_set_sRGB
png_set_sRGB_gAMA_and_cHRM
png_set_shift
png_set_sig_bytes
png_set_strip_16
png_set_strip_alpha
png_set_swap
png_set_swap_alpha
png_set_tIME
png_set_tRNS
png_set_tRNS_to_alpha
png_set_text
png_set_unknown_chunk_location
png_set_unknown_chunks
png_set_user_limits
png_set_user_transform_info
png_set_write_fn
png_set_write_status_fn
png_set_write_user_transform_fn
png_sig_cmp
png_start_read_image
png_warning
png_write_chunk
png_write_chunk_data
png_write_chunk_end
png_write_chunk_start
png_write_end
png_write_flush
png_write_image
png_write_info
png_write_info_before_PLTE
png_write_png
png_write_row
png_write_rows
png_write_sig

Sections

.text
Size: 11.6MB - Virtual size: 11.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.uedbg
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.4MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 582KB - Virtual size: 582KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

824cffff2cbdd76a3d842387b66e90ec

Headers

DLL Characteristics

File Characteristics

Imports

msvcp_win

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

coremessaging

coreuicomponents

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-processtopology-obsolete-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-file-l1-2-0

api-ms-win-core-io-l1-1-1

ws2_32

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-featurestaging-l1-1-0

dwrite

dxgi

d3d11

d3d12

api-ms-win-core-string-l1-1-0

api-ms-win-security-accesshlpr-l1-1-0

ntdll

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-core-psm-app-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-security-appcontainer-l1-1-0

api-ms-win-core-namedpipe-ansi-l1-1-0

api-ms-win-core-io-l1-1-0

mfplat

mfreadwrite

xaudio2_9

Exports

Exports

Sections

.text
Size: 11.3MB - Virtual size: 11.3MB

.rdata
Size: 4.1MB - Virtual size: 4.1MB

.data
Size: 1.7MB - Virtual size: 1.8MB

.pdata
Size: 333KB - Virtual size: 332KB

.didat
Size: 512B - Virtual size: 312B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 517KB - Virtual size: 517KB

.text
Size: 199KB - Virtual size: 198KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 145KB

.didat
Size: 512B - Virtual size: 400B

.rsrc
Size: 56KB - Virtual size: 55KB

.reloc
Size: 9KB - Virtual size: 8KB