Cris_G1Z4N83_2023-12-12_14_52_55[.]307[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Cris_G1Z4N83_2023-12-12_14_52_55.307.zip
Size

5.4MB
MD5

a75c62e233ab405597406073e8c9bda3
SHA1

43da190b6374a80077255a23c35f0eb6edbdbd34
SHA256

4d8660e4192ecad34afd8090acf2baa3b4508f362d95af33212be379ec3d4e9b
SHA512

d0c0caca0d7c94e779bb06a8f99007563e21d37127f297c61028bbd54643bc311d379b8b5b7ecf4d88967b907599237ef9823deb948329a4e8736ef308ecb3f0
SSDEEP

98304:C0Uh8IU6oRYGP6MH4HvJoPp3qO63KrN081Y/8NRnakmu7hO09e3vYoLnGiEcO:Sh8IU7PPl4Hv6pa/KDq8vnpOae3nGiI

Score

1^/10

Malware Config

Signatures

Files

Cris_G1Z4N83_2023-12-12_14_52_55.307.zip
.zip

Password: Passw0rd$$
Device/HarddiskVolume3/Program Files/Common Files/microsoft shared/ClickToRun/OfficeClickToRun.exe
.exe windows:6 windows x64 arch:x64

Password: Passw0rd$$

db00ab81c09caf15bb5e4b5c5c00db8d

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:cb:b9:5a:e1:70:ae:d2:a2:75:e9:0f:90:d0:e3:64:d4:1f:47:a6:d0:e2:7b:e9:ce:31:f8:51:f3:ce:50:3a
Signer

Actual PE Digest

57:cb:b9:5a:e1:70:ae:d2:a2:75:e9:0f:90:d0:e3:64:d4:1f:47:a6:d0:e2:7b:e9:ce:31:f8:51:f3:ce:50:3a

Digest Algorithm

sha256

PE Digest Matches

true

57:cb:b9:5a:e1:70:ae:d2:a2:75:e9:0f:90:d0:e3:64:d4:1f:47:a6:d0:e2:7b:e9:ce:31:f8:51:f3:ce:50:3a
Signer

Actual PE Digest

57:cb:b9:5a:e1:70:ae:d2:a2:75:e9:0f:90:d0:e3:64:d4:1f:47:a6:d0:e2:7b:e9:ce:31:f8:51:f3:ce:50:3a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CryptReleaseContext
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteTreeW
RegDeleteKeyW
RegGetValueW
RegDeleteValueW
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
EventUnregister
EventRegister
EventWriteTransfer
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CreateWellKnownSid
CheckTokenMembership
CryptGetHashParam
RegNotifyChangeKeyValue
RevertToSelf
RegQueryValueW
OpenThreadToken
OpenProcessToken
GetLengthSid
CopySid
InitializeAcl
AddAccessDeniedAce
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
ConvertSidToStringSidW
EqualSid
EventWrite
CreateProcessAsUserW
RegCopyTreeW
ConvertStringSidToSidW
LookupAccountSidW
ImpersonateLoggedOnUser
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenSCManagerW
CloseServiceHandle
OpenServiceW
QueryServiceStatusEx
QueryServiceConfigW
StartServiceW
ControlService
EnumDependentServicesW
DeleteService
CreateServiceW
ChangeServiceConfig2W
ChangeServiceConfigW
SetServiceObjectSecurity
RegEnumValueA
RegDeleteValueA
RegGetValueA
CloseEventLog
OpenEventLogW
ReadEventLogW
RegOpenCurrentUser
RegRenameKey
RegSetKeySecurity
RegGetKeySecurity
RegRestoreKeyW
RegSaveKeyExW
EnableTraceEx
ProcessTrace
CloseTrace
OpenTraceW
StartTraceW
ControlTraceW
SetThreadToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetTokenInformation
DuplicateToken
DuplicateTokenEx

gdi32

DeleteObject
EnumFontFamiliesExW
CreateFontIndirectW
RemoveFontResourceW
GetFontData
SelectObject
AddFontResourceW
GetDeviceCaps

iphlpapi

CreateSortedAddressPairs
GetAdaptersInfo
FreeMibTable

kernel32

WideCharToMultiByte
TlsGetValue
CreateIoCompletionPort
GlobalMemoryStatusEx
QueryPerformanceCounter
GetStdHandle
GetCurrentThreadId
GetFileType
FindFirstFileW
FindNextFileW
InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
OpenProcess
GetExitCodeProcess
GetProcessTimes
GetTickCount64
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
CreateProcessW
FindResourceW
SizeofResource
LoadResource
GetUserDefaultLocaleName
IsValidCodePage
GetCPInfoExW
CreateEventExW
OpenEventW
RaiseException
GetVersionExW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
DeviceIoControl
SetErrorMode
GetComputerNameW
MulDiv
GetLogicalProcessorInformation
GetNativeSystemInfo
GetSystemDirectoryW
HeapFree
HeapAlloc
GetProcessHeap
CreateMutexExW
OpenMutexW
WaitForSingleObjectEx
TzSpecificLocalTimeToSystemTime
FlsGetValue
FlsSetValue
ReleaseSemaphore
CreateThread
WaitForMultipleObjectsEx
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
CloseThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolWait
SetThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
CreateThreadpoolWork
SubmitThreadpoolWork
QueryDepthSList
TryEnterCriticalSection
InitializeSListHead
InterlockedPushEntrySList
InterlockedPopEntrySList
RtlCaptureStackBackTrace
GetTempPathW
GetLongPathNameW
GetFinalPathNameByHandleW
ResetEvent
IsDebuggerPresent
GetFileAttributesExW
FindFirstFileExW
MoveFileExW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
LockFileEx
UnlockFileEx
GetFileInformationByHandleEx
GetCurrentDirectoryW
GetTempFileNameW
CopyFileExW
GetVolumePathNamesForVolumeNameW
SetFileInformationByHandle
CreateFileMappingW
K32EnumProcessModulesEx
RtlLookupFunctionEntry
RtlVirtualUnwind
GetFileAttributesW
GetFileTime
CopyFileW
GetShortPathNameW
QueryPerformanceFrequency
GlobalAlloc
LockResource
LCIDToLocaleName
SetFileTime
CancelIoEx
GetProcessAffinityMask
CreateWaitableTimerW
SetWaitableTimerEx
CancelWaitableTimer
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
GetThreadIOPendingFlag
GetCurrentThread
lstrlenW
GetQueuedCompletionStatus
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic
QueryUnbiasedInterruptTime
OutputDebugStringW
RtlCaptureContext
CreateMutexW
GetFileSizeEx
VirtualAlloc
OpenEventA
CreateEventA
OpenMutexA
CreateMutexA
OpenSemaphoreA
CreateSemaphoreA
OpenFileMappingA
LocalAlloc
LCMapStringEx
K32GetProcessMemoryInfo
GetPhysicallyInstalledSystemMemory
GetProductInfo
GetLocalTime
GetThreadLocale
DeleteFileA
GetTempPathA
lstrcmpW
FlushViewOfFile
GetFullPathNameW
GetPriorityClass
K32EnumProcesses
ProcessIdToSessionId
GetTimeZoneInformation
GetVolumeInformationW
GetExitCodeThread
GetLocaleInfoEx
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
EnumSystemLocalesEx
GetSystemDefaultLocaleName
GetFileAttributesA
LoadLibraryExA
GetSystemDefaultLCID
GetUserGeoID
GetGeoInfoW
GetUserDefaultUILanguage
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
InitializeCriticalSection
GetFullPathNameA
HeapValidate
HeapSize
GetDiskFreeSpaceA
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
K32GetModuleBaseNameW
lstrcmpiW
IsProcessorFeaturePresent
VirtualQuery
MapViewOfFile
InitializeConditionVariable
WerRegisterRuntimeExceptionModule
WerUnregisterRuntimeExceptionModule
ReadFile
WaitForMultipleObjects
PostQueuedCompletionStatus
GlobalFree
WaitForSingleObject
GetCurrentProcess
GetFileSize
CreateFileMappingA
CloseHandle
CreateFileA
UnmapViewOfFile
FindClose
LocaleNameToLCID
ReleaseMutex
GetCurrentProcessId
GlobalAddAtomW
GlobalFindAtomW
CreateEventW
SetEvent
DeleteFileW
VirtualProtect
InitOnceBeginInitialize
InitOnceComplete
CreateSymbolicLinkW
CreateHardLinkW
GetFileInformationByHandle
VerifyVersionInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DeleteTimerQueueTimer
CreateTimerQueueTimer
GetDriveTypeW
GetDateFormatW
GetTimeFormatW
SetCurrentDirectoryW
VerSetConditionMask
TlsFree
TlsSetValue
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FormatMessageW
GetModuleHandleA
GetOverlappedResult
CreateFileW
SetFilePointer
GetStartupInfoW
WriteFile
TlsAlloc
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
FormatMessageA
LoadLibraryA
GetStringTypeExW
FlsAlloc
FlsFree
GetTickCount
SetProcessMitigationPolicy
Sleep
OutputDebugStringA
QueryActCtxW
CreateActCtxW
FindActCtxSectionStringW
LoadLibraryW
ActivateActCtx
DeactivateActCtx
SetLastError
LocalFree
GetModuleFileNameW
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionEx
GetModuleHandleExW
GetLastError
CompareStringEx
GetProcAddress
FreeLibrary
IsWow64Process
ExpandEnvironmentStringsW
LoadLibraryExW
GetModuleHandleW

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocString
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
GetErrorInfo
SetErrorInfo
SysFreeString

rpcrt4

RpcServerListen
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
NdrServerCall2
UuidCreate
RpcServerUnregisterIf
RpcBindingInqAuthClientW
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcStringFreeW
UuidToStringW
RpcBindingSetAuthInfoW
RpcBindingFree
RpcMgmtIsServerListening
RpcServerRegisterIf2
RpcServerUseProtseqEpW

cabinet

ord13
ord14

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

wtsapi32

WTSSendMessageW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

setupapi

SetupIterateCabinetW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_type_info_compare
_purecall
__C_specific_handler
_CxxThrowException
__std_terminate
__std_exception_copy
__std_exception_destroy
strchr
__C_specific_handler_noexcept
__RTtypeid
__current_exception_context
__RTDynamicCast
__current_exception
memchr
strstr
memmove
wcsstr
memcmp
memset
wcsrchr
wcschr
memcpy
__std_type_info_name

msvcp140

??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?width@ios_base@std@@QEAA_J_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?flags@ios_base@std@@QEBAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exceptions@std@@YAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?width@ios_base@std@@QEBA_JXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?exceptions@ios_base@std@@QEAAXH@Z
?flags@ios_base@std@@QEAAHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?precision@ios_base@std@@QEAA_J_J@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?widen@?$ctype@D@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?narrow@?$ctype@D@std@@QEBADDD@Z
?is@?$ctype@D@std@@QEBA_NFD@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
?classic@locale@std@@SAAEBV12@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??0id@locale@std@@QEAA@_K@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@G@Z
?bad@ios_base@std@@QEBA_NXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Cnd_init_in_situ
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrToBool@@YA_NPEBX@Z
_Mtx_destroy_in_situ
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Mtx_init_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_destroy_in_situ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?fail@ios_base@std@@QEBA_NXZ
?eof@ios_base@std@@QEBA_NXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
??Bios_base@std@@QEBA_NXZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
_Query_perf_frequency
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Query_perf_counter
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?toupper@?$ctype@_W@std@@QEBA_W_W@Z
_Xtime_get_ticks
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA_W_W@Z
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?narrow@?$ctype@_W@std@@QEBAD_WD@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
_Thrd_sleep
?id@?$numpunct@_W@std@@2V0locale@2@A
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setf@ios_base@std@@QEAAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@F@Z
_Cnd_timedwait
_Mtx_current_owns
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
_Wcscoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
_Thrd_detach
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?tellp@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Thrd_yield
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Mtx_trylock
_Cnd_signal
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QEBA_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?_Gninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEA_W_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
_Mbrtowc
?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?pubimbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?pubseekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?_Winerror_map@std@@YAHH@Z

concrt140

??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_msize
realloc
free
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf_s
fputwc
__stdio_common_vswprintf
ungetwc
fgetwc
__p__commode
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswscanf
fputc
fwrite
__acrt_iob_func
fgetc
fputs
_wfopen_s
fgetpos
_write
fflush
ungetc
__stdio_common_vswprintf_s
fclose
fsetpos
_fseeki64
__stdio_common_vsscanf
setvbuf
fgets
fread
_get_stream_buffer_pointers
__stdio_common_vsprintf

api-ms-win-crt-runtime-l1-1-0

strerror_s
_clearfp
_exit
raise
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_errno
exit
_beginthreadex
terminate
abort
strerror
_crt_atexit
_seh_filter_exe
_set_app_type
_register_onexit_function
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_initialize_onexit_table
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_endthreadex

api-ms-win-crt-string-l1-1-0

towupper
strcspn
isupper
tolower
isalpha
isxdigit
isspace
isdigit
towlower
toupper
wcscpy_s
wcsncpy_s
_wcsnicmp
strncpy_s
strcmp
isalnum
_wcsicmp
iswalpha
wcscmp
wcstok_s
wcscat_s
wcsncat_s
_towupper_l
wcsncmp
wmemcpy_s
strncmp
_strnicmp
iswspace
_stricmp
_isctype_l
wcsnlen
strnlen

api-ms-win-crt-convert-l1-1-0

strtoul
wcstoull
_wtof
_ui64toa_s
strtof
_ui64tow_s
_ultow_s
_i64toa_s
_wtol
_wcstod_l
_itow_s
_wtoi64
_wtoi
atoi
wcstol
wcstoul
strtol
wcstoll
_i64tow_s
wcstod
strtod
_wcstoi64
strtoull
_wcstoui64
strtoll

api-ms-win-crt-locale-l1-1-0

_free_locale
_create_locale
__pctype_func
___lc_codepage_func
__initialize_lconv_for_unsigned_char
_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64
clock
wcsftime
_mktime64
_gmtime64_s
_difftime64
_localtime64_s

api-ms-win-crt-utility-l1-1-0

qsort
srand
rand
rand_s

api-ms-win-crt-math-l1-1-0

round
expf
_dsign
_fdsign
floor
log10
logf
_dclass
ldexp
_ldclass
__setusermatherr
_ldsign
ceilf
_fdclass
frexp
nan
pow

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_lock_file
_unlock_file

netapi32

NetApiBufferFree
NetGetJoinInformation

ntdll

NtSetInformationKey

rstrtmgr

RmGetList
RmRestart
RmShutdown
RmAddFilter
RmEndSession
RmStartSession
RmRegisterResources

apiclient

?CompleteUpdateRegistration@@YAJV?$shared_ptr@VORpcClient@@@std@@@Z
?KillQueuedProcesses@@YAJV?$shared_ptr@VORpcClient@@@std@@@Z
?RestartKilledProcesses@@YAJV?$shared_ptr@VORpcClient@@@std@@@Z
?InvokeProcessKillerEx@@YAJV?$shared_ptr@VORpcClient@@@std@@HHHPEB_W1PEAK@Z
?InvokeProcessKiller@@YAJV?$shared_ptr@VORpcClient@@@std@@HHHPEB_WPEAK@Z
?GetClickToRunData@@YAJV?$shared_ptr@VORpcClient@@@std@@HPEB_WPEA_WK@Z
?PromptUser@@YAJV?$shared_ptr@VORpcClient@@@std@@KPEAKPEB_W@Z
?RaiseTaskErrorEvent3@@YAJV?$shared_ptr@VORpcClient@@@std@@KKKKPEB_W@Z
?RaiseTaskToastEvent@@YAJV?$shared_ptr@VORpcClient@@@std@@H@Z
?RaiseTaskDialogEvent@@YAJV?$shared_ptr@VORpcClient@@@std@@PEB_W1@Z
?RaiseTaskProgressEvent@@YAJV?$shared_ptr@VORpcClient@@@std@@U_GUID@@K@Z
?GetServiceVersion@@YAJV?$shared_ptr@VORpcClient@@@std@@PEA_WK@Z
?SetFeatureFlightValues@@YAJV?$shared_ptr@VORpcClient@@@std@@PEB_W1@Z
?GetProcessPoolProcessId@@YAJV?$shared_ptr@VORpcClient@@@std@@PEAK@Z
?QueueTaskItem@@YAJV?$shared_ptr@VORpcClient@@@std@@U_GUID@@@Z

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 341KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 515KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.json

Sharing

General

Malware Config

Signatures

Files

Password: Passw0rd$$

Password: Passw0rd$$

db00ab81c09caf15bb5e4b5c5c00db8d

Code Sign

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

57:cb:b9:5a:e1:70:ae:d2:a2:75:e9:0f:90:d0:e3:64:d4:1f:47:a6:d0:e2:7b:e9:ce:31:f8:51:f3:ce:50:3aSigner

57:cb:b9:5a:e1:70:ae:d2:a2:75:e9:0f:90:d0:e3:64:d4:1f:47:a6:d0:e2:7b:e9:ce:31:f8:51:f3:ce:50:3aSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

gdi32

iphlpapi

kernel32

oleaut32

rpcrt4

cabinet

wintrust

wtsapi32

setupapi

vcruntime140_1

vcruntime140

msvcp140

concrt140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

netapi32

ntdll

rstrtmgr

apiclient

Sections

.text Size: 8.2MB - Virtual size: 8.2MB

.rdata Size: 3.6MB - Virtual size: 3.6MB

.data Size: 341KB - Virtual size: 494KB

.pdata Size: 515KB - Virtual size: 515KB

.didat Size: 2KB - Virtual size: 2KB

.rsrc Size: 300KB - Virtual size: 299KB

.reloc Size: 195KB - Virtual size: 195KB

33:00:00:05:57:cf:90:dd:c7:d1:c0:88:8c:00:00:00:00:05:57
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

57:cb:b9:5a:e1:70:ae:d2:a2:75:e9:0f:90:d0:e3:64:d4:1f:47:a6:d0:e2:7b:e9:ce:31:f8:51:f3:ce:50:3a
Signer

57:cb:b9:5a:e1:70:ae:d2:a2:75:e9:0f:90:d0:e3:64:d4:1f:47:a6:d0:e2:7b:e9:ce:31:f8:51:f3:ce:50:3a
Signer

.text
Size: 8.2MB - Virtual size: 8.2MB

.rdata
Size: 3.6MB - Virtual size: 3.6MB

.data
Size: 341KB - Virtual size: 494KB

.pdata
Size: 515KB - Virtual size: 515KB

.didat
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 300KB - Virtual size: 299KB

.reloc
Size: 195KB - Virtual size: 195KB