metasploit | 79ee8c94d27e524eb443c415c38bad5529478cc7e112ea356243dc07ac443d82

Sharing

Copy URL Twitter E-mail

General

Target

79ee8c94d27e524eb443c415c38bad5529478cc7e112ea356243dc07ac443d82
Size

1.4MB
MD5

a0f36d9db11077632a6f6b0b02c7f794
SHA1

f9781baa08847537c4c2c7cdfa228275dd835197
SHA256

79ee8c94d27e524eb443c415c38bad5529478cc7e112ea356243dc07ac443d82
SHA512

d8d21594265593e67e75b946ed11cb3208716f79a0b8b28ba7e0e76861dda8ad0ea00b60c5fae2cd936240859704ce1a26fe9b3827a6f6da0d5787b1c1714196
SSDEEP

24576:KKUSQu2qJxKYkjijm0vLXHrYBw5TxXIb4uu0PQGGL0xkFeyD6jZ:Kab7M0mw/Aw5TFpu2GGAcPDg

Score

10^/10

metasploit

Malware Config

Extracted

Family

metasploit

Version

encoder/shikata_ga_nai

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.240.128:3333

Signatures

Metasploit family
metasploit

Files

79ee8c94d27e524eb443c415c38bad5529478cc7e112ea356243dc07ac443d82
.exe windows:5 windows x86 arch:x86

145372ce23dd7ca310944a49f57aed43

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/11/2020, 00:00

Not After

22/02/2024, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong Province,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:34:3d:59:18:fc:a8:ed:9d:94:81:d2:ab:4a:f5:68:da:e3:46:8f:8a:3e:21:87:aa:de:61:56:e5:43:79:9d
Signer

Actual PE Digest

c6:34:3d:59:18:fc:a8:ed:9d:94:81:d2:ab:4a:f5:68:da:e3:46:8f:8a:3e:21:87:aa:de:61:56:e5:43:79:9d

Digest Algorithm

sha256

PE Digest Matches

false

f6:03:ca:34:d5:3b:4c:fa:f1:b5:bf:28:28:d7:c2:2f:c8:c3:af:6a
Signer

Actual PE Digest

f6:03:ca:34:d5:3b:4c:fa:f1:b5:bf:28:28:d7:c2:2f:c8:c3:af:6a

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

adapt_for_imports

?AddCrashReportHelperFile@CrashReportLoader@crash_report@@QAEHPB_W00K@Z
?Uninit@CrashReportLoader@crash_report@@QAEXXZ
?Instance@CrashReportLoader@crash_report@@SAAAV12@XZ
?Init@CrashReportLoader@crash_report@@QAEXPB_W_K1HP6GHPAUtagCrashReportHelperCallbackInfo@@@Z0@Z

lua51

lua_type
lua_settop
lua_gettop
lua_pcall
lua_getfield
lua_pushstring
lua_tolstring

common

?reg_service@@YAXPBDV?$function@$$A6AXV?$shared_ptr@Umsg_base@@@std@@@Z@std@@PAX@Z
?reg_service@@YAXPBDV?$function@$$A6AXPBDAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@PAX@Z
?send_msg@@YAXPBDV?$shared_ptr@Umsg_base@@@std@@@Z
?post_msg@@YAXPBDV?$shared_ptr@Umsg_base@@@std@@@Z
?get_comp_mgr_instance@common@ierd_tgp@@YAAAVComponent_mgr@12@XZ
?find_component@Component_mgr@common@ierd_tgp@@QAE?AV?$weak_ptr@UIComponent@common@ierd_tgp@@@std@@ABVcomponent_interface_type@23@@Z
?file_size@filesystem@ierd_tgp@@YA_KABVpath@12@@Z
?exists@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z
?from_json@jsonbind@@YAHPAXABVValue@Json@@@Z
??1ShareMemory@Memory@ierd_tgp@@QAE@XZ
??$json_value_to_obj@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@@YAHABVValue@Json@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??$json_value_to_obj@Vjsonb_bool@@@@YAHABVValue@Json@@AAVjsonb_bool@@@Z
??$json_value_to_obj@Vjsonb_uint64@@@@YAHABVValue@Json@@AAVjsonb_uint64@@@Z
??$json_value_to_obj@Vjsonb_int64@@@@YAHABVValue@Json@@AAVjsonb_int64@@@Z
??$json_value_to_obj@Vjsonb_int@@@@YAHABVValue@Json@@AAVjsonb_int@@@Z
??$obj_to_json_value@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@@YAHAAVValue@Json@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??$obj_to_json_value@Vjsonb_uint64@@@@YAHAAVValue@Json@@AAVjsonb_uint64@@@Z
??$obj_to_json_value@Vjsonb_int64@@@@YAHAAVValue@Json@@AAVjsonb_int64@@@Z
??$obj_to_json_value@Vjsonb_bool@@@@YAHAAVValue@Json@@AAVjsonb_bool@@@Z
??$obj_to_json_value@Vjsonb_int@@@@YAHAAVValue@Json@@AAVjsonb_int@@@Z
?MD5FileSafe@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@@Z
?appdata_project_folder@File_info@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ
?get_log_instance@base@@YAPAVILogger@1@XZ
?u16to8@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?u8to16@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?get_cpu_name@Sys_wrapper@common@ierd_tgp@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?directory_iterator_increment@detail@filesystem@ierd_tgp@@YAXAAVdirectory_iterator@23@PAVerror_code@std@@@Z
?directory_iterator_construct@detail@filesystem@ierd_tgp@@YAXAAVdirectory_iterator@23@ABVpath@23@PAVerror_code@std@@@Z
?dir_itr_close@detail@filesystem@ierd_tgp@@YAXAAPAX@Z
?extension@path@filesystem@ierd_tgp@@QBE?AV123@XZ
?filename@path@filesystem@ierd_tgp@@QBE?AV123@XZ
?open@Shared_mem_obj@common@ierd_tgp@@QAEPAXW4mode_t@interprocess@boost@@_N@Z
?StartThread@CThread@@QAEHPAXH@Z
??1CThread@@UAE@XZ
??0CThread@@QAE@XZ
?get_hdd_name@Sys_wrapper@common@ierd_tgp@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Create@ShareMemory@Memory@ierd_tgp@@QAEHH@Z
?GetBuffer@ShareMemory@Memory@ierd_tgp@@QBEPAEXZ
?set_same_client_type_multi_instance@util_multi_instance@ierd_tgp@@YAX_N@Z
?get_coexist_name@util_multi_instance@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBD@Z
?get_process_count@util_multi_instance@ierd_tgp@@YAHPBD@Z
?IsSubWegameProcess@util_multi_instance@ierd_tgp@@YA_NXZ
?GetWegameProcessCount@util_multi_instance@ierd_tgp@@YAHXZ
?get_client_id@util_client_info@ierd_tgp@@YAHXZ
?GetUpdatedFilePath@silence_update@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W0@Z
?is_certificate_open@util_curl_certificate@ierd_tgp@@YA_NXZ
?get_cert_pwd@util_curl_certificate@ierd_tgp@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?export_crt_file@util_curl_certificate@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@000@Z
??0WndMsgReceiver@Tenio@@QAE@XZ
??1WndMsgReceiver@Tenio@@QAE@XZ
?Init@WndMsgReceiver@Tenio@@QAE_NPBD@Z
?Uninit@WndMsgReceiver@Tenio@@QAE_NXZ
?CreateWnd@WndMsgReceiver2@Tenio@@UAEPAUHWND__@@PBD@Z
?unreg_all_msg_handler@@YAXPAX@Z
?get_ie_version@Sys_wrapper@common@ierd_tgp@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?unreg_all_service@@YAXPAX@Z
??0Shared_mem_obj@common@ierd_tgp@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I0_N@Z
?name@Shared_mem_obj@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?size@Shared_mem_obj@common@ierd_tgp@@QAEIXZ
?get_workingdir_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?instance@Application@common@ierd_tgp@@SAPAV123@XZ
?MD5String@@YAPADPAD@Z
?MD5Buffer@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PADI@Z
?GetTpfUiVfsPath@silence_update@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?IsXpOs@Sys_wrapper@common@ierd_tgp@@SA_NXZ
?is_shared_mem_exist@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??_0path@filesystem@ierd_tgp@@QAEAAV012@ABV012@@Z
??_0path@filesystem@ierd_tgp@@QAEAAV012@PB_W@Z
?remove_filename@path@filesystem@ierd_tgp@@QAEAAV123@XZ
?parent_path@path@filesystem@ierd_tgp@@QBE?AV123@XZ
?exists@filesystem@ierd_tgp@@YA_NABVpath@12@@Z
?is_regular_file@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z
?copy_file@filesystem@ierd_tgp@@YAXABVpath@12@0W4copy_option@12@AAVerror_code@std@@@Z
?to_string@version_t@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
??0Application@common@ierd_tgp@@QAE@HQAPAD_NKK1ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1Application@common@ierd_tgp@@UAE@XZ
?get_session_id@Application@common@ierd_tgp@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_machine_id@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?set_machine_guid_async@Application@common@ierd_tgp@@SAXXZ
?GetAutoRunRegKeyW@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?IsStartFromUrlProtocol@Sys_wrapper@common@ierd_tgp@@SA_NXZ
?get_exe_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_exe_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ
?get_workingdir_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@XZ
?get_app_sub_path@Application@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V45@@Z
?get_app_sub_path_ex@Application@common@ierd_tgp@@SA?AVpath@filesystem@3@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_app_path@Application@common@ierd_tgp@@QAE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?exit_app@Application@common@ierd_tgp@@QAEXH@Z
?process@Application@common@ierd_tgp@@QAEXXZ
?TaskBarPin@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_N@Z
?get_ret@Application@common@ierd_tgp@@QBEHXZ
?PushAsyncTask@common@ierd_tgp@@YAXV?$function@$$A6AXXZ@std@@K@Z
?MainThreadTaskUpdate@common@ierd_tgp@@YAXXZ
?u16_to_loc@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z
?PrefetchImage@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ReadPrivateProfile@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@00AAV45@1@Z
?ReadPrivateProfile@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAHAAV45@@Z
?load_config@Component_mgr@common@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?init@Component_mgr@common@ierd_tgp@@QAE_NXZ
?inited@Component_mgr@common@ierd_tgp@@QAEXXZ
?uninitialize@Component_mgr@common@ierd_tgp@@QAEXXZ
?tick@Component_mgr@common@ierd_tgp@@QAEXN@Z
?enable_profile_on@common@ierd_tgp@@YAX_N@Z
?set_quick_login_uin@common@ierd_tgp@@YAXK@Z
?get_quick_login_uin@common@ierd_tgp@@YAKXZ
?enable_static_detail_log@common@ierd_tgp@@YAX_N@Z
?is_static_detail_log@common@ierd_tgp@@YA_NXZ
?enable_one_more_instance@common@ierd_tgp@@YAX_N@Z
?enable_offline_mode_on@common@ierd_tgp@@YAX_N@Z
?is_offline_mode_on@common@ierd_tgp@@YA_NXZ
?set_offline_login_account@common@ierd_tgp@@YAX_K@Z
?WritePrivateProfile@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@000@Z
?IsLaptop@Sys_wrapper@common@ierd_tgp@@SA_NXZ
?set_game_launcher_flag@common@ierd_tgp@@YAX_N@Z
?stamp_init@@YAXXZ
?close@Shared_mem_obj@common@ierd_tgp@@QAEXXZ
?stamp_point@@YAXPBD@Z
??1Shared_mem_obj@common@ierd_tgp@@QAE@XZ
?stamp_uninit@@YAXXZ
?set_game_launcher_msg@common@ierd_tgp@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_restart_after_update@common@ierd_tgp@@YAX_N@Z
?enable_app_session_end@common@ierd_tgp@@YAX_N@Z
?set_start_from_host@common@ierd_tgp@@YAX_N@Z
?get_cfg_by_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@_N@Z
?set_cfg_by_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@Z
?set_qos_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXK@Z
?set_ver@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABUversion_t@common@4@@Z
?set_machine_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_qm_report_guid@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_launcher_info@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_K@Z
?set_session_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_uid@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_channel_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABH@Z
?set_bind_game_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXAB_K@Z
?report@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NABUQos_data_base@234@W4Qos_occasion@234@@Z
?WaitForStop@Qos@qos@adapt_for_imports@ierd_tgp@@QAE_NI@Z
?SetStartForID@Qos@qos@adapt_for_imports@ierd_tgp@@QAEX_K@Z
?SetCurrentStage@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXW4ProcessStage@234@@Z
?GetCurrentStage@Qos@qos@adapt_for_imports@ierd_tgp@@QAE?AW4ProcessStage@234@XZ
?set_account_id@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?set_client_version_type@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXH@Z
?SetCrashInfo@Qos@qos@adapt_for_imports@ierd_tgp@@QAEXABUCrashInfo@234@@Z
?SetIsMultiInstance@Qos@qos@adapt_for_imports@ierd_tgp@@QAEX_N@Z
?get_qos_instance@qos@adapt_for_imports@ierd_tgp@@YAAAVQos@123@XZ
?save_proxy_settings@client_helper@net@ierd_tgp@@YAXPBD@Z
?sync_proxy_settings@client_helper@net@ierd_tgp@@YAXXZ
?get_client_version_type@overseas@ierd_tgp@@YAHXZ
?extract_path@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z
?extract_name@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAV34@@Z
?file_exists@common@ierd_tgp@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?scale_path2absolute_path@common@ierd_tgp@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@@Z
?GetLastLoginedUin@common@ierd_tgp@@YA_KXZ
?GetLastLoginedWegameId@common@ierd_tgp@@YAIXZ
?open_web@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0AAV45@@Z
?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAV45@@Z
?extract_op_from_cmd@Sys_wrapper@common@ierd_tgp@@SA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PAH@Z
?get_system_name@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_system_hardware@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?get_system_all_build_version@Sys_wrapper@common@ierd_tgp@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?StopThread@CThread@@QAEXXZ
?get_graphic_card_name@Sys_wrapper@common@ierd_tgp@@SAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?remove@filesystem@ierd_tgp@@YA_NABVpath@12@AAVerror_code@std@@@Z
??0ShareMemory@Memory@ierd_tgp@@QAE@PB_WK@Z
?to_json@jsonbind@@YAHPAXAAVValue@Json@@@Z

psapi

GetModuleFileNameExW

shlwapi

PathFileExistsA
PathFindFileNameW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW

kernel32

InitializeSListHead
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
ResetEvent
CreateEventW
InitializeCriticalSection
CreateThread
GetFileAttributesExW
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
SetFileAttributesW
SetEndOfFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Process32Next
Process32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
MoveFileW
FindNextFileW
FindFirstFileW
RemoveDirectoryW
GetTempPathW
GetPrivateProfileIntW
OutputDebugStringA
SetEnvironmentVariableW
GetEnvironmentVariableW
QueryPerformanceCounter
GetCommandLineA
CreateProcessW
CreateFileMappingW
OpenEventA
CreateEventA
CreateMutexA
UnmapViewOfFile
MapViewOfFile
GetTickCount
FindClose
Sleep
WaitForSingleObject
SetEvent
SetLastError
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcess
LocalFree
FreeLibrary
WideCharToMultiByte
GetFileAttributesW
CreateDirectoryW
OutputDebugStringW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetFileSize
GetLongPathNameW
GetProcAddress
GetSystemInfo
DeleteFileW
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetLocalTime
CloseHandle
ReadFile
WriteFile
GetLastError
GetCurrentThreadId
GetSystemTimeAsFileTime
FormatMessageA
GetCommandLineW
QueryPerformanceFrequency

user32

MessageBoxA
SetCursor
ClipCursor
FindWindowA
FindWindowW
PostMessageA
SendMessageA
DefWindowProcA
IsWindow

shell32

SHCreateDirectoryExW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

msvcp140

?bad@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?eof@ios_base@std@@QBE_NXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@_W@std@@QBED_WD@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
_Wcsxfrm
_Wcscoll
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?unsetf@ios_base@std@@QAEXH@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?precision@ios_base@std@@QAE_J_J@Z
?flags@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?exceptions@ios_base@std@@QAEXH@Z
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?narrow@?$ctype@D@std@@QBEDDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??Bid@locale@std@@QAEIXZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Winerror_message@std@@YAKKPADK@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Xlength_error@std@@YAXPBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
_Open_dir
_Read_dir
_Close_dir
_To_byte
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$collate@_W@std@@2V0locale@2@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setf@ios_base@std@@QAEHH@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

vcruntime140

_except_handler4_common
memmove
memcpy
_purecall
strrchr
__std_terminate
__std_type_info_name
strchr
memchr
__RTDynamicCast
__std_type_info_compare
__std_exception_destroy
__std_exception_copy
wcsrchr
wcschr
memcmp
__CxxFrameHandler3
_CxxThrowException
memset

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm_e
_set_app_type
_seh_filter_exe
exit
_cexit
_exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__p___argv
_c_exit
_initterm
_errno
strerror
_invalid_parameter_noinfo
_crt_atexit
_invalid_parameter_noinfo_noreturn
__p___argc
terminate
_controlfp_s
_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

__p__commode
fwrite
ftell
__stdio_common_vsprintf
ferror
__acrt_iob_func
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
__stdio_common_vswprintf_s
__stdio_common_vfwprintf
fseek
fopen_s
_ftelli64
__stdio_common_vsscanf
_set_fmode
fputc
fopen
__stdio_common_vsnwprintf_s
_get_stream_buffer_pointers
fclose
fflush
fgetc
fgetpos
__stdio_common_vsprintf_s
ungetc
setvbuf
_fseeki64
fsetpos
fread

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcscmp
wcslen
wcsncpy
strncpy
wcscpy_s
wcscat_s
wcsncat_s
strlen
strcmp
_wcsicmp
_stricmp
isprint
_wcsnicmp
strncpy_s
strcpy_s
strpbrk
towlower

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
_set_new_mode
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_wmkdir
_wremove
_wrmdir
_waccess
_unlock_file
_lock_file
_wsplitpath_s

api-ms-win-crt-convert-l1-1-0

strtoul
_wtoi

api-ms-win-crt-math-l1-1-0

_ldtest
_dsign
_dtest
_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-environment-l1-1-0

_wgetcwd

api-ms-win-crt-time-l1-1-0

_time64

Sections

.text
Size: 490KB - Virtual size: 490KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

145372ce23dd7ca310944a49f57aed43

Code Sign

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

c6:34:3d:59:18:fc:a8:ed:9d:94:81:d2:ab:4a:f5:68:da:e3:46:8f:8a:3e:21:87:aa:de:61:56:e5:43:79:9dSigner

f6:03:ca:34:d5:3b:4c:fa:f1:b5:bf:28:28:d7:c2:2f:c8:c3:af:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

adapt_for_imports

lua51

common

psapi

shlwapi

kernel32

user32

shell32

ole32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 490KB - Virtual size: 490KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 15KB - Virtual size: 33KB

.rsrc Size: 754KB - Virtual size: 754KB

0e:33:12:30:52:5a:25:a7:f8:10:e5:34:88:b0:aa:40
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0e:a7:f6:86:bc:40:35:4a:70:f2:c2:97:c1:31:5e:f6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

c6:34:3d:59:18:fc:a8:ed:9d:94:81:d2:ab:4a:f5:68:da:e3:46:8f:8a:3e:21:87:aa:de:61:56:e5:43:79:9d
Signer

f6:03:ca:34:d5:3b:4c:fa:f1:b5:bf:28:28:d7:c2:2f:c8:c3:af:6a
Signer

.text
Size: 490KB - Virtual size: 490KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 15KB - Virtual size: 33KB

.rsrc
Size: 754KB - Virtual size: 754KB