bygone[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bygone.exe
Size

4.5MB
MD5

f0d467b96c5ca87f0000e130ca57d219
SHA1

74ffbb41e05668ff51336fdab47b9ca5a5b8906b
SHA256

101eeee44821cfe07457b1d2c88dfee372f1f8e07f43be7280062372d7d5bd6e
SHA512

4bc65a2d1a793cba13ce6662f7018aa2f61db72206b2677881e4afd05ac71ce2c6786b8a58663916d5f8e84575c292a8b0bd13af8efe691c456f9a1310463a3a
SSDEEP

49152:gGNvym7cUG11lOfI5T8O5VVfgde04VMZxHSnNXsUmnK+g4gkYiVmwRGugTpTM1C2:zkO0V5XeGMZxO6nW7emTTpTMkZN1aeiL

Score

1^/10

Malware Config

Signatures

Files

bygone.exe
.exe windows:6 windows x64 arch:x64

e05fd5ecbf962d49ce6567c848544d19

Code Sign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3d
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/12/2019, 00:00

Not After

07/12/2022, 12:00

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US,1.2.840.113549.1.9.1=#0c126e6f7265706c7940766d776172652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:c6:f2:b2:76:a1:46:a0:7d:0e:6d:93:57:b5:e1:08
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

10/08/2021, 00:00

Not After

10/08/2023, 23:59

Subject

CN=VMware\, Inc.,O=VMware\, Inc.,L=Palo Alto,ST=California,C=US,1.2.840.113549.1.9.1=#0c126e6f7265706c7940766d776172652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:94:d0:6d:ba:4e:8b:67:cb:9b:9f:39:7d:2b:06:7b:99:7c:95:b2:58:d7:e2:30:14:b2:8d:91:0e:00:0b:ec
Signer

Actual PE Digest

d2:94:d0:6d:ba:4e:8b:67:cb:9b:9f:39:7d:2b:06:7b:99:7c:95:b2:58:d7:e2:30:14:b2:8d:91:0e:00:0b:ec

Digest Algorithm

sha256

PE Digest Matches

false

47:fe:4b:69:0e:3d:da:e3:5a:58:89:3e:45:66:2f:09:79:8b:02:f1
Signer

Actual PE Digest

47:fe:4b:69:0e:3d:da:e3:5a:58:89:3e:45:66:2f:09:79:8b:02:f1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
_callnewh
realloc
malloc

api-ms-win-crt-utility-l1-1-0

bsearch
qsort

api-ms-win-crt-stdio-l1-1-0

fputs
fread
__acrt_iob_func
_set_fmode
fopen
_fileno
ferror
fwrite
fclose
fflush
_wfopen
fgetc
getc
feof
rewind
fgets
__stdio_common_vfscanf
__stdio_common_vsprintf
__p__commode
__stdio_common_vsscanf
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

strcmp
wcscspn
isalnum
wcsspn
_strupr
towupper
isspace
_stricmp
islower
strncat
_strnicmp
strtok_s
wcsncpy_s
wcsncmp
_strlwr
strncpy
strcspn
strncmp
isdigit
_strdup
tolower

api-ms-win-crt-runtime-l1-1-0

abort
_invalid_parameter_noinfo_noreturn
_getpid
__p___argc
strerror
__p___wargv
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_errno
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
_exit
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
exit

api-ms-win-crt-math-l1-1-0

_fdclass
ceilf
sqrtf
floorf
cosf
roundf
truncf
__setusermatherr
_dclass
powf
_isnan
frexp
_finite
ceil
floor
sin
modf
pow

api-ms-win-crt-convert-l1-1-0

strtoul
wcstombs_s
wcrtomb
atof
strtol
_strtoui64
_fcvt_s
strtod
_ecvt_s

api-ms-win-crt-environment-l1-1-0

getenv
_wgetenv

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_fstat64i32
remove

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

vcruntime140

memmove
memset
memcmp
strchr
memchr
strstr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__C_specific_handler
strrchr
memcpy
wcschr
wcsrchr
__current_exception
__current_exception_context
__intrinsic_setjmp
longjmp

vcruntime140_1

__CxxFrameHandler4

zlib1

inflateValidate
inflate
deflateInit2_
deflateReset
deflate
deflateEnd
adler32
inflateReset
crc32
inflateInit2_
inflateEnd
inflateReset2

libssl-1_1-x64

SSL_CTX_set_options
SSL_CTX_set_cipher_list
SSL_set_alpn_protos
SSL_CTX_new
SSL_CTX_free
SSL_CTX_get_cert_store
SSL_CTX_set_cert_store
SSL_want
OPENSSL_init_ssl
SSL_get_ex_data_X509_STORE_CTX_idx
SSL_get_ex_data
SSL_CTX_set_quiet_shutdown
SSL_set_accept_state
SSL_set_connect_state
SSL_shutdown
TLS_method
SSL_get_error
SSL_CTX_ctrl
SSL_ctrl
SSL_write
SSL_read
SSL_connect
SSL_accept
SSL_CTX_use_PrivateKey
SSL_free
SSL_new
SSL_CTX_check_private_key
SSL_CTX_use_certificate
SSL_set_ex_data
SSL_CTX_use_certificate_file
SSL_CTX_use_PrivateKey_file
SSL_set_verify
SSL_set_fd
SSL_pending
SSL_CIPHER_get_name
SSL_CIPHER_get_bits
SSL_get_current_cipher

libcrypto-1_1-x64

X509_STORE_CTX_get_ex_data
d2i_X509
i2d_X509
X509_get_signature_nid
X509_STORE_CTX_get_error
X509_digest
X509_verify_cert_error_string
X509_get_version
X509_get_issuer_name
X509_STORE_add_cert
X509_STORE_CTX_get0_chain
X509_NAME_cmp
X509_get_ext_d2i
OPENSSL_sk_num
X509_get_subject_name
ENGINE_register_all_digests
OPENSSL_sk_value
ENGINE_register_all_ciphers
X509_check_ip_asc
X509_check_host
OPENSSL_sk_pop_free
OpenSSL_version_num
RAND_status
RAND_OpenSSL
CRYPTO_get_ex_new_index
RAND_get_rand_method
ERR_error_string_n
FIPS_mode
ERR_clear_error
ERR_peek_last_error
ERR_get_error
PEM_read_bio_PrivateKey
FIPS_mode_set
OPENSSL_init_crypto
BIO_new
BIO_free
BIO_write
BIO_ctrl
BIO_push
BIO_free_all
BIO_s_mem
PEM_read_bio_X509
X509_free
ASN1_OBJECT_free
OBJ_obj2nid
BIO_f_base64
X509_STORE_set_check_revocation
X509_STORE_free
X509_STORE_new
EVP_PKEY_free
EVP_get_digestbyname

ws2_32

WSACleanup
__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getsockname
getsockopt
listen
ntohs
send
recv
WSAStartup
WSAPoll
GetNameInfoW
FreeAddrInfoW
GetAddrInfoW
select
setsockopt
shutdown
socket
WSASetLastError
WSAGetLastError
WSAAddressToStringA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

kernel32

LoadLibraryW
GetStartupInfoW
InitializeSListHead
CreateEventW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetSystemFirmwareTable
GetSystemDefaultLangID
GetUserDefaultLangID
SetDllDirectoryW
TerminateProcess
CreateFileA
InitializeCriticalSection
ExitProcess
GetFileSizeEx
TerminateThread
ExitThread
CreateThread
ResetEvent
GetHandleInformation
DebugBreak
GetACP
GetVersionExA
CancelIo
GetFileAttributesW
GetSystemTimeAsFileTime
GetModuleHandleExW
LoadLibraryA
GetComputerNameExW
WaitNamedPipeW
CreateNamedPipeW
GetTempPathW
CreateFileMappingA
OutputDebugStringW
GetFileAttributesA
WideCharToMultiByte
GetDriveTypeA
Process32Next
Process32First
CreateToolhelp32Snapshot
VerifyVersionInfoW
VerifyVersionInfoA
GetProductInfo
GetNativeSystemInfo
VerSetConditionMask
FormatMessageW
LoadLibraryExW
GetModuleFileNameW
CreateSemaphoreW
GetFullPathNameW
GetTickCount64
GetSystemTime
GetTickCount
ReleaseSemaphore
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetDriveTypeW
MoveFileExW
RemoveDirectoryW
GetVolumeInformationW
GetFileTime
GetFileAttributesExW
FindFirstFileExW
DeleteFileW
CreateDirectoryW
FindNextFileW
FindClose
OpenProcess
GetProcessTimes
DuplicateHandle
SetFilePointerEx
IsBadReadPtr
VirtualQuery
VirtualFree
VirtualAlloc
GetSystemInfo
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
RaiseException
RtlCaptureContext
FormatMessageA
GetVersionExW
CreateFileW
GetOverlappedResult
ConnectNamedPipe
WriteFile
WaitForMultipleObjects
SetEvent
MultiByteToWideChar
IsDebuggerPresent
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryExA
CreateWaitableTimerExA
LocalFree
LocalAlloc
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetModuleHandleW
VirtualProtect
GetCurrentThreadId
SetWaitableTimer
WaitForSingleObject
SetLastError
DeviceIoControl
SetThreadPriority
GetCurrentThread
FreeLibrary
OutputDebugStringA
GetCurrentProcessId
GetProcAddress
CreateEventA
WaitForSingleObjectEx
SetProcessShutdownParameters
ReadFile
UnmapViewOfFile
MapViewOfFile
VirtualQueryEx
GetCurrentProcess
GetLastError
CloseHandle
Sleep

user32

WindowFromPoint
UnionRect
GetParent
GetWindow
CreateCursor
DestroyCursor
CreateIconIndirect
EnumDisplaySettingsExA
EnumDisplayDevicesA
CreateWindowExW
MessageBoxW
LoadCursorW
MsgWaitForMultipleObjectsEx
GetKeyboardState
SendNotifyMessageA
SetCursor
RegisterWindowMessageW
MsgWaitForMultipleObjects
mouse_event
keybd_event
GetAsyncKeyState
GetKeyState
GetMessageExtraInfo
PeekMessageA
SystemParametersInfoA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
ClientToScreen
GetCursorPos
SetCursorPos
GetSystemMetrics
RemovePropW
SetPropW
GetUpdateRect
EndPaint
BeginPaint
SetFocus
PostThreadMessageA
DispatchMessageA
EmptyClipboard
ShowWindow
ScreenToClient
GetForegroundWindow
TrackMouseEvent
SendInput
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
IsWindowVisible
DestroyWindow
IsChild
RegisterClassA
CallWindowProcA
DefWindowProcA
PostMessageA
SetWindowPos
GetDC
ReleaseDC
IsWindow
GetMessageA
AttachThreadInput

gdi32

DeleteObject
DeleteDC
CreateCompatibleDC
BitBlt
SelectObject
CreateDIBSection
CreateBitmap
SwapBuffers
SetPixelFormat
GetPixelFormat
DescribePixelFormat
ChoosePixelFormat

advapi32

AddAccessAllowedAceEx
OpenProcessToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
OpenThreadToken
AccessCheck
DuplicateToken
GetNamedSecurityInfoW
GetFileSecurityW
ImpersonateSelf
MapGenericMask
RevertToSelf
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
AddAccessAllowedAce
GetExplicitEntriesFromAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorControl
GetLengthSid
FreeSid
EqualSid
CheckTokenMembership
AllocateAndInitializeSid
RegCreateKeyExW
LookupAccountNameW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegCloseKey

ole32

CoCreateInstance
IIDFromString
PropVariantClear
CoTaskMemFree
CoInitialize
CoUninitialize
CoQueryProxyBlanket
CoSetProxyBlanket

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

shell32

SHGetFolderPathW

crypt32

CertOpenStore
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptAcquireCertificatePrivateKey
CryptExportPKCS8
CertCreateCertificateContext
CertAddEncodedCertificateToStore
CertGetCertificateChain
CertFreeCertificateChain

winmm

waveInStop
waveInAddBuffer
waveInUnprepareHeader
waveInPrepareHeader
waveInStart
waveInReset
waveInClose
waveInOpen
waveInGetErrorTextA
waveInGetDevCapsW
waveInGetNumDevs
waveOutReset
waveOutRestart
waveOutPause
timeBeginPeriod
timeEndPeriod
mixerGetNumDevs
mixerGetDevCapsA
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutGetErrorTextA
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite

wtsapi32

WTSRegisterSessionNotification

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 201KB - Virtual size: 9.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mstv
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msti
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e05fd5ecbf962d49ce6567c848544d19

Code Sign

61:1c:b2:8a:00:00:00:00:00:26Certificate

Key Usages

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3dCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:c6:f2:b2:76:a1:46:a0:7d:0e:6d:93:57:b5:e1:08Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

d2:94:d0:6d:ba:4e:8b:67:cb:9b:9f:39:7d:2b:06:7b:99:7c:95:b2:58:d7:e2:30:14:b2:8d:91:0e:00:0b:ecSigner

47:fe:4b:69:0e:3d:da:e3:5a:58:89:3e:45:66:2f:09:79:8b:02:f1Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

vcruntime140

vcruntime140_1

zlib1

libssl-1_1-x64

libcrypto-1_1-x64

ws2_32

setupapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shell32

crypt32

winmm

wtsapi32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 201KB - Virtual size: 9.8MB

.pdata Size: 124KB - Virtual size: 123KB

.mstv Size: 31KB - Virtual size: 30KB

.msti Size: 60KB - Virtual size: 59KB

61:1c:b2:8a:00:00:00:00:00:26
Certificate

09:0e:aa:29:4c:d4:ab:d9:eb:1c:c7:84:c9:24:24:3d
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:c6:f2:b2:76:a1:46:a0:7d:0e:6d:93:57:b5:e1:08
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

d2:94:d0:6d:ba:4e:8b:67:cb:9b:9f:39:7d:2b:06:7b:99:7c:95:b2:58:d7:e2:30:14:b2:8d:91:0e:00:0b:ec
Signer

47:fe:4b:69:0e:3d:da:e3:5a:58:89:3e:45:66:2f:09:79:8b:02:f1
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 201KB - Virtual size: 9.8MB

.pdata
Size: 124KB - Virtual size: 123KB

.mstv
Size: 31KB - Virtual size: 30KB

.msti
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 42KB - Virtual size: 41KB