OSU Cheat[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

OSU Cheat.zip
Size

14.5MB
MD5

0798373c6cbdc4962ee5ff8df59352de
SHA1

5ca7eb7e10dacf62a98887f544a1ce54f712f5ff
SHA256

2cf82cb72dfcbf58a6063cb33757b6cfb0182ee31e55efc37f2e8ac71ca4bcca
SHA512

09a3d47a8df7e760c703bb008c7758845331f37f61d939c02ed92c19613a6480cf96b13a33cfa95f4a1f63993c86831db91772973efe833ef54d02d723a41bab
SSDEEP

393216:AYP6Ua92ZENTqbvLLwUW9oWnbWlmu8AaUKuyoWH:lSDkqNTqbxoQ8Su

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/opengl32.dll

Files

OSU Cheat.zip
.zip

Password: 2023
Injecting.dll
.dll windows:6 windows x64 arch:x64

Password: 2023

489e398f49ceeda3418bb4d259205037

Code Sign

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

SERIALNUMBER=6543638,CN=Krisp Technologies\, Inc,O=Krisp Technologies\, Inc,L=Berkeley,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd
Signer

Actual PE Digest

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

InitializeSListHead
DebugBreak
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
GetStdHandle
WriteFile
IsDebuggerPresent
OutputDebugStringA
FormatMessageA
RaiseException
GetProcAddress
CloseHandle
SetEvent
ResetEvent
SetLastError
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
EncodePointer
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
SetFilePointerEx
GetFileSizeEx
GetStringTypeW
CreateFileW
HeapSize
HeapReAlloc
WriteConsoleW

Exports

Exports

??0AEC@krips_aec@@QEAA@AEBV01@@Z
??0AEC@krips_aec@@QEAA@XZ
??1AEC@krips_aec@@UEAA@XZ
??4AEC@krips_aec@@QEAAAEAV01@AEBV01@@Z
??_7AEC@krips_aec@@6B@
?create@AEC@krips_aec@@SAPEAV12@AEBUConfig@12@@Z
?create@AEC@krips_aec@@SAPEAV12@XZ
?kChunkSizeMs@AEC@krips_aec@@2HB

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Instаller.exe
.exe windows:5 windows x86 arch:x86

Password: 2023

b6f30f5e7d47b4dde1cbc2055bdcbcdd

Code Sign

64:34:69:60:ad:81:bd:cb:83:a8:a3:c6:76:0f:4d:47
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

19/12/2022, 00:00

Not After

18/12/2025, 23:59

Subject

CN=EnterpriseDB Corporation,O=EnterpriseDB Corporation,ST=Massachusetts,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:6f:0f:60:3f:7d:30:c1:4d:e2:cd:c6:ac:9c:52:34:f5:ef:9f:df:ee:81:cb:8c:89:fe:15:aa:6e:36:79:c2
Signer

Actual PE Digest

b4:6f:0f:60:3f:7d:30:c1:4d:e2:cd:c6:ac:9c:52:34:f5:ef:9f:df:ee:81:cb:8c:89:fe:15:aa:6e:36:79:c2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
Sleep
CreateThread
lstrlenW
VirtualProtect
GetProcAddress
LoadLibraryA
VirtualAlloc
GetModuleHandleA
FreeConsole
RtlUnwind
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
HeapAlloc
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.bss
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.qctu
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
VersionStable.dll
.dll windows:5 windows x64 arch:x64

Password: 2023

dc9fbafd0b96c0a640df70f088bfd2b0

Code Sign

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:a4:ca:6d:58:de:c5:0e:e0:41:d9:32:8f:62:f5:2a:0b:c9:f5:56:80:3e:5d:8d:0c:49:97:4c:24:c9:8a:22
Signer

Actual PE Digest

05:a4:ca:6d:58:de:c5:0e:e0:41:d9:32:8f:62:f5:2a:0b:c9:f5:56:80:3e:5d:8d:0c:49:97:4c:24:c9:8a:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libEGL.dll
.dll windows:6 windows x86 arch:x86

Password: 2023

a44c6eed545a636cf24d9bf63188ef0c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:d7:d0:4b:42:84:68:84:7f:bb:6a:50:d3:70:6d:1c
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/06/2021, 00:00

Not After

06/06/2022, 23:59

Subject

SERIALNUMBER=HBA 722586,CN=Avira Operations GmbH & Co. KG,OU=Engineering Services,O=Avira Operations GmbH & Co. KG,L=Tettnang,ST=Baden-Württemberg,C=DE,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#0c12426164656e2d57c3bc727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

38:63:de:f8
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

24/12/1999, 17:50

Not After

24/07/2029, 14:15

Subject

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

Issuer

CN=Entrust.net Certification Authority (2048),OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)+OU=(c) 1999 Entrust.net Limited,O=Entrust.net

Not Before

22/07/2015, 19:02

Not After

22/06/2029, 19:32

Subject

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

Issuer

CN=Entrust Timestamping CA - TS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

22/07/2020, 15:33

Not After

29/12/2030, 16:29

Subject

CN=Entrust Timestamp Authority - TSA1,O=Entrust\, Inc.,L=Ottawa,ST=Ontario,C=CA

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84
Signer

Actual PE Digest

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW

kernel32

ReadFile
WriteFile
CloseHandle
CreateFileW
PeekNamedPipe
Sleep
GetSystemTime
FlushFileBuffers
HeapSize
GetLastError
SetUnhandledExceptionFilter
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetCPInfo
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileType
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEndOfFile
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetTimeZoneInformation
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW

crypt32

CryptProtectData
CryptUnprotectData

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

Exports

Exports

AMSWSC_authenticate
AMSWSC_notify_expiration
AMSWSC_prepare_uninstall
AMSWSC_register_remediation
AMSWSC_set_log_callback
AMSWSC_shutdown_protected_service
AMSWSC_unregister_remediation
AMSWSC_update_protection_update_substatus
AMSWSC_update_scan_substatus
AMSWSC_update_settings_substatus
AMSWSC_update_status

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libgcc_s_dw2-1.dll
.dll windows:6 windows x86 arch:x86

Password: 2023

72e2cd9e129b18aa647a30bd6ed95591

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

11/07/2018, 11:33

Not After

11/07/2021, 11:33

Subject

SERIALNUMBER=HRA 722586,CN=Avira Operations GmbH & Co. KG,OU=Cloud\, Services and Infrastructure,O=Avira Operations GmbH & Co. KG,STREET=Kaplaneiweg 1,L=Tettnang,ST=Baden-Wuerttemberg,C=DE,1.2.840.113549.1.9.1=#0c0c63614061766972612e636f6d,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#1312426164656e2d577565727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for Standard - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:4c:b7:e1:ed:ee:0d:dc:8d:0b:ae:1f:fa:51:6b:56:0e:0d:52:05:ce:94:ae:bb:43:7d:df:bc:60:ec:0c:7b
Signer

Actual PE Digest

22:4c:b7:e1:ed:ee:0d:dc:8d:0b:ae:1f:fa:51:6b:56:0e:0d:52:05:ce:94:ae:bb:43:7d:df:bc:60:ec:0c:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetProcessWorkingSetSize
VerifyVersionInfoW
DeleteFileW
GetFileSize
SetFileAttributesW
WriteFile
CreateIoCompletionPort
PostQueuedCompletionStatus
GetFileSizeEx
ReadFile
SetFilePointerEx
QueryPerformanceCounter
GetQueuedCompletionStatus
LoadLibraryW
ResetEvent
GetCurrentThread
GetCurrentThreadId
SetThreadPriority
TerminateThread
GetTickCount
VirtualQuery
MapViewOfFile
UnmapViewOfFile
WriteConsoleW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemInfo
OpenProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
QueryPerformanceFrequency
SetErrorMode
VerSetConditionMask
GetModuleFileNameW
CreateEventW
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetOverlappedResult
DeviceIoControl
CreateFileW
SetLastError
GetLastError
CloseHandle
SetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
MoveFileExW
HeapValidate
GetConsoleMode
GetFileType
ExitProcess
HeapFree
HeapAlloc
GetStdHandle
LCMapStringW
MultiByteToWideChar
GetProcessHeap
SetStdHandle
GetConsoleOutputCP
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
HeapSize
DecodePointer

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
SetServiceStatus
TraceMessage
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

AVGDLL01
AVGDLL02
AVGDLL03
AVGDLL04
AVGDLL05
AVGDLL06
AVGDLL07
AVGDLL08
AVGDLL09
AVGDLL10
AVGDLL11
AVGDLL12
AVGDLL13
AVGDLL14
AVGDLL15

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nssckbi.dll
.dll windows:4 windows x86 arch:x86

Password: 2023

dae02f32a21e03ce65412f6e56942daa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:3c:cb:57:aa:74:c1:df:f4:3a:25:61:2f:16:51:38:81:c3:e6:96:68:da:73:5d:4c:6d:d7:45:ee:c3:72:a7
Signer

Actual PE Digest

4b:3c:cb:57:aa:74:c1:df:f4:3a:25:61:2f:16:51:38:81:c3:e6:96:68:da:73:5d:4c:6d:d7:45:ee:c3:72:a7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
opengl32.dll
.dll windows:6 windows x64 arch:x64

Password: 2023

953a1d49fc9a274cd623a8ac0359ac89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shell32

SHGetKnownFolderPath
SHFileOperationW

advapi32

RegGetValueW
RegOpenKeyExA
RegCloseKey
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom

ole32

CoTaskMemFree

gdi32

SetPixelFormat
StretchDIBits
DescribePixelFormat
GetPixelFormat
GetGlyphOutlineA

user32

GetDC
ReleaseDC
GetWindowRect
CallNextHookEx
ClientToScreen
WindowFromDC
GetClientRect
SetWindowsHookExA
UnhookWindowsHookEx
AdjustWindowRectEx
LoadCursorA
DestroyWindow
EnumDisplaySettingsA
LoadIconA
CreateWindowExA
DefWindowProcA
RegisterClassA

kernel32

RtlUnwind
GetNumaHighestNodeNumber
GetConsoleMode
RtlCaptureStackBackTrace
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
SetProcessAffinityMask
GetVersionExW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
Thread32Next
Thread32First
GetCurrentThreadId
CreateToolhelp32Snapshot
TlsAlloc
CloseHandle
GetCurrentProcessId
TlsGetValue
TlsFree
SetLastError
OutputDebugStringA
SwitchToThread
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetExitCodeThread
GetCurrentProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetProcessTimes
VirtualFree
VirtualAlloc
SetErrorMode
GlobalMemoryStatusEx
GetConsoleWindow
IsDebuggerPresent
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
WriteConsoleW
RaiseException
TryEnterCriticalSection
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExA
GetDriveTypeW
GetFileAttributesW
GetFileInformationByHandle
GetFinalPathNameByHandleW
GetVolumePathNameW
SetFileAttributesW
SetFileInformationByHandle
SetFileTime
DuplicateHandle
GetLastError
GetSystemTime
VirtualQuery
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
MoveFileExW
CreateHardLinkW
SystemTimeToFileTime
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryW
K32EnumProcessModulesEx
FlushInstructionCache
VirtualProtect
GetStdHandle
GetCommandLineW
FindFirstFileW
GetLongPathNameW
GetNativeSystemInfo
GetModuleHandleW
DeleteTimerQueueTimer
SetConsoleMode
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
RtlCaptureContext
ExpandEnvironmentStringsW
SetUnhandledExceptionFilter
GetCurrentThread
SetConsoleCtrlHandler
SearchPathW
TerminateProcess
GetExitCodeProcess
CreateProcessW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
LocalFree
FormatMessageA
ChangeTimerQueueTimer
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
InitializeSListHead
GetStartupInfoW
FormatMessageW
RtlPcToFileHeader
EncodePointer
DecodePointer
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwindEx
LoadLibraryExW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
SetStdHandle
SetFilePointerEx
SetEndOfFile
HeapValidate
HeapWalk
WriteFile
GetConsoleCP
ReadFile
ReadConsoleW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileSizeEx
GetProcessHeap
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
GetProcessAffinityMask

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
glAccum
glActiveShaderProgram
glActiveTexture
glActiveTextureARB
glAlphaFunc
glAlphaFuncx
glAreTexturesResident
glAreTexturesResidentEXT
glArrayElement
glArrayElementEXT
glAttachObjectARB
glAttachShader
glBegin
glBeginConditionalRender
glBeginConditionalRenderNV
glBeginQuery
glBeginQueryARB
glBeginQueryIndexed
glBeginTransformFeedback
glBindAttribLocation
glBindAttribLocationARB
glBindBuffer
glBindBufferARB
glBindBufferBase
glBindBufferRange
glBindBuffersBase
glBindBuffersRange
glBindFragDataLocation
glBindFragDataLocationEXT
glBindFragDataLocationIndexed
glBindFramebuffer
glBindFramebufferEXT
glBindImageTexture
glBindImageTextures
glBindProgramARB
glBindProgramPipeline
glBindRenderbuffer
glBindRenderbufferEXT
glBindSampler
glBindSamplers
glBindTexture
glBindTextureEXT
glBindTextures
glBindTransformFeedback
glBindVertexArray
glBindVertexBuffer
glBindVertexBuffers
glBitmap
glBlendBarrier
glBlendColor
glBlendColorEXT
glBlendEquation
glBlendEquationEXT
glBlendEquationSeparate
glBlendEquationSeparatei
glBlendEquationSeparateiARB
glBlendEquationi
glBlendEquationiARB
glBlendFunc
glBlendFuncSeparate
glBlendFuncSeparateEXT
glBlendFuncSeparatei
glBlendFuncSeparateiARB
glBlendFunci
glBlendFunciARB
glBlitFramebuffer
glBufferData
glBufferDataARB
glBufferStorage
glBufferSubData
glBufferSubDataARB
glCallList
glCallLists
glCheckFramebufferStatus
glCheckFramebufferStatusEXT
glClampColor
glClampColorARB
glClear
glClearAccum
glClearBufferData
glClearBufferSubData
glClearBufferfi
glClearBufferfv
glClearBufferiv
glClearBufferuiv
glClearColor
glClearColorIiEXT
glClearColorIuiEXT
glClearColorx
glClearDepth
glClearDepthf
glClearDepthx
glClearIndex
glClearStencil
glClearTexImage
glClearTexSubImage
glClientActiveTexture
glClientActiveTextureARB
glClientWaitSync
glClipPlane
glClipPlanef
glClipPlanex
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColor4x
glColorMask
glColorMaskIndexedEXT
glColorMaski
glColorMaterial
glColorP3ui
glColorP3uiv
glColorP4ui
glColorP4uiv
glColorPointer
glColorPointerEXT
glColorSubTable
glColorTable
glColorTableParameterfv
glColorTableParameteriv
glCompileShader
glCompileShaderARB
glCompressedTexImage1D
glCompressedTexImage1DARB
glCompressedTexImage2D
glCompressedTexImage2DARB
glCompressedTexImage3D
glCompressedTexImage3DARB
glCompressedTexSubImage1D
glCompressedTexSubImage1DARB
glCompressedTexSubImage2D
glCompressedTexSubImage2DARB
glCompressedTexSubImage3D
glCompressedTexSubImage3DARB
glConvolutionFilter1D
glConvolutionFilter2D
glConvolutionParameterf
glConvolutionParameterfv
glConvolutionParameteri
glConvolutionParameteriv
glCopyBufferSubData
glCopyColorSubTable
glCopyColorTable
glCopyConvolutionFilter1D
glCopyConvolutionFilter2D
glCopyImageSubData
glCopyPixels
glCopyTexImage1D
glCopyTexImage2D
glCopyTexSubImage1D
glCopyTexSubImage2D
glCopyTexSubImage3D
glCopyTexSubImage3DEXT
glCreateProgram
glCreateProgramObjectARB
glCreateShader
glCreateShaderObjectARB
glCreateShaderProgramv
glCullFace
glDebugMessageCallback
glDebugMessageCallbackARB
glDebugMessageControl
glDebugMessageControlARB
glDebugMessageInsert
glDebugMessageInsertARB
glDeleteBuffers
glDeleteBuffersARB
glDeleteFramebuffers
glDeleteFramebuffersEXT
glDeleteLists
glDeleteObjectARB
glDeleteProgram
glDeleteProgramPipelines
glDeleteProgramsARB
glDeleteQueries
glDeleteQueriesARB
glDeleteRenderbuffers
glDeleteRenderbuffersEXT
glDeleteSamplers
glDeleteShader
glDeleteSync
glDeleteTextures
glDeleteTexturesEXT
glDeleteTransformFeedbacks
glDeleteVertexArrays
glDepthFunc
glDepthMask
glDepthRange
glDepthRangeArrayv
glDepthRangeIndexed
glDepthRangef
glDepthRangex
glDetachObjectARB
glDetachShader
glDisable
glDisableClientState
glDisableIndexedEXT
glDisableVertexAttribArray
glDisableVertexAttribArrayARB
glDisablei
glDispatchCompute
glDispatchComputeIndirect
glDrawArrays
glDrawArraysEXT
glDrawArraysIndirect
glDrawArraysInstanced
glDrawArraysInstancedARB
glDrawArraysInstancedBaseInstance
glDrawArraysInstancedEXT
glDrawBuffer
glDrawBuffers
glDrawBuffersARB
glDrawBuffersATI
glDrawElements
glDrawElementsBaseVertex
glDrawElementsIndirect
glDrawElementsInstanced
glDrawElementsInstancedARB
glDrawElementsInstancedBaseInstance
glDrawElementsInstancedBaseVertex
glDrawElementsInstancedBaseVertexBaseInstance
glDrawElementsInstancedEXT
glDrawPixels
glDrawRangeElements
glDrawRangeElementsBaseVertex
glDrawRangeElementsEXT
glDrawTransformFeedback
glDrawTransformFeedbackInstanced
glDrawTransformFeedbackStream
glDrawTransformFeedbackStreamInstanced
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagPointerEXT
glEdgeFlagv
glEnable
glEnableClientState
glEnableIndexedEXT
glEnableVertexAttribArray
glEnableVertexAttribArrayARB
glEnablei
glEnd
glEndConditionalRender
glEndConditionalRenderNV
glEndList
glEndQuery
glEndQueryARB
glEndQueryIndexed
glEndTransformFeedback
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glFeedbackBuffer
glFenceSync
glFinish
glFlush
glFlushMappedBufferRange
glFogCoordPointer
glFogCoordPointerEXT
glFogCoordd
glFogCoorddEXT
glFogCoorddv
glFogCoorddvEXT
glFogCoordf
glFogCoordfEXT
glFogCoordfv
glFogCoordfvEXT
glFogf
glFogfv
glFogi
glFogiv
glFogx
glFogxv
glFramebufferParameteri
glFramebufferRenderbuffer
glFramebufferRenderbufferEXT
glFramebufferTexture
glFramebufferTexture1D
glFramebufferTexture1DEXT
glFramebufferTexture2D
glFramebufferTexture2DEXT
glFramebufferTexture3D
glFramebufferTexture3DEXT
glFramebufferTextureLayer
glFramebufferTextureLayerEXT
glFrontFace
glFrustum
glFrustumf
glFrustumx
glGenBuffers
glGenBuffersARB
glGenFramebuffers
glGenFramebuffersEXT
glGenLists
glGenProgramPipelines
glGenProgramsARB
glGenQueries
glGenQueriesARB
glGenRenderbuffers
glGenRenderbuffersEXT
glGenSamplers
glGenTextures
glGenTexturesEXT
glGenTransformFeedbacks
glGenVertexArrays
glGenerateMipmap
glGenerateMipmapEXT
glGetActiveAtomicCounterBufferiv
glGetActiveAttrib
glGetActiveAttribARB
glGetActiveUniform
glGetActiveUniformARB
glGetActiveUniformBlockName
glGetActiveUniformBlockiv
glGetActiveUniformName
glGetActiveUniformsiv
glGetAttachedObjectsARB
glGetAttachedShaders
glGetAttribLocation
glGetAttribLocationARB
glGetBooleanIndexedvEXT
glGetBooleani_v
glGetBooleanv
glGetBufferParameteri64v
glGetBufferParameteriv
glGetBufferParameterivARB
glGetBufferPointerv
glGetBufferPointervARB
glGetBufferSubData
glGetBufferSubDataARB
glGetClipPlane
glGetClipPlanef
glGetClipPlanex
glGetColorTable
glGetColorTableParameterfv
glGetColorTableParameteriv
glGetCompressedTexImage
glGetCompressedTexImageARB
glGetConvolutionFilter
glGetConvolutionParameterfv
glGetConvolutionParameteriv
glGetDebugMessageLog
glGetDebugMessageLogARB
glGetDoublei_v
glGetDoublev
glGetError
glGetFixedv
glGetFloati_v
glGetFloatv
glGetFragDataIndex
glGetFragDataLocation
glGetFragDataLocationEXT
glGetFramebufferAttachmentParameteriv
glGetFramebufferAttachmentParameterivEXT
glGetFramebufferParameteriv
glGetGraphicsResetStatus
glGetGraphicsResetStatusARB
glGetHandleARB
glGetHistogram
glGetHistogramParameterfv
glGetHistogramParameteriv
glGetInfoLogARB
glGetInteger64i_v
glGetInteger64v
glGetIntegerIndexedvEXT
glGetIntegeri_v
glGetIntegerv
glGetLightfv
glGetLightiv
glGetLightxv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetMaterialxv
glGetMinmax
glGetMinmaxParameterfv
glGetMinmaxParameteriv
glGetMultisamplefv
glGetObjectLabel
glGetObjectParameterfvARB
glGetObjectParameterivARB
glGetObjectPtrLabel
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPointervEXT
glGetPolygonStipple
glGetProgramBinary
glGetProgramEnvParameterdvARB
glGetProgramEnvParameterfvARB
glGetProgramInfoLog
glGetProgramInterfaceiv
glGetProgramLocalParameterdvARB
glGetProgramLocalParameterfvARB
glGetProgramPipelineInfoLog
glGetProgramPipelineiv
glGetProgramResourceIndex
glGetProgramResourceLocation
glGetProgramResourceName
glGetProgramResourceiv
glGetProgramStringARB
glGetProgramiv
glGetProgramivARB
glGetQueryIndexediv
glGetQueryObjectiv
glGetQueryObjectivARB
glGetQueryObjectuiv
glGetQueryObjectuivARB
glGetQueryiv
glGetQueryivARB
glGetRenderbufferParameteriv
glGetRenderbufferParameterivEXT
glGetSamplerParameterIiv
glGetSamplerParameterIuiv
glGetSamplerParameterfv
glGetSamplerParameteriv
glGetSeparableFilter
glGetShaderInfoLog
glGetShaderPrecisionFormat
glGetShaderSource
glGetShaderSourceARB
glGetShaderiv
glGetString
glGetStringi
glGetSynciv
glGetTexEnvfv
glGetTexEnviv
glGetTexEnvxv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterIiv
glGetTexParameterIivEXT
glGetTexParameterIuiv
glGetTexParameterIuivEXT
glGetTexParameterfv
glGetTexParameteriv
glGetTexParameterxv

Sections

.text
Size: 25.1MB - Virtual size: 25.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8.9MB - Virtual size: 8.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 716KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 2023

Password: 2023

489e398f49ceeda3418bb4d259205037

Code Sign

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bdSigner

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

Exports

Exports

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 5KB - Virtual size: 10KB

.pdata Size: 18KB - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

Password: 2023

b6f30f5e7d47b4dde1cbc2055bdcbcdd

Code Sign

64:34:69:60:ad:81:bd:cb:83:a8:a3:c6:76:0f:4d:47Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b4:6f:0f:60:3f:7d:30:c1:4d:e2:cd:c6:ac:9c:52:34:f5:ef:9f:df:ee:81:cb:8c:89:fe:15:aa:6e:36:79:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.bss Size: 1KB - Virtual size: 1KB

.qctu Size: 11KB - Virtual size: 11KB

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 169KB - Virtual size: 172KB

Password: 2023

dc9fbafd0b96c0a640df70f088bfd2b0

Code Sign

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

05:a4:ca:6d:58:de:c5:0e:e0:41:d9:32:8f:62:f5:2a:0b:c9:f5:56:80:3e:5d:8d:0c:49:97:4c:24:c9:8a:22Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

04:e1:80:52:e9:b5:5c:1f:0a:83:7a:3e:c2:3b:e7:50
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

8a:67:17:5d:b0:0a:7d:67:d4:30:8d:ac:17:2f:87:8b:ad:30:c1:1d:d0:e9:dc:ef:17:89:ba:a3:56:85:f8:bd
Signer

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 5KB - Virtual size: 10KB

.pdata
Size: 18KB - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

64:34:69:60:ad:81:bd:cb:83:a8:a3:c6:76:0f:4d:47
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b4:6f:0f:60:3f:7d:30:c1:4d:e2:cd:c6:ac:9c:52:34:f5:ef:9f:df:ee:81:cb:8c:89:fe:15:aa:6e:36:79:c2
Signer

.bss
Size: 1KB - Virtual size: 1KB

.qctu
Size: 11KB - Virtual size: 11KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 169KB - Virtual size: 172KB

33:00:00:02:d0:e7:eb:7c:2e:f6:ce:23:e1:00:00:00:00:02:d0
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

05:a4:ca:6d:58:de:c5:0e:e0:41:d9:32:8f:62:f5:2a:0b:c9:f5:56:80:3e:5d:8d:0c:49:97:4c:24:c9:8a:22
Signer

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 4KB - Virtual size: 4KB

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:d7:d0:4b:42:84:68:84:7f:bb:6a:50:d3:70:6d:1c
Certificate

38:63:de:f8
Certificate

58:da:13:ff:00:00:00:00:51:ce:0d:f7
Certificate

8d:ce:15:f3:a7:94:c5:87:00:00:00:00:55:92:33:f4
Certificate

24:d0:8c:30:f1:40:a5:a2:e9:c1:1c:32:60:a5:fd:f1:5c:98:8d:d7:02:e0:b2:3e:cb:0a:38:a6:df:c4:87:84
Signer

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

61:29:15:27:00:00:00:00:00:2a
Certificate

2a:09:50:26:3e:06:49:6a:27:81:f5:50
Certificate

11:21:b4:55:35:1e:bb:1a:b2:4f:97:ef:07:fe:2a:b3:0b:8a
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

22:4c:b7:e1:ed:ee:0d:dc:8d:0b:ae:1f:fa:51:6b:56:0e:0d:52:05:ce:94:ae:bb:43:7d:df:bc:60:ec:0c:7b
Signer