mimikatz | Sam[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Sam.zip
Size

71.0MB
MD5

aeca1da0def416e2bade2fce8fb795c2
SHA1

1a3b59b99f90280eea93d964ba36b15f2fbce772
SHA256

3ca0bf28baacf269c3f6a7215516ae6c2181487f006f192ecac3537595a792c2
SHA512

ce4fb3b30f4246ecfaea97d653a9cbe5193869e05980168f2ae972715fc9ba8f0f47d592e2d7ed75d4cef998f728c31335f01fb036f7b20b6e29218225f8eaf9
SSDEEP

1572864:KSppUOHAPdPLq90QO7q52M8x47QzCLJwg4Opy+DMRNrID9:PppUxY2TOkM8xytLJ0OpSJy9

Score

10^/10

upx aspackv2 vmprotect mimikatz phorphiex blackcat

Malware Config

Extracted

Family

phorphiex

http://185.215.113.66/twizt/

http://185.215.113.66/

Wallets

12SJv5p8xUHeiKnXPCDaKCMpqvXj7TABT5BSxGt3csz9Beuc

1A6utf8R2zfLL7X31T5QRHdQyAx16BjdFD

3PFzu8Rw8aDNhDT6d5FMrZ3ckE4dEHzogfg

3BJS4zYwrnfcJMm4xLxRcsa69ght8n6QWz

qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k

XgWbWpuyPGney7hcS9vZ7eNhkj7WcvGcj8

DPcSSyFAYLu4aEB4s1Yotb8ANwtx6bZEQG

0xb899fC445a1b61Cdd62266795193203aa72351fE

LRDpmP5wHZ82LZimzWDLHVqJPDSpkM1gZ7

r1eZ7W1fmUT9tiUZwK6rr3g6RNiE4QpU1

TBdEh7r35ywUD5omutc2kDTX7rXhnFkxy5

t1T7mBRBgTYPEL9RPPBnAVgcftiWUPBFWyy

AGUqhQzF52Qwbvun5wQSrpokPtCC4b9yiX

bitcoincash:qpzj59cm0dcyxy9597x927fx0wzu75nns5lsm2452k

4AtjkCVKbtEC3UEN77SQHuH9i1XkzNiRi5VCbA2XGsJh46nJSXfGQn4GjLuupCqmC57Lo7LvKmFUyRfhtJSvKvuw3h9ReKK

GCVFMTUKNLFBGHE3AHRJH4IJDRZGWOJ6JD2FQTFQAAIQR64ALD7QJHUY

bnb1rcg9mnkzna2tw4u8ughyaj6ja8feyj87hss9ky

bc1qzs2hs5dvyx04h0erq4ea72sctcre2rcwadsq2v

Extracted

Family

blackcat

Attributes

enable_network_discovery
true
enable_self_propagation
true
enable_set_wallpaper
true
extension
kh1ftzx
note_file_name
RECOVER-${EXTENSION}-FILES.txt
note_full_text
>> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> Sensitive Data Sensitive data on your system was DOWNLOADED. If you DON'T WANT your sensitive data to be PUBLISHED you have to act quickly. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Private financial information including: clients data, bills, budgets, annual reports, bank statements. - Manufacturing documents including: datagrams, schemas, drawings in solidworks format - And more... >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? Follow these simple steps to get everything back to normal: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://rfosusl6qdm4zhoqbqnjxaloprld2qz35u77h4aap46rhwkouejsooqd.onion/?access-key=${ACCESS_KEY}

rsa_pubkey.plain

Signatures

Blackcat family
blackcat
Mimikatz family
mimikatz
Phorphiex family
phorphiex

mimikatz is an open source tool to dump credentials on Windows 2 IoCs

resource	yara_rule
static1/unpack001/075F9A8B9A5A3F3C221CFA69BA8B3590CFB873946970B7F3DBD333A580D24AC5	mimikatz
static1/unpack001/61C0810A23580CF492A6BA4F7654566108331E7A4134C968C2D6A05261B2D8A1	mimikatz

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/73D29DEAC41E022CE77730F74D5EFB0828F56D1F2BEB91FD24ABC867F851FE09	aspack_v212_v242

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/1BE33E42910515D58685E4CEE83C4C9B7DE4E6A155A6FD936922682A9922D42D	upx
static1/unpack001/81EFD50EB374AD2176E2655AF10276079F733C0592E83E3A044253DCBE06F329	upx

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/C6185A23C51B8AC77E6C1BDF2CD4A8D39B02AF8B8027D4162CF9766D19CF87C8	vmprotect

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/075F9A8B9A5A3F3C221CFA69BA8B3590CFB873946970B7F3DBD333A580D24AC5
unpack001/1BE33E42910515D58685E4CEE83C4C9B7DE4E6A155A6FD936922682A9922D42D
unpack002/out.upx
unpack001/2188BAE387FD2665D807D0B67B916973478CBE417D2042A146C8EADF77AF600C
unpack001/22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092
unpack001/33381793BD156716647F2C2E14047AA5559E940FF584D3FF6110B96EB701115E
unpack001/61C0810A23580CF492A6BA4F7654566108331E7A4134C968C2D6A05261B2D8A1
unpack001/676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB
unpack003/out.upx
unpack001/8E83C0F6566169AF1CF6C28670DCEE6EDEB15D0913AA24AD3831C9F97EB42307
unpack001/99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2
unpack001/B1E12D0216A946329FE549E09BF481D7DF9E8E3BC3F99BC24D9940CBB8F76F06
unpack001/C6185A23C51B8AC77E6C1BDF2CD4A8D39B02AF8B8027D4162CF9766D19CF87C8
unpack001/CDCFEDDB0ACA42E65E6A4822C1F23DF7C4AE92775EBCC0B45D4160B732B0983E
unpack001/E9F944AB296BCAA235EB584D6B7FA2811FC1A0F3BC2596A99675CDD114CDFCF5
unpack001/ECEA6B772742758A2240898EF772CA11AA9D870AEC711CFFAB8994C23044117C
unpack001/F2AB1AA34D0F6FC9CD8F6DB413E96E7FECB62A63738DB603FB41C1BDA722D5FB
unpack001/F98B98404ECF3871A10A290ADE21AD77D0B2633F47247DEBC53D094B9BDFF245

Files

Sam.zip
.zip
075F9A8B9A5A3F3C221CFA69BA8B3590CFB873946970B7F3DBD333A580D24AC5
.exe windows:5 windows x64 arch:x64

488309467553d2fb06d7c47c60f45f19

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptReleaseContext
CryptGetHashParam
CryptImportKey
CryptDestroyHash
CryptSetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptDestroyKey
ConvertSidToStringSidW
IsTextUnicode
IsValidSid
ConvertStringSidToSidW
GetSidSubAuthority
GetSidSubAuthorityCount
CredUnmarshalCredentialW
CredFree
CredIsMarshaledCredentialW
A_SHAInit
A_SHAFinal
A_SHAUpdate

ole32

CoInitializeEx
CoUninitialize

rpcrt4

MesHandleFree
MesDecodeIncrementalHandleCreate
MesIncrementalHandleReset
NdrMesTypeDecode2
NdrMesTypeFree2

shell32

CommandLineToArgvW

user32

IsCharAlphaNumericW

msasn1

ASN1_CreateEncoder
ASN1_CloseModule
ASN1_CreateDecoder
ASN1_CloseDecoder
ASN1_CreateModule
ASN1_CloseEncoder

ntdll

RtlFreeUnicodeString
RtlEqualUnicodeString
NtQuerySystemInformation
NtQueryInformationProcess
RtlInitUnicodeString
RtlGetCurrentPeb
RtlStringFromGUID
RtlGetNtVersionNumbers
RtlAdjustPrivilege
RtlEqualString

kernel32

HeapReAlloc
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
GetStringTypeW
SetStdHandle
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
GetFileType
HeapAlloc
HeapFree
GetACP
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
TerminateProcess
MultiByteToWideChar
GetModuleFileNameW
GetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwindEx
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryExA
GetProcAddress
FreeLibrary
GetSystemInfo
SetFilePointerEx
FileTimeToSystemTime
LocalAlloc
GetLastError
LocalFree
GetModuleHandleW
ReadFile
FindNextFileW
WriteFile
ExpandEnvironmentStringsW
FindClose
CreateFileW
CloseHandle
FlushFileBuffers
DeviceIoControl
WriteProcessMemory
VirtualProtect
SetLastError
SetFilePointer
ReadProcessMemory
VirtualQuery
UnmapViewOfFile
GetConsoleOutputCP
SetConsoleOutputCP
OpenProcess
GetCurrentProcess
FileTimeToLocalFileTime
GetTimeFormatW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetDateFormatW
SetConsoleCtrlHandler
RaiseException
ExitProcess

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
145F7ABE9ABFFD0422F1C1F4CF429E89FD9D3BE93E6C3A0DD852DB708992C4EA
.exe windows:6 windows x86 arch:x86

46afc61b34fb8e20ac7399f0df86ba31

Code Sign

aa:c5:30:b2:1d:bd:71:4c:91:21:8f:8b:a0:57:0e:24
Certificate

Issuer

CN=Gigabyte ULTRA 19 KW8,OU=Source Full,O=Gigabyte,L=¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾,ST=China,C=Made in China

Not Before

21-10-2023 08:50

Not After

11-12-2025 00:00

Subject

CN=Gigabyte ULTRA 19 KW8,OU=Source Full,O=Gigabyte,L=¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾¾%¥€$%¾,ST=China,C=Made in China

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:5b:67:66:9a:e8:c8:ab:af:9e:cb:59:c3:38:e6:88:e1:81:0f:e9:32:3f:01:f3:1f:8a:09:13:91:22:df:33
Signer

Actual PE Digest

6e:5b:67:66:9a:e8:c8:ab:af:9e:cb:59:c3:38:e6:88:e1:81:0f:e9:32:3f:01:f3:1f:8a:09:13:91:22:df:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionEx
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.@**..--
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.@**..--
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.@**..--
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 170KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1A99AC759FCD881729B76C2904476B4201E794DF2D0547C954EA37BE7C153131
.exe windows:4 windows x86 arch:x86

9e604fa03f90625680ac2f8bef162aff

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

10-08-2016 20:47

Not After

10-08-2017 07:43

Subject

CN=Open Source Developer\, Robin Krom,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c16676574677265656e73686f7440676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

10-08-2016 20:47

Not After

10-08-2017 07:43

Subject

CN=Open Source Developer\, Robin Krom,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c16676574677265656e73686f7440676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08-03-2016 13:10

Not After

30-05-2027 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:08:05:80:1f:c2:18:ed:a6:47:9a:4b:a9:cb:b8:d6:cc:a7:6e:27:a1:3d:59:1b:9d:03:f4:12:b2:11:f3:6e
Signer

Actual PE Digest

20:08:05:80:1f:c2:18:ed:a6:47:9a:4b:a9:cb:b8:d6:cc:a7:6e:27:a1:3d:59:1b:9d:03:f4:12:b2:11:f3:6e

Digest Algorithm

sha256

PE Digest Matches

false

27:63:5e:a0:a7:ad:75:75:23:e0:89:f8:5c:3d:e2:29:43:f8:69:85
Signer

Actual PE Digest

27:63:5e:a0:a7:ad:75:75:23:e0:89:f8:5c:3d:e2:29:43:f8:69:85

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

setsockopt
gethostbyname
htonl
ioctlsocket
htons
WSAStartup
ntohl
WSACleanup

wininet

HttpQueryInfoA

crypt32

CertFreeCertificateContext
CertVerifySubjectCertificateContext
CertFindCertificateInStore
CertCreateCertificateContext
CryptGetMessageCertificates
CryptVerifyMessageSignature
CertCloseStore

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

waveInStop
waveInAddBuffer
waveInStart
waveInGetNumDevs
waveOutGetNumDevs
waveInClose
waveOutGetDevCapsA
waveOutPrepareHeader
waveOutWrite
waveOutReset
waveOutUnprepareHeader
waveInReset
waveInUnprepareHeader
waveInPrepareHeader
waveInOpen
waveInGetDevCapsA
timeGetTime
waveOutClose
waveOutOpen
timeKillEvent
timeSetEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

kernel32

GetSystemInfo
GetUserDefaultLangID
ExitThread
GlobalFree
GetFileAttributesA
GetFileAttributesW
LockResource
LoadResource
FindResourceExA
FindResourceExW
GlobalAlloc
CreateThread
GetTimeZoneInformation
GetSystemTime
SystemTimeToFileTime
DeleteFileA
DeleteFileW
MoveFileA
VirtualQuery
RemoveDirectoryA
RemoveDirectoryW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
ReadFile
WriteFile
GetTempFileNameA
GetTempPathA
GetTempFileNameW
GetTempPathW
SetFilePointer
GetFileSize
GetFileAttributesExA
GetFileAttributesExW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetSystemDirectoryA
GetModuleFileNameA
MoveFileExA
CreateMutexA
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
WaitForSingleObject
WideCharToMultiByte
GlobalUnlock
GlobalLock
IsDBCSLeadByteEx
lstrlenA
SetEndOfFile
CopyFileA
CopyFileW
GetModuleFileNameW
GetCommandLineW
ExitProcess
GetModuleHandleA
GetCommandLineA
GetProcessTimes
GetCurrentProcess
CreateEventA
SetEvent
TlsAlloc
SetThreadPriority
InterlockedIncrement
InterlockedDecrement
ResetEvent
WaitForMultipleObjects
VirtualFree
VirtualAlloc
GetThreadPriority
GetCurrentThread
GetSystemDefaultLangID
FreeLibrary
GetLastError
GetStartupInfoA
CreateProcessA
CloseHandle
LCMapStringW
LCMapStringA
GetTickCount
GetCurrentThreadId
GetLocaleInfoA
SetErrorMode
LoadLibraryA
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
IsDBCSLeadByte
GetACP
GetCPInfo
MultiByteToWideChar
GetVersionExA
InterlockedExchange
InterlockedCompareExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapAlloc
GetProcessHeap
MoveFileW
HeapFree

user32

GetSubMenu
LoadMenuA
SetTimer
KillTimer
GetClientRect
ScreenToClient
GetCursorPos
SetCursor
LoadCursorA
EndPaint
BeginPaint
GetMenu
DestroyWindow
GetFocus
WindowFromPoint
GetCapture
ReleaseCapture
SetCapture
TrackPopupMenu
ClientToScreen
DeleteMenu
GetMenuItemID
IsWindow
DefWindowProcA
GetWindowLongA
CreateWindowExA
RegisterClipboardFormatA
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
SetClipboardData
EmptyClipboard
InsertMenuA
InsertMenuW
RemoveMenu
GetWindow
UnregisterClassA
LoadStringW
MoveWindow
SetMenu
UpdateWindow
ShowWindow
SetDlgItemTextA
SetDlgItemTextW
EnableWindow
GetDlgItemTextA
GetWindowTextLengthA
DestroyMenu
GetWindowTextLengthW
PostQuitMessage
GetMenuStringA
GetMenuStringW
RegisterClassA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
PostThreadMessageA
GetQueueStatus
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
SystemParametersInfoA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
PostMessageA
EndDialog
SetWindowLongA
GetParent
GetWindowRect
GetDesktopWindow
SetWindowPos
LoadIconA
GetDlgItem
SendMessageA
SetWindowTextA
SetFocus
GetMenuItemCount
GetMenuItemInfoA
GetSystemMetrics
InsertMenuItemA
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
SendInput
GetKeyboardLayout
GetDC
ReleaseDC
GetDoubleClickTime
LoadStringA
EnableMenuItem
CheckMenuItem
InvalidateRect
WaitForInputIdle
MapVirtualKeyA
FillRect
GetKeyState
DialogBoxParamW
DialogBoxParamA
GetDlgItemTextW
MessageBoxA

gdi32

GetTextMetricsA
GetClipRgn
SetTextColor
ExtTextOutW
ExtTextOutA
CreateRectRgn
GetTextAlign
GetBkMode
GetTextColor
EnumFontFamiliesA
SetTextCharacterExtra
BeginPath
EndPage
DPtoLP
FillPath
ExtCreatePen
StrokePath
EndDoc
StartDocA
LPtoDP
CreateSolidBrush
GetClipBox
GetSystemPaletteEntries
CreatePalette
GetTextExtentPoint32A
CreatePen
GetBkColor
SetBkColor
GetCurrentObject
GetTextExtentPoint32W
EndPath
SetPolyFillMode
MoveToEx
LineTo
PolyBezierTo
SelectClipPath
SaveDC
RestoreDC
GdiFlush
DeleteObject
SelectObject
StretchDIBits
SetDIBitsToDevice
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
DeleteDC
CreateDIBSection
GetDeviceCaps
BitBlt
RealizePalette
SelectPalette
GetStockObject
CreateFontIndirectA
SetBkMode
SetTextAlign
IntersectClipRect
SelectClipRgn
StartPage

comdlg32

GetOpenFileNameA
PrintDlgA
GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
GetSaveFileNameA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegSetValueExA
RegCreateKeyA
RegSetValueA

shell32

DragQueryFileA
DragAcceptFiles
SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
DragQueryFileW

ole32

CoTaskMemAlloc
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 842KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1BE33E42910515D58685E4CEE83C4C9B7DE4E6A155A6FD936922682A9922D42D
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 472KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 264KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2188BAE387FD2665D807D0B67B916973478CBE417D2042A146C8EADF77AF600C
.dll windows:5 windows x86 arch:x86

0793fc5146cb2625c14847ed7595a3e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetCurrentProcess
LoadLibraryW
GetProcAddress
FreeLibrary
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
CreateMutexW
ReleaseMutex
GetModuleFileNameW
FindFirstFileW
FindClose
CreateFileW
GetFileSizeEx
FindNextFileW
GetTempPathW
lstrcmpiW
LocalFree
DeleteFileW
CloseHandle
CopyFileW
WaitForSingleObject
RemoveDirectoryW
GetModuleHandleW
FormatMessageA
LocalAlloc
lstrlenW
FormatMessageW
LeaveCriticalSection
InterlockedDecrement
lstrlenA
CompareStringA
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableW
SetEnvironmentVariableA
CompareStringW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
CreateFileA
SetStdHandle
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
Sleep
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
CreateDirectoryW
GetCPInfo
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetStringTypeW
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapAlloc
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoA
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation

advapi32

GetTokenInformation
OpenProcessToken
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
GetUserNameW

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetSpecialFolderPathW
ord680

ole32

CoCreateInstance
StringFromCLSID
CLSIDFromString
CoTaskMemFree
OleRun
CoCreateGuid
StringFromGUID2

oleaut32

VariantClear
SysAllocString
SysFreeString
SysStringLen

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

ALLDownloadAndInstallSilentUpdate
ALLForceUpdateCheck
ALLGetApplicationState
ALLGetLocale
ALLGetOptionalParam
ALLGetUniqUserId
ALLGetUniqueParam
ALLIsUpdateAvailable
ALLIsUpgradeAvailable
ALLOnApplicationStartup
ALLOnApplicationUninstall
ALLSetApplicationState
ALLSetExecutorPath
ALLSetLocale
ALLSetOptionalParam
ALLSetUniqueParam
ALLSetUpdateDestination
Crash

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 796KB - Virtual size: 792KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092
.exe windows:5 windows x86 arch:x86

2f2316fb946682a102e453a8ae405904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
bind
WSAStartup
ioctlsocket
recv
send
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
WSAEnumNetworkEvents
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEventSelect
WSAGetOverlappedResult
WSAWaitForMultipleEvents
getpeername
accept
WSACreateEvent
WSASocketA
listen

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
PathFileExistsA
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

InternetConnectA
InternetOpenUrlW
HttpQueryInfoA
InternetOpenW
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetCrackUrlA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
memmove
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
strstr
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

MoveFileW
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetProcessHeaps
GetSystemInfo
PostQueuedCompletionStatus
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
DeleteFileA
CreateMutexA
MoveFileA
GetLastError
CreateEventA
ExitProcess
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
GetVolumeInformationW
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
FindClose
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW

user32

SendMessageA
wsprintfW
IsClipboardFormatAvailable
RegisterClassExW
GetWindowLongW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
CloseClipboard
GetMessageA
FindWindowA
ShowWindow
wsprintfA
SetForegroundWindow
wvsprintfA
TranslateMessage
DefWindowProcA
RegisterRawInputDevices
CreateWindowExW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
33381793BD156716647F2C2E14047AA5559E940FF584D3FF6110B96EB701115E
.exe windows:6 windows x64 arch:x64

8ff66358ad21b91025a7d57a44f46f77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken

bcrypt

BCryptDecrypt

crypt32

CertFreeCertificateChainEngine

iphlpapi

GetNetworkParams

kernel32

RtlUnwindEx

ncrypt

NCryptOpenKey

ole32

CoInitializeEx

ws2_32

shutdown

api-ms-win-crt-heap-l1-1-0

calloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-string-l1-1-0

wcsncmp

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback

api-ms-win-crt-stdio-l1-1-0

_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

DotNetRuntimeDebugHeader

Sections

.text
Size: - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

hydrated
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.S(i
Size: - Virtual size: 18.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Nk5
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rlZ
Size: 34.3MB - Virtual size: 34.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
61C0810A23580CF492A6BA4F7654566108331E7A4134C968C2D6A05261B2D8A1
.exe windows:5 windows x64 arch:x64

55ee500bb4bdfc49f27a98ae456d8edf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptSetHashParam
CryptGetHashParam
CryptExportKey
CryptAcquireContextW
CryptSetKeyParam
CryptGetKeyParam
CryptReleaseContext
CryptDuplicateKey
CryptAcquireContextA
CryptGetProvParam
CryptImportKey
SystemFunction007
CryptEncrypt
CryptCreateHash
CryptGenKey
CryptDestroyKey
CryptDecrypt
CryptDestroyHash
CryptHashData
CopySid
GetLengthSid
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
CreateWellKnownSid
CreateProcessWithLogonW
CreateProcessAsUserW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
SystemFunction033
SystemFunction032
ConvertSidToStringSidW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
SetServiceObjectSecurity
OpenServiceW
BuildSecurityDescriptorW
QueryServiceObjectSecurity
StartServiceW
AllocateAndInitializeSid
QueryServiceStatusEx
FreeSid
ControlService
IsTextUnicode
OpenProcessToken
GetTokenInformation
LookupAccountNameW
LookupAccountSidW
DuplicateTokenEx
CheckTokenMembership
CryptSetProvParam
CryptEnumProvidersW
ConvertStringSidToSidW
LsaFreeMemory
GetSidSubAuthority
GetSidSubAuthorityCount
IsValidSid
SetThreadToken
CryptEnumProviderTypesW
SystemFunction006
CryptGetUserKey
OpenEventLogW
GetNumberOfEventLogRecords
ClearEventLogW
SystemFunction001
CryptDeriveKey
SystemFunction005
LsaQueryTrustedDomainInfoByName
CryptSignHashW
LsaSetSecret
SystemFunction023
LsaOpenSecret
LsaQuerySecret
LsaRetrievePrivateData
LsaEnumerateTrustedDomainsEx
LookupPrivilegeValueW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
LookupPrivilegeNameW
OpenThreadToken
EqualSid
CredFree
CredEnumerateW
SystemFunction026
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction027
SystemFunction041
CredIsMarshaledCredentialW
CredUnmarshalCredentialW
A_SHAFinal
A_SHAInit
A_SHAUpdate

cabinet

ord11
ord14
ord10
ord13

crypt32

CryptSignAndEncodeCertificate
CertEnumSystemStore
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
CryptStringToBinaryA
CertAddEncodedCertificateToStore
CertOpenStore
CertFreeCertificateContext
CertCloseStore
CryptStringToBinaryW
CertSetCertificateContextProperty
PFXExportCertStoreEx
CryptUnprotectData
CryptBinaryToStringW
CryptBinaryToStringA
CryptExportPublicKeyInfo
CryptFindOIDInfo
CryptAcquireCertificatePrivateKey
CertNameToStrW
CertFindCertificateInStore
CertGetCertificateContextProperty
CertGetNameStringW
CryptEncodeObject
CryptProtectData
CryptQueryObject

cryptdll

MD5Init
MD5Final
CDLocateCSystem
CDGenerateRandomBits
CDLocateCheckSum
MD5Update

dnsapi

DnsFree
DnsQuery_A

fltlib

FilterFindFirst
FilterFindNext

mpr

WNetCancelConnection2W
WNetAddConnection2W

netapi32

NetStatisticsGet
DsGetDcNameW
NetApiBufferFree
NetRemoteTOD
NetSessionEnum
NetServerGetInfo
DsEnumerateDomainTrustsW
NetShareEnum
NetWkstaUserEnum
I_NetServerAuthenticate2
I_NetServerTrustPasswordsGet
I_NetServerReqChallenge

odbc32

ord75
ord9
ord43
ord24
ord31
ord111
ord141
ord13

ole32

CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
VariantInit
SysFreeString
VariantClear

rpcrt4

RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
MesEncodeIncrementalHandleCreate
RpcBindingSetAuthInfoExW
RpcBindingInqAuthClientW
RpcBindingSetOption
RpcImpersonateClient
RpcStringFreeW
RpcRevertToSelf
MesDecodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeFree2
NdrMesTypeEncode2
RpcServerUnregisterIfEx
I_RpcBindingInqSecurityContext
RpcServerInqBindings
RpcServerListen
RpcMgmtWaitServerListen
RpcEpRegisterW
RpcMgmtStopServerListening
RpcBindingToStringBindingW
RpcServerRegisterIf2
RpcServerRegisterAuthInfoW
RpcBindingVectorFree
UuidToStringW
RpcServerUseProtseqEpW
RpcEpUnregister
NdrServerCall2
NdrClientCall2
UuidCreate
RpcEpResolveBinding
RpcBindingSetObject
RpcBindingSetAuthInfoW
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
I_RpcGetCurrentCallHandle

shlwapi

UrlUnescapeW
PathIsDirectoryW
PathFindFileNameW
PathIsRelativeW
PathCombineW
PathCanonicalizeW

samlib

SamEnumerateAliasesInDomain
SamQueryInformationUser
SamCloseHandle
SamEnumerateDomainsInSamServer
SamFreeMemory
SamEnumerateUsersInDomain
SamOpenUser
SamLookupDomainInSamServer
SamLookupNamesInDomain
SamLookupIdsInDomain
SamOpenDomain
SamConnect
SamSetInformationUser
SamiChangePasswordUser
SamEnumerateGroupsInDomain
SamGetGroupsForUser
SamGetMembersInGroup
SamGetMembersInAlias
SamRidToSid
SamGetAliasMembership
SamOpenGroup
SamOpenAlias

secur32

FreeContextBuffer
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
QueryContextAttributesW
InitializeSecurityContextW
AcquireCredentialsHandleW
EnumerateSecurityPackagesW
FreeCredentialsHandle
DeleteSecurityContext
LsaCallAuthenticationPackage
LsaConnectUntrusted

shell32

CommandLineToArgvW

user32

SetClipboardViewer
DefWindowProcW
GetClipboardSequenceNumber
OpenClipboard
CreateWindowExW
GetClipboardData
RegisterClassExW
TranslateMessage
EnumClipboardFormats
PostMessageW
DispatchMessageW
GetKeyboardLayout
IsCharAlphaNumericW
SendMessageW
UnregisterClassW
DestroyWindow
CloseClipboard
GetMessageW
ChangeClipboardChain

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

hid

HidD_GetFeature
HidD_GetPreparsedData
HidD_GetHidGuid
HidD_GetAttributes
HidD_SetFeature
HidP_GetCaps
HidD_FreePreparsedData

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

winscard

SCardReleaseContext
SCardListCardsW
SCardGetCardTypeProviderNameW
SCardListReadersW
SCardFreeMemory
SCardEstablishContext
SCardControl
SCardConnectW
SCardTransmit
SCardDisconnect
SCardGetAttrib

winsta

WinStationCloseServer
WinStationOpenServerW
WinStationFreeMemory
WinStationConnectW
WinStationQueryInformationW
WinStationEnumerateW

wldap32

ord36
ord79
ord145
ord73
ord310
ord208
ord13
ord77
ord142
ord54
ord41
ord309
ord304
ord301
ord127
ord26
ord167
ord147
ord133
ord157
ord88
ord14
ord122
ord140
ord203
ord69
ord139
ord97
ord223
ord12
ord113
ord224
ord96
ord27

msasn1

ASN1_CreateModule
ASN1_CloseEncoder
ASN1_CreateDecoder
ASN1_FreeEncoded
ASN1_CloseModule
ASN1_CreateEncoder
ASN1_CloseDecoder
ASN1BERDotVal2Eoid

ntdll

strtol
_strcmpi
strstr
towupper
_wcstoui64
wcsncmp
wcstol
strchr
strcspn
strncmp
memmove
_wcsnicmp
strtoul
wcsstr
wcschr
wcsrchr
_stricmp
_vscwprintf
_wcsicmp
strrchr
_vsnprintf
log
memcmp
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlDowncaseUnicodeString
RtlFreeUnicodeString
RtlInitUnicodeString
RtlEqualUnicodeString
NtQueryObject
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
NtQuerySystemInformation
RtlGetCurrentPeb
NtQueryInformationProcess
RtlCreateUserThread
RtlGUIDFromString
RtlStringFromGUID
NtCompareTokens
RtlGetNtVersionNumbers
RtlEqualString
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
NtQueryDirectoryObject
NtResumeProcess
NtOpenDirectoryObject
RtlAdjustPrivilege
NtSuspendProcess
NtTerminateProcess
NtQuerySystemEnvironmentValueEx
NtSetSystemEnvironmentValueEx
NtEnumerateSystemEnvironmentValuesEx
RtlIpv4AddressToStringW
RtlIpv6AddressToStringW
wcstoul
__chkstk

kernel32

lstrlenA
GetDateFormatW
SystemTimeToFileTime
ClearCommError
CreateRemoteThread
WaitForSingleObject
CreateProcessW
SetConsoleOutputCP
GetConsoleOutputCP
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WriteProcessMemory
VirtualAllocEx
VirtualProtectEx
RtlVirtualUnwind
SetFilePointerEx
GetProcessId
GetComputerNameW
IsWow64Process
VirtualAlloc
SetLastError
ReadProcessMemory
VirtualFreeEx
VirtualQueryEx
VirtualFree
VirtualQuery
GetComputerNameExW
DeviceIoControl
DuplicateHandle
OpenProcess
GetCurrentProcess
ExpandEnvironmentStringsW
FindNextFileW
FindClose
GetCurrentDirectoryW
GetFileSizeEx
FlushFileBuffers
GetFileAttributesW
FindFirstFileW
lstrlenW
GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary
DeleteFileA
GetTempPathA
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCurrentDirectoryA
GetTempFileNameA
SetFilePointer
CreateFileA
FileTimeToDosDateTime
CreateThread
LocalFree
CloseHandle
LocalAlloc
GetLastError
CreateFileW
ReadFile
TerminateThread
WriteFile
FileTimeToSystemTime
Sleep
VirtualProtect
WideCharToMultiByte
GetTimeFormatW
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
GetFileSize
CreateMutexW
HeapCompact
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
FormatMessageA
FormatMessageW
GetVersionExW
HeapDestroy
GetSystemTimeAsFileTime
GetFileAttributesA
HeapCreate
HeapValidate
MultiByteToWideChar
GetTempPathW
HeapSize
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
OutputDebugStringA
GetVersionExA
DeleteFileW
GetCurrentProcessId
GetSystemTime
AreFileApisANSI
ExitProcess
ExitThread
RaiseException
SetConsoleCtrlHandler
SetConsoleTitleW
SetFileAttributesW
GlobalSize
SetHandleInformation
CreatePipe
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetEvent
CreateEventW
GetSystemDirectoryW
SetConsoleCursorPosition
GetTimeZoneInformation
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetCurrentDirectoryW
GetCurrentThread
ProcessIdToSessionId
RtlLookupFunctionEntry
RtlCaptureContext
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentThreadId
PurgeComm

msvcrt

calloc
isdigit
_fmode
_commode
__setusermatherr
isspace
mbtowc
__mb_cur_max
isleadbyte
isxdigit
localeconv
_snprintf
__set_app_type
_itoa
wctomb
ferror
iswctype
wcstombs
?terminate@@YAXXZ
__badioinfo
__pioinfo
_read
_lseeki64
_write
_isatty
ungetc
_amsg_exit
_initterm
fclose
_setmode
vwprintf
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
__C_specific_handler
memset
memcpy
_iob
getchar
_wpgmptr
fgetws
realloc
_msize
malloc
_vscprintf
_errno
free
_wcsdup
vfwprintf
fflush
_wfopen
wprintf
_fileno

Sections

.text
Size: 830KB - Virtual size: 829KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
676A2A0D88A79012300A63092DA090F5B0D0BDFC105541732254E0AE1FEB2FCB
.exe windows:5 windows x86 arch:x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
73D29DEAC41E022CE77730F74D5EFB0828F56D1F2BEB91FD24ABC867F851FE09
.exe windows:4 windows x86 arch:x86

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:05:da:b8:f0:7a:e8:40:be:ad:78:fe:b2:55:a8:74
Certificate

Issuer

CN=WZTeam

Not Before

10-03-2017 18:02

Not After

31-12-2039 23:59

Subject

CN=WZTeam

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

95:2e:7d:72:b9:20:b3:38:a6:11:1e:78:3c:95:62:c8:13:89:68:d7:c0:6f:24:ef:14:48:21:86:4c:1a:45:eb
Signer

Actual PE Digest

95:2e:7d:72:b9:20:b3:38:a6:11:1e:78:3c:95:62:c8:13:89:68:d7:c0:6f:24:ef:14:48:21:86:4c:1a:45:eb

Digest Algorithm

sha256

PE Digest Matches

true

5e:6a:39:e7:f6:01:9e:9c:79:39:cc:5b:db:89:ec:5a:89:e2:04:aa
Signer

Actual PE Digest

5e:6a:39:e7:f6:01:9e:9c:79:39:cc:5b:db:89:ec:5a:89:e2:04:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.code
Size: 20KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 210KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 650KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.msfree
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
81EFD50EB374AD2176E2655AF10276079F733C0592E83E3A044253DCBE06F329
.exe windows:5 windows x64 arch:x64

Code Sign

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

75:3e:5c:ef:ec:b6:3d:75:b2:cc:6b:83:03:2f:89:9e
Certificate

Issuer

CN=WZTeam

Not Before

02-11-2016 18:47

Not After

31-12-2039 23:59

Subject

CN=WZTeam

Extended Key Usages

ExtKeyUsageCodeSigning

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b0:47:da:fc:ab:16:b4:1b:13:b6:9b:1f:79:fd:83:5e:0a:2e:52:90:9f:6d:7e:9f:bf:d0:93:00:49:de:0a:39
Signer

Actual PE Digest

b0:47:da:fc:ab:16:b4:1b:13:b6:9b:1f:79:fd:83:5e:0a:2e:52:90:9f:6d:7e:9f:bf:d0:93:00:49:de:0a:39

Digest Algorithm

sha256

PE Digest Matches

true

e6:31:96:05:39:f7:98:07:aa:bd:21:6a:85:e1:e1:97:38:0d:b1:79
Signer

Actual PE Digest

e6:31:96:05:39:f7:98:07:aa:bd:21:6a:85:e1:e1:97:38:0d:b1:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 717KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.drectve
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8E83C0F6566169AF1CF6C28670DCEE6EDEB15D0913AA24AD3831C9F97EB42307
.exe windows:6 windows x64 arch:x64

ee26deb5354c4489ff0dc7547168b2dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionEx
GetVersion
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

CharNextA
CharUpperBuffW

advapi32

RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

Sections

.text
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
99CA9F3245265C2F9D395B4B3A8554056E481C6FEE98B839C9C5ADB5B79E0DE2
.exe windows:6 windows x86 arch:x86

ecfa3f838c234923c36b9ec2755e3398

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

ntdll

NtUnmapViewOfSection

wtsapi32

WTSSendMessageW

user32

GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0
Size: 7.0MB - Virtual size: 7.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
B1E12D0216A946329FE549E09BF481D7DF9E8E3BC3F99BC24D9940CBB8F76F06
.exe windows:5 windows x86 arch:x86

6a50fba0b2beed26e23e37e0922bd3df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLocalTime
DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
HeapReAlloc
CreateFileW

user32

wsprintfW

ws2_32

WSAGetLastError
htons

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C6185A23C51B8AC77E6C1BDF2CD4A8D39B02AF8B8027D4162CF9766D19CF87C8
.exe windows:6 windows x86 arch:x86

5de3d424cd6789b476f93abd644dde5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

advapi32

CreateServiceA

shell32

SHGetSpecialFolderPathA

setupapi

SetupDiGetClassDevsA

Sections

.text
Size: - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 4.7MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 97KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CDCFEDDB0ACA42E65E6A4822C1F23DF7C4AE92775EBCC0B45D4160B732B0983E
.exe windows:5 windows x86 arch:x86

2ffdf0a1519d1adada787fd4df5a5fec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recvfrom
setsockopt
sendto
send
recv
WSAStartup
ioctlsocket
bind
WSACloseEvent
WSARecv
WSASend
WSAGetLastError
WSAEnumNetworkEvents
gethostname
connect
inet_ntoa
inet_addr
htons
getsockname
shutdown
socket
closesocket
gethostbyname
WSAEventSelect
WSAGetOverlappedResult
WSAWaitForMultipleEvents
getpeername
accept
WSACreateEvent
WSASocketA
listen

shlwapi

PathFileExistsW
StrCmpNW
PathMatchSpecW
PathFindFileNameW
StrChrA
StrStrIA
StrCmpNIA
StrStrW

urlmon

URLDownloadToFileW

wininet

HttpOpenRequestA
InternetOpenUrlW
InternetOpenUrlA
HttpQueryInfoA
InternetOpenW
InternetCloseHandle
InternetOpenA
HttpSendRequestA
InternetConnectA
InternetCrackUrlA
InternetReadFile
HttpAddRequestHeadersA

ntdll

memcpy
_chkstk
_aulldiv
RtlUnwind
memmove
mbstowcs
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQueryVirtualMemory
strstr
isdigit
isalpha
_allshl
_aullshr
memset

msvcrt

rand
srand
_vscprintf

kernel32

GetLastError
CreateProcessW
GetLocaleInfoA
DuplicateHandle
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetCurrentProcess
InterlockedExchangeAdd
InterlockedIncrement
InterlockedExchange
WaitForSingleObject
InterlockedDecrement
GetCurrentProcessId
HeapSetInformation
GetSystemInfo
PostQueuedCompletionStatus
GetProcessHeaps
HeapValidate
HeapCreate
HeapFree
HeapAlloc
HeapReAlloc
ExpandEnvironmentStringsW
CreateThread
CreateMutexA
MoveFileA
MoveFileW
CreateEventA
ExitProcess
GetQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
GetVolumeInformationW
SetFileAttributesW
lstrcpyW
DeleteFileW
GetDiskFreeSpaceExW
FindNextFileW
lstrcmpiW
QueryDosDeviceW
RemoveDirectoryW
FindClose
lstrlenA
GlobalLock
GetModuleHandleW
GetTickCount
GlobalAlloc
Sleep
lstrcpynW
ExitThread
MultiByteToWideChar
lstrlenW
GlobalUnlock
GetFileSize
MapViewOfFile
UnmapViewOfFile
WriteFile
InitializeCriticalSection
LeaveCriticalSection
CreateFileW
FlushFileBuffers
EnterCriticalSection
CreateFileMappingW
CloseHandle
FindFirstFileW
GetDriveTypeW
MoveFileExW
CreateDirectoryW
GetLogicalDrives
CopyFileW
GetModuleFileNameW
lstrcmpW

user32

TranslateMessage
RegisterClassExW
wsprintfW
GetClipboardData
EmptyClipboard
ChangeClipboardChain
SetWindowLongW
DefWindowProcA
RegisterRawInputDevices
CreateWindowExW
SendMessageA
IsClipboardFormatAvailable
CloseClipboard
GetMessageA
wsprintfA
wvsprintfA
GetWindowLongW
DispatchMessageA
OpenClipboard
SetClipboardData
SetClipboardViewer

advapi32

RegSetValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CoInitializeEx
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
E9F944AB296BCAA235EB584D6B7FA2811FC1A0F3BC2596A99675CDD114CDFCF5
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 820KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 49KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

EZ
Size: - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
ECEA6B772742758A2240898EF772CA11AA9D870AEC711CFFAB8994C23044117C
.exe windows:4 windows x86 arch:x86

55c1bce75ad836c886b7fb6bca398063

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
CloseServiceHandle
ControlService
CreateProcessWithLogonW
EnumDependentServicesW
EnumServicesStatusExW
GetUserNameW
LookupPrivilegeValueW
OpenProcessToken
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
AddVectoredExceptionHandler
AttachConsole
CancelIo
CloseHandle
CompareStringOrdinal
CopyFileExW
CreateEventW
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeW
CreatePipe
CreateProcessW
CreateThread
CreateToolhelp32Snapshot
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileW
FindFirstVolumeW
FindNextFileW
FindNextVolumeW
FindVolumeClose
FormatMessageW
FreeConsole
FreeEnvironmentStringsW
FreeLibrary
GetCommandLineW
GetComputerNameExW
GetComputerNameW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFinalPathNameByHandleW
GetFullPathNameW
GetLastError
GetLogicalDrives
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetTimeZoneInformation
GetVolumePathNamesForVolumeNameW
GetWindowsDirectoryW
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MoveFileExW
OpenProcess
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSRWLockExclusive
ReleaseSRWLockShared
RemoveDirectoryW
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleMode
SetConsoleTextAttribute
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetHandleInformation
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
SetVolumeMountPointW
Sleep
SwitchToThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
Wow64DisableWow64FsRedirection
WriteConsoleW
WriteFile
lstrlenW
DeleteCriticalSection
GetCurrentThreadId
GetTickCount
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

netapi32

NetApiBufferFree
NetServerEnum
NetShareEnum

ntdll

NtOpenProcessToken
NtQueryInformationToken
RtlCaptureContext

ole32

CoGetObject
CoInitializeEx
CoUninitialize

rstrtmgr

RmEndSession
RmGetList
RmRegisterResources
RmStartSession

shell32

SHTestTokenMembership

user32

SystemParametersInfoW

ws2_32

WSACleanup
WSAGetLastError
WSASocketW
WSAStartup
bind
closesocket
connect
freeaddrinfo
getaddrinfo
ioctlsocket
recv
recvfrom
send
sendto
setsockopt

bcrypt

BCryptGenRandom

msvcrt

__dllonexit
__getmainargs
__initenv
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_fmode
_fpreset
_initterm
_iob
_lock
_onexit
_unlock
calloc
ceil
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
_wcsicmp
abort
atexit
vfprintf
wcscat
wcscat_s
wcscpy
wcscpy_s
wcslen

userenv

GetUserProfileDirectoryW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
F2AB1AA34D0F6FC9CD8F6DB413E96E7FECB62A63738DB603FB41C1BDA722D5FB
.exe windows:5 windows x86 arch:x86

0b825660c7d5ed229100a6d233732e14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeNameForVolumeMountPointA
GetTempFileNameW
SetDefaultCommConfigA
FindResourceA
WriteConsoleInputW
WriteConsoleOutputCharacterW
lstrlenA
GetModuleHandleExA
GetLocaleInfoA
CommConfigDialogA
MapUserPhysicalPages
GlobalAddAtomA
GetConsoleAliasA
ZombifyActCtx
SetHandleInformation
SetConsoleScreenBufferSize
WriteConsoleInputA
OpenSemaphoreA
GetSystemDefaultLCID
_lclose
GetModuleHandleW
CreateNamedPipeW
FindNextVolumeMountPointA
GetConsoleAliasesA
GetWindowsDirectoryA
GetConsoleAliasExesW
WaitNamedPipeW
SetCommState
GetCommandLineA
SetCommTimeouts
GetDriveTypeA
GetEnvironmentStrings
LoadLibraryW
CopyFileW
_hread
GetExitCodeProcess
GetConsoleAliasW
GetFileAttributesW
ReadFile
GetCompressedFileSizeA
CompareStringW
lstrlenW
GetStartupInfoW
ReplaceFileA
GetStartupInfoA
GetLastError
GetCurrentDirectoryW
SetLastError
AttachConsole
VerLanguageNameA
CreateNamedPipeA
SetVolumeLabelW
RemoveDirectoryA
CopyFileA
EnumSystemCodePagesW
SetComputerNameA
OpenWaitableTimerA
UnhandledExceptionFilter
LocalAlloc
SetConsoleCtrlHandler
AddAtomW
CreateEventW
SetCurrentDirectoryW
FoldStringW
FindNextFileA
SetConsoleTitleW
GetModuleHandleA
GetProcessShutdownParameters
GetCommTimeouts
lstrcatW
FatalExit
FindNextFileW
VirtualProtect
GetFileTime
GetConsoleCursorInfo
QueryPerformanceFrequency
GetShortPathNameW
TerminateJobObject
FindAtomW
MoveFileWithProgressW
ResetWriteWatch
ReadConsoleOutputCharacterW
GetSystemTime
EnumSystemLocalesW
DeleteFileA
lstrcpyA
HeapSize
WideCharToMultiByte
HeapAlloc
HeapReAlloc
GetCommandLineW
HeapSetInformation
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetCurrentThreadId
GetProcAddress
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
ExitProcess
WriteFile
GetModuleFileNameW
HeapCreate
HeapFree
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
Sleep
SetFilePointer
GetConsoleCP
GetConsoleMode
RaiseException
RtlUnwind
SetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileW

user32

CharUpperW

winhttp

WinHttpWriteData

Sections

.text
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
F98B98404ECF3871A10A290ADE21AD77D0B2633F47247DEBC53D094B9BDFF245
.exe windows:4 windows x86 arch:x86

4a5f27cb90c03dbe6c8fb093cd390d3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msacm32

acmStreamClose
acmStreamOpen

winmm

waveOutGetVolume
mciGetYieldProc

mpr

WNetCloseEnum
WNetOpenEnumA
WNetCancelConnectionW

comctl32

InitCommonControlsEx

kernel32

RtlUnwind
GetModuleHandleA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetCommandLineW
GetConsoleMode
GetLastError
GetProcAddress
GetLocaleInfoA
CreateMutexA
lstrcpyA
GetStartupInfoA
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
CloseHandle

user32

ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClipboardData
SetCursor
SetFocus
SetForegroundWindow
SetKeyboardState
RedrawWindow
SetMenuItemInfoA
SetParent
SetPropA
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowTextA
ShowCaret
ShowCursor
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoA
TabbedTextOutA
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UpdateWindow
VkKeyScanA
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OpenClipboard
OffsetRect
OemToCharA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxA
MessageBeep
MapWindowPoints
MapVirtualKeyA
LockWindowUpdate
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorFromFileA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
RemovePropA
IsDialogMessageA
IsClipboardFormatAvailable
IsChild
IsCharUpperA
IsCharAlphaNumericA
IsCharAlphaA
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetWindow
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyState
GetKeyNameTextA
GetKeyboardType
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgItem
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameA
GetClassLongA
GetClassInfoA
GetCaretPos
GetCapture
GetAsyncKeyState
FrameRect
FindWindowExA
FindWindowA
FillRect
ExitWindowsEx
EqualRect
EnumWindows
EnumThreadWindows
EnumClipboardFormats
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
IsDialogMessageW
RegisterClassA
GetActiveWindow
DefWindowProcW
AdjustWindowRectEx
BeginDeferWindowPos
BeginPaint
CallNextHookEx
CallWindowProcA
CharLowerA
CharLowerBuffA
CharNextA
CharNextW
CharToOemA
CharUpperBuffA
EnumChildWindows
EndPaint
EndDeferWindowPos
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExA
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreateWindowExA
CreatePopupMenu
CreateMenu
CreateIcon
CreateCaret
CopyImage
CloseClipboard
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
SetMenu

gdi32

CreateEllipticRgn
CreateDIBSection
CreateEnhMetaFileA
CreateFontIndirectA
CreateHalftonePalette
CreateICA
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesA
ExcludeClipRect
ExtCreateRegion
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDCOrgEx
GetDeviceCaps
GetDIBColorTable
GetDIBits
GetEnhMetaFileBits
GetEnhMetaFileDescriptionA
CreateDIBitmap
GetEnhMetaFilePaletteEntries
GetNearestPaletteIndex
GetObjectA
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetSystemPaletteEntries
GetTextExtentPoint32A
GetTextExtentPointA
GetTextMetricsA
GetWindowOrgEx
GetWinMetaFileBits
IntersectClipRect
LineTo
LPtoDP
MaskBlt
MoveToEx
PatBlt
PlayEnhMetaFile
Polygon
Polyline
PtInRegion
RealizePalette
Rectangle
RectVisible
ResizePalette
RestoreDC
SaveDC
SelectClipPath
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
GetEnhMetaFileHeader
StartPage
TranslateCharsetInfo
StretchDIBits
CombineRgn
StartDocA
SetWinMetaFileBits
SetWindowOrgEx
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetPaletteEntries
SetMapMode
SetEnhMetaFileBits
SetDIBitsToDevice
SetDIBits

advapi32

LookupPrivilegeValueW
OpenThreadToken
AdjustTokenPrivileges
OpenProcessToken

shell32

ShellExecuteA
Shell_NotifyIconA
DragQueryFileA
DragFinish
DragAcceptFiles
CommandLineToArgvW

ole32

OleRun
OleDraw
IsAccelerator
CreateStreamOnHGlobal
OleSetMenuDescriptor
CoTaskMemAlloc
CoGetClassObject
CoInitialize
CoUninitialize
ProgIDFromCLSID
StringFromCLSID
CoTaskMemFree

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pa98
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

488309467553d2fb06d7c47c60f45f19

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

ole32

rpcrt4

shell32

user32

msasn1

ntdll

kernel32

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 648B

46afc61b34fb8e20ac7399f0df86ba31

Code Sign

aa:c5:30:b2:1d:bd:71:4c:91:21:8f:8b:a0:57:0e:24Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

6e:5b:67:66:9a:e8:c8:ab:af:9e:cb:59:c3:38:e6:88:e1:81:0f:e9:32:3f:01:f3:1f:8a:09:13:91:22:df:33Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: - Virtual size: 2.1MB

.rdata Size: - Virtual size: 169KB

.data Size: - Virtual size: 34KB

.@**..-- Size: - Virtual size: 2.7MB

.@**..-- Size: 1KB - Virtual size: 1KB

.@**..-- Size: 5.6MB - Virtual size: 5.6MB

.reloc Size: 7KB - Virtual size: 6KB

.rsrc Size: 170KB - Virtual size: 226KB

9e604fa03f90625680ac2f8bef162aff

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

20:08:05:80:1f:c2:18:ed:a6:47:9a:4b:a9:cb:b8:d6:cc:a7:6e:27:a1:3d:59:1b:9d:03:f4:12:b2:11:f3:6eSigner

27:63:5e:a0:a7:ad:75:75:23:e0:89:f8:5c:3d:e2:29:43:f8:69:85Signer

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 648B

aa:c5:30:b2:1d:bd:71:4c:91:21:8f:8b:a0:57:0e:24
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

6e:5b:67:66:9a:e8:c8:ab:af:9e:cb:59:c3:38:e6:88:e1:81:0f:e9:32:3f:01:f3:1f:8a:09:13:91:22:df:33
Signer

.text
Size: - Virtual size: 2.1MB

.rdata
Size: - Virtual size: 169KB

.data
Size: - Virtual size: 34KB

.@**..--
Size: - Virtual size: 2.7MB

.@**..--
Size: 1KB - Virtual size: 1KB

.@**..--
Size: 5.6MB - Virtual size: 5.6MB

.reloc
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 170KB - Virtual size: 226KB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

20:08:05:80:1f:c2:18:ed:a6:47:9a:4b:a9:cb:b8:d6:cc:a7:6e:27:a1:3d:59:1b:9d:03:f4:12:b2:11:f3:6e
Signer

27:63:5e:a0:a7:ad:75:75:23:e0:89:f8:5c:3d:e2:29:43:f8:69:85
Signer

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 56KB - Virtual size: 842KB

.rsrc
Size: 48KB - Virtual size: 47KB

UPX0
Size: - Virtual size: 472KB

UPX1
Size: 264KB - Virtual size: 268KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 277KB - Virtual size: 277KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 796KB - Virtual size: 792KB

.reloc
Size: 21KB - Virtual size: 20KB