crealstealer | funni game[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

funni game.rar
Size

69.8MB
MD5

0497d3d3448e093441c98df7465514b2
SHA1

3eaa55d381d772587f49bbb9be8d0826a27702e2
SHA256

355bb7cd13e2b17a20c4956af0f402c107a186e95ad82864913b1849cc044939
SHA512

67bea1ac015d9f0e9ab9cf9b841b0925e149286e45e92e1fb2705f2ce2daaa56a83ccec8c063243ec52886f21901a79213b2ab7e24e6fde882757ccffaadbb22
SSDEEP

1572864:/Y4g+847Nq+K5jHPuVw9juS7qU/nn3tkUKKjGQtsYECoqspWi7Hrw:/Y4gGNKPwS7F/nnf5iQtJU2SHrw

Score

10^/10

pyinstaller crealstealer

Malware Config

Signatures

An infostealer written in Python and packaged with PyInstaller. 1 IoCs

resource	yara_rule
static1/unpack002/Creal.pyc	crealstealer

Crealstealer family
crealstealer

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/funni game/money/good game.exe	pyinstaller

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/funni game/money/MonoBleedingEdge/EmbedRuntime/MonoPosixHelper.dll
unpack001/funni game/money/VclStylesinno.dll
unpack001/funni game/money/good game.exe

Files

funni game.rar
.rar
funni game/HOW TO RUN GAME!!.txt
funni game/_Redist/dotNetFx40_Full_setup.exe
.exe windows:5 windows x86 arch:x86

02483cd76378259a50b7b66146b45f06

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d6:d5:21:44:87:a4:87:f6:84:c8:27:2e:90:f4:8d:98:d2:12:c9:41
Signer

Actual PE Digest

d6:d5:21:44:87:a4:87:f6:84:c8:27:2e:90:f4:8d:98:d2:12:c9:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptGenRandom
CryptReleaseContext
DecryptFileW
CryptAcquireContextA

kernel32

Sleep
WaitForSingleObject
GetExitCodeProcess
CloseHandle
SetFileAttributesW
InitializeCriticalSection
CreateEventA
CreateThread
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCommandLineW
CreateProcessW
CompareStringW
LocalFree
QueryDosDeviceW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetDriveTypeW
CreateFileW
DeviceIoControl
SetErrorMode
CreateDirectoryW
RemoveDirectoryW
MoveFileExW
LoadLibraryW
GetProcAddress
GetSystemDirectoryW
GetVersion
GetLastError
SetEnvironmentVariableW
ExitThread
GetTickCount
GetEnvironmentVariableW
GetModuleHandleW
lstrlenW
WaitForMultipleObjects
ResetEvent
GetSystemInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetEndOfFile
DuplicateHandle
ReadFile
SetFilePointerEx
GlobalFree
GlobalAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
LCMapStringW
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetStringTypeW
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileA
GetLocalTime
GetComputerNameW
lstrlenA
FormatMessageW
GetSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
DeleteFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentDirectoryW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
GetProcessHeap
RaiseException

comctl32

ord17

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW

shlwapi

PathRemoveExtensionW

user32

MessageBoxW
GetTopWindow
GetWindowThreadProcessId
GetWindow
SendMessageA
PostMessageW
SendMessageW
DialogBoxParamA
GetDlgItem
SetWindowTextW
EndDialog
PostQuitMessage
DialogBoxParamW
SetWindowLongW
GetWindowLongW
LoadStringW
CharUpperW

cabinet

ord22
ord23
ord20

oleaut32

SysAllocString
VariantClear

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

?dwPlaceholder@@3PAEA
_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boxld01
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funni game/_Redist/dxwebsetup.exe
.exe windows:5 windows x86 arch:x86

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:b8:85:36:04:6e:46:6d:2f:58:b3:18:fd:18:43:f0:b8:4b:28:d3
Signer

Actual PE Digest

47:b8:85:36:04:6e:46:6d:2f:58:b3:18:fd:18:43:f0:b8:4b:28:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegQueryInfoKeyA

kernel32

LocalFree
LocalAlloc
GetLastError
GetCurrentProcess
GetModuleFileNameA
lstrlenA
GetSystemDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
DeleteFileA
SetFileAttributesA
lstrcmpA
FindFirstFileA
lstrcatA
lstrcpyA
_lclose
_llseek
_lopen
WritePrivateProfileStringA
GetWindowsDirectoryA
CreateDirectoryA
GetFileAttributesA
ExpandEnvironmentStringsA
IsDBCSLeadByte
GetShortPathNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
lstrcmpiA
GetProcAddress
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
CloseHandle
LoadResource
SizeofResource
FindResourceA
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetCurrentDirectoryA
GetTempFileNameA
ExitProcess
CreateFileA
LoadLibraryExA
lstrcpynA
GetVolumeInformationA
FormatMessageA
GetCurrentDirectoryA
GetVersionExA
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetSystemInfo
CreateMutexA
SetEvent
CreateEventA
CreateThread
ResetEvent
TerminateThread
GetDriveTypeA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LockResource
LoadLibraryA
GetDiskFreeSpaceA
MulDiv
EnumResourceLanguagesA
FreeLibrary
GlobalFree

gdi32

GetDeviceCaps

user32

ExitWindowsEx
wsprintfA
CharNextA
CharUpperA
CharPrevA
SetWindowLongA
GetWindowLongA
CallWindowProcA
DispatchMessageA
MsgWaitForMultipleObjects
PeekMessageA
SendMessageA
SetWindowPos
ReleaseDC
GetDC
GetWindowRect
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetWindowTextA
MessageBoxA
DialogBoxIndirectParamA
ShowWindow
EnableWindow
GetDlgItemTextA
EndDialog
GetDesktopWindow
MessageBeep
SetDlgItemTextA
LoadStringA
GetSystemMetrics

comctl32

ord17

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
funni game/_Redist/oalinst.exe
.exe windows:4 windows x86 arch:x86

1ff011c2e13ea492fe69b2fbfc802083

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:33:6d:83:6a:19:e2:44:ff:0e:52:88:2e:b5:b1:de
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30-06-2006 00:00

Not After

14-07-2009 23:59

Subject

CN=Creative Labs Inc,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=CLI,O=Creative Labs Inc,L=Milpitas,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2006 17:01

Not After

23-05-2016 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:34:e3:72:3d:d1:2b:57:d7:86:46:9b:d8:78:2f:92:cf:2d:5d:4f
Signer

Actual PE Digest

cb:34:e3:72:3d:d1:2b:57:d7:86:46:9b:d8:78:2f:92:cf:2d:5d:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetFileAttributesA
GetProcAddress
LoadLibraryA
FreeResource
SizeofResource
LoadResource
FindResourceA
ReadFile
SetEndOfFile
GetLocaleInfoW
HeapSize
IsValidCodePage
IsValidLocale
DeleteFileA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
InterlockedExchange
RemoveDirectoryA
CreateDirectoryA
GetModuleFileNameA
GetSystemDirectoryA
CopyFileA
GetTempFileNameA
LockResource
MoveFileExA
GetTimeZoneInformation
CompareStringA
CompareStringW
EnumSystemLocalesA
VirtualAlloc
GetLastError
HeapFree
HeapAlloc
MoveFileA
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetEnvironmentVariableA
HeapReAlloc
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
CloseHandle
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
LCMapStringA
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
Sleep
SetConsoleCtrlHandler
FreeLibrary

user32

LoadCursorA
RegisterClassExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
PostQuitMessage
LoadIconA
SetClassLongA
LoadImageA
CreateWindowExA
SendMessageA
BeginPaint
GetClientRect
MoveWindow
DrawTextA
EndPaint
DefWindowProcA

gdi32

CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetStockObject

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
funni game/_Redist/vcredist_2015-2019_x64.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:01:34:22:1e:7e:49:2a:ac:da:6a:00:00:00:00:01:34
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-10-2019 18:17

Not After

03-01-2021 18:17

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:E041-4BEE-FA7E,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:cd:00:d9:81:97:db:3f:fb:fb:3f:54:d1:0a:0d:d4:f4:56:29:a6:03:63:86:3f:a0:b1:71:7e:4c:43:8a:da
Signer

Actual PE Digest

b4:cd:00:d9:81:97:db:3f:fb:fb:3f:54:d1:0a:0d:d4:f4:56:29:a6:03:63:86:3f:a0:b1:71:7e:4c:43:8a:da

Digest Algorithm

sha256

PE Digest Matches

true

77:97:6d:62:92:5a:37:44:2f:5d:c5:b0:8d:43:91:09:56:54:b2:48
Signer

Actual PE Digest

77:97:6d:62:92:5a:37:44:2f:5d:c5:b0:8d:43:91:09:56:54:b2:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funni game/_Redist/vcredist_2015-2019_x86.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:01:2a:30:bf:85:c5:0e:b1:e2:8c:00:00:00:00:01:2a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-09-2019 20:40

Not After

04-12-2020 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:7D2E-3782-B0F7,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02-05-2019 21:37

Not After

02-05-2020 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:6d:60:08:04:c6:65:c7:f8:0a:78:74:29:9a:a4:ab:9d:42:b8:ba:0c:df:95:ee:75:8a:64:a4:2f:71:a6:46
Signer

Actual PE Digest

74:6d:60:08:04:c6:65:c7:f8:0a:78:74:29:9a:a4:ab:9d:42:b8:ba:0c:df:95:ee:75:8a:64:a4:2f:71:a6:46

Digest Algorithm

sha256

PE Digest Matches

true

0b:05:b3:51:e7:d2:3f:ce:ad:94:9d:75:ac:64:9a:ad:21:01:73:2c
Signer

Actual PE Digest

0b:05:b3:51:e7:d2:3f:ce:ad:94:9d:75:ac:64:9a:ad:21:01:73:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funni game/_Redist/vcredist_x64.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:01

Not After

25-07-2013 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b7:67:e2:97:28:63:cf:54:51:e3:36:ce:0a:1f:4f:ce:6e:3a:bc:30
Signer

Actual PE Digest

b7:67:e2:97:28:63:cf:54:51:e3:36:ce:0a:1f:4f:ce:6e:3a:bc:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
funni game/_Redist/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22-08-2007 22:31

Not After

25-08-2012 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-12-2009 22:40

Not After

07-03-2011 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25-07-2008 19:02

Not After

25-07-2013 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d
Signer

Actual PE Digest

8a:19:aa:3a:87:7f:dd:23:dc:03:96:64:c9:5b:23:7c:35:b0:fd:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.8MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
funni game/_Redist/xnafx40_redist.msi
.msi
funni game/money/MonoBleedingEdge/EmbedRuntime/MonoPosixHelper.dll
.dll windows:6 windows x64 arch:x64

34201c4686f57d3d800c5377a2f46949

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
WriteFile
CloseHandle
GetLastError
ReadFile
FindClose
FindFirstFileW
FileTimeToDosDateTime
FileTimeToLocalFileTime
CreateFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetModuleFileNameW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ExitProcess
GetModuleHandleExW
GetTempPathW
GetCPInfo
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThread
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetConsoleCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
GetStringTypeW
FlushFileBuffers
SetStdHandle
GetFileAttributesExW
HeapReAlloc
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
SetConsoleCtrlHandler
SetEndOfFile
WriteConsoleW
GetTimeZoneInformation
HeapSize
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
CreateThread
RaiseException

advapi32

SystemFunction036

Exports

Exports

CloseZStream
CreateZStream
Flush
Mono_Posix_FromAccessModes
Mono_Posix_FromConfstrName
Mono_Posix_FromDirectoryNotifyFlags
Mono_Posix_FromErrno
Mono_Posix_FromFcntlCommand
Mono_Posix_FromFilePermissions
Mono_Posix_FromLockType
Mono_Posix_FromLockfCommand
Mono_Posix_FromMlockallFlags
Mono_Posix_FromMmapFlags
Mono_Posix_FromMmapProts
Mono_Posix_FromMountFlags
Mono_Posix_FromMremapFlags
Mono_Posix_FromMsyncFlags
Mono_Posix_FromOpenFlags
Mono_Posix_FromPathconfName
Mono_Posix_FromPollEvents
Mono_Posix_FromPosixFadviseAdvice
Mono_Posix_FromPosixMadviseAdvice
Mono_Posix_FromSeekFlags
Mono_Posix_FromSignum
Mono_Posix_FromSysconfName
Mono_Posix_FromSyslogFacility
Mono_Posix_FromSyslogLevel
Mono_Posix_FromSyslogOptions
Mono_Posix_FromWaitOptions
Mono_Posix_FromXattrFlags
Mono_Posix_Stdlib_BUFSIZ
Mono_Posix_Stdlib_CreateFilePosition
Mono_Posix_Stdlib_DumpFilePosition
Mono_Posix_Stdlib_EOF
Mono_Posix_Stdlib_EXIT_FAILURE
Mono_Posix_Stdlib_EXIT_SUCCESS
Mono_Posix_Stdlib_FILENAME_MAX
Mono_Posix_Stdlib_FOPEN_MAX
Mono_Posix_Stdlib_GetLastError
Mono_Posix_Stdlib_InvokeSignalHandler
Mono_Posix_Stdlib_L_tmpnam
Mono_Posix_Stdlib_MB_CUR_MAX
Mono_Posix_Stdlib_RAND_MAX
Mono_Posix_Stdlib_SIG_DFL
Mono_Posix_Stdlib_SIG_ERR
Mono_Posix_Stdlib_SIG_IGN
Mono_Posix_Stdlib_SetLastError
Mono_Posix_Stdlib_TMP_MAX
Mono_Posix_Stdlib__IOFBF
Mono_Posix_Stdlib__IOLBF
Mono_Posix_Stdlib__IONBF
Mono_Posix_Stdlib_calloc
Mono_Posix_Stdlib_clearerr
Mono_Posix_Stdlib_fclose
Mono_Posix_Stdlib_feof
Mono_Posix_Stdlib_ferror
Mono_Posix_Stdlib_fflush
Mono_Posix_Stdlib_fgetc
Mono_Posix_Stdlib_fgetpos
Mono_Posix_Stdlib_fgets
Mono_Posix_Stdlib_fopen
Mono_Posix_Stdlib_fprintf
Mono_Posix_Stdlib_fputc
Mono_Posix_Stdlib_fputs
Mono_Posix_Stdlib_fread
Mono_Posix_Stdlib_free
Mono_Posix_Stdlib_freopen
Mono_Posix_Stdlib_fseek
Mono_Posix_Stdlib_fsetpos
Mono_Posix_Stdlib_ftell
Mono_Posix_Stdlib_fwrite
Mono_Posix_Stdlib_malloc
Mono_Posix_Stdlib_perror
Mono_Posix_Stdlib_realloc
Mono_Posix_Stdlib_rewind
Mono_Posix_Stdlib_setbuf
Mono_Posix_Stdlib_setvbuf
Mono_Posix_Stdlib_stderr
Mono_Posix_Stdlib_stdin
Mono_Posix_Stdlib_stdout
Mono_Posix_Stdlib_strlen
Mono_Posix_Stdlib_tmpfile
Mono_Posix_Stdlib_ungetc
Mono_Posix_Syscall_L_ctermid
Mono_Posix_Syscall_L_cuserid
Mono_Posix_Syscall_get_at_fdcwd
Mono_Posix_Syscall_get_utime_now
Mono_Posix_Syscall_get_utime_omit
Mono_Posix_ToAccessModes
Mono_Posix_ToConfstrName
Mono_Posix_ToDirectoryNotifyFlags
Mono_Posix_ToErrno
Mono_Posix_ToFcntlCommand
Mono_Posix_ToFilePermissions
Mono_Posix_ToLockType
Mono_Posix_ToLockfCommand
Mono_Posix_ToMlockallFlags
Mono_Posix_ToMmapFlags
Mono_Posix_ToMmapProts
Mono_Posix_ToMountFlags
Mono_Posix_ToMremapFlags
Mono_Posix_ToMsyncFlags
Mono_Posix_ToOpenFlags
Mono_Posix_ToPathconfName
Mono_Posix_ToPollEvents
Mono_Posix_ToPosixFadviseAdvice
Mono_Posix_ToPosixMadviseAdvice
Mono_Posix_ToSeekFlags
Mono_Posix_ToSignum
Mono_Posix_ToSysconfName
Mono_Posix_ToSyslogFacility
Mono_Posix_ToSyslogLevel
Mono_Posix_ToSyslogOptions
Mono_Posix_ToWaitOptions
Mono_Posix_ToXattrFlags
Mono_Unix_VersionString
ReadZStream
WriteZStream
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen2
unzOpenCurrentFile2
unzReadCurrentFile
unztell
zipClose
zipCloseFileInZip
zipOpen2
zipOpenNewFileInZip
zipWriteInFileInZip

Sections

.text
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funni game/money/MonoBleedingEdge/EmbedRuntime/mono-2.0-bdwgc.dll
.dll windows:6 windows x64 arch:x64

08e0e9420422848b67724e5a746ca26b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:88:3b:fb:88:38:ac:27:c4:5b:74:c5:0f:42:b2:5b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-07-2018 00:00

Not After

10-07-2021 23:59

Subject

CN=Unity Technologies Aps,OU=Core Developer Services,O=Unity Technologies Aps,L=København K,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:30:b8:a4:77:18:ac:f3:bd:e2:2e:12:fc:a6:79:d3:22:28:dd:6f
Signer

Actual PE Digest

8b:30:b8:a4:77:18:ac:f3:bd:e2:2e:12:fc:a6:79:d3:22:28:dd:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mswsock

TransmitFile

ws2_32

gethostname
__WSAFDIsSet
select
WSAGetLastError
htons
getprotobyname
WSASend
WSARecv
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSASetLastError
sendto
recvfrom
socket
send
recv
inet_addr
ioctlsocket
connect
accept
inet_pton
WSASocketW
WSAIoctl
shutdown
setsockopt
ntohs
ntohl
listen
htonl
getsockopt
getsockname
getpeername
closesocket
bind
WSAWaitForMultipleEvents
WSACleanup
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo

ole32

CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SafeArrayGetUBound
SysAllocStringLen
SysFreeString
SysStringLen
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayPutElement
SafeArrayPtrOfIndex

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleInformation
EnumProcesses
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

advapi32

BuildTrusteeWithSidW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
GetEffectiveRightsFromAclW
SetEntriesInAclW
LookupAccountSidW
GetTokenInformation
GetLengthSid
FreeSid
DuplicateToken
CopySid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
RevertToSelf
ImpersonateLoggedOnUser
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
SystemFunction036
CreateProcessWithLogonW

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps
timeBeginPeriod
timeEndPeriod

kernel32

LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapAlloc
HeapFree
GetFullPathNameA
GetFullPathNameW
ReadConsoleW
WriteConsoleW
FreeLibraryAndExitThread
SetConsoleMode
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SystemTimeToFileTime
TzSpecificLocalTimeToSystemTime
GetConsoleCP
SetStdHandle
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
InterlockedPushEntrySList
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsValidLocale
GetModuleHandleA
GetModuleFileNameA
GetExitCodeThread
InitializeCriticalSection
GetEnvironmentVariableA
GetModuleHandleExW
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
RtlInstallFunctionTableCallback
RtlDeleteFunctionTable
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetConsoleCtrlHandler
MoveFileExW
SetFilePointerEx
GetTimeZoneInformation
GetStringTypeW
CreateProcessA
OutputDebugStringA
FindFirstFileExA
FindFirstFileExW
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
SetEnvironmentVariableA
GetProcessHeap
InterlockedFlushSList
CreateEventW
CreateFileA
MultiByteToWideChar
FreeConsole
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
FreeLibrary
Sleep
GetTickCount
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetLastError
GetLocaleInfoA
GetThreadLocale
GetCurrentProcess
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageW
LoadLibraryW
QueryPerformanceCounter
QueryPerformanceFrequency
GetACP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
SetLastError
SetErrorMode
CloseHandle
VirtualProtect
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcessId
GetSystemTimes
GetSystemTimeAsFileTime
GetTickCount64
TryEnterCriticalSection
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
ReleaseSemaphore
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CreateSemaphoreW
DuplicateHandle
RaiseException
WaitForSingleObject
SwitchToThread
CreateThread
GetCurrentThread
GetCurrentThreadId
OpenThread
ExitThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
SetEvent
ResetEvent
HeapSize
SleepEx
WaitForSingleObjectEx
WaitForMultipleObjectsEx
SignalObjectAndWait
QueueUserAPC
DeleteCriticalSection
GetCommandLineW
CreateFileW
GetFileSize
ExitProcess
GetSystemDirectoryW
DisableThreadLibraryCalls
GetModuleFileNameW
GetVersionExW
GlobalMemoryStatusEx
GetProcessId
VerLanguageNameW
SetThreadPriority
WakeConditionVariable
DeleteFileW
GetFileAttributesExW
SetHandleInformation
OpenFileMappingW
FlushViewOfFile
GetFileInformationByHandleEx
GetConsoleMode
GetStdHandle
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FlushFileBuffers
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileTime
GetFileType
GetLogicalDriveStringsW
GetVolumeInformationW
LockFile
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
UnlockFile
WriteFile
CreatePipe
CancelIoEx
CopyFileW
MoveFileW
ReplaceFileW
FileTimeToSystemTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
OutputDebugStringW
GetComputerNameW
GlobalAlloc
GlobalReAlloc
GlobalFree
ReleaseMutex
CreateMutexW
OpenMutexW
OpenSemaphoreW
OpenEventW
GetProcessTimes
TerminateProcess
GetExitCodeProcess
CreateProcessW
SetPriorityClass
GetPriorityClass
OpenProcess
GetProcessWorkingSetSize
SetProcessWorkingSetSize

user32

MessageBoxA
SendMessageTimeoutW
MessageBoxW
MsgWaitForMultipleObjectsEx
WaitForInputIdle

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW
SHGetKnownFolderPath

Exports

Exports

MonoFixupCorEE
mini_get_debug_options
mini_parse_debug_option
mono_add_internal_call
mono_aot_register_module
mono_array_addr_with_size
mono_array_class_get
mono_array_clone
mono_array_element_size
mono_array_length
mono_array_new
mono_array_new_full
mono_array_new_specific
mono_assemblies_cleanup
mono_assemblies_init
mono_assembly_addref
mono_assembly_close
mono_assembly_fill_assembly_name
mono_assembly_foreach
mono_assembly_get_assemblyref
mono_assembly_get_image
mono_assembly_get_main
mono_assembly_get_name
mono_assembly_get_object
mono_assembly_getrootdir
mono_assembly_invoke_load_hook
mono_assembly_invoke_search_hook
mono_assembly_load
mono_assembly_load_from
mono_assembly_load_from_full
mono_assembly_load_full
mono_assembly_load_module
mono_assembly_load_module_checked
mono_assembly_load_reference
mono_assembly_load_references
mono_assembly_load_with_partial_name
mono_assembly_loaded
mono_assembly_loaded_full
mono_assembly_name_free
mono_assembly_name_get_culture
mono_assembly_name_get_name
mono_assembly_name_get_pubkeytoken
mono_assembly_name_get_version
mono_assembly_name_new
mono_assembly_name_parse
mono_assembly_names_equal
mono_assembly_open
mono_assembly_open_full
mono_assembly_set_main
mono_assembly_setrootdir
mono_bitset_alloc_size
mono_bitset_clear
mono_bitset_clear_all
mono_bitset_clone
mono_bitset_copyto
mono_bitset_count
mono_bitset_equal
mono_bitset_find_first
mono_bitset_find_first_unset
mono_bitset_find_last
mono_bitset_find_start
mono_bitset_foreach
mono_bitset_free
mono_bitset_intersection
mono_bitset_intersection_2
mono_bitset_invert
mono_bitset_mem_new
mono_bitset_new
mono_bitset_set
mono_bitset_set_all
mono_bitset_size
mono_bitset_sub
mono_bitset_test
mono_bitset_test_bulk
mono_bitset_union
mono_bounded_array_class_get
mono_breakpoint_clean_code
mono_build_date
mono_callspec_cleanup
mono_callspec_eval
mono_callspec_eval_exception
mono_callspec_parse
mono_check_corlib_version
mono_class_array_element_size
mono_class_data_size
mono_class_describe_statics
mono_class_enum_basetype
mono_class_from_generic_parameter
mono_class_from_mono_type
mono_class_from_name
mono_class_from_name_case
mono_class_from_typeref
mono_class_from_typeref_checked
mono_class_get
mono_class_get_byref_type
mono_class_get_context
mono_class_get_element_class
mono_class_get_event_token
mono_class_get_events
mono_class_get_field
mono_class_get_field_from_name
mono_class_get_field_token
mono_class_get_fields
mono_class_get_flags
mono_class_get_full
mono_class_get_image
mono_class_get_interfaces
mono_class_get_method_from_name
mono_class_get_method_from_name_flags
mono_class_get_methods
mono_class_get_name
mono_class_get_namespace
mono_class_get_nested_types
mono_class_get_nesting_type
mono_class_get_parent
mono_class_get_properties
mono_class_get_property_from_name
mono_class_get_property_token
mono_class_get_rank
mono_class_get_type
mono_class_get_type_token
mono_class_get_userdata
mono_class_get_userdata_offset
mono_class_implements_interface
mono_class_inflate_generic_method
mono_class_inflate_generic_type
mono_class_init
mono_class_instance_size
mono_class_interface_offset
mono_class_is_assignable_from
mono_class_is_blittable
mono_class_is_delegate
mono_class_is_enum
mono_class_is_generic
mono_class_is_inflated
mono_class_is_subclass_of
mono_class_is_valid_enum
mono_class_is_valuetype
mono_class_min_align
mono_class_name_from_token
mono_class_num_events
mono_class_num_fields
mono_class_num_methods
mono_class_num_properties
mono_class_set_userdata
mono_class_value_size
mono_class_vtable
mono_cli_rva_image_map
mono_code_manager_cleanup
mono_code_manager_commit
mono_code_manager_destroy
mono_code_manager_init
mono_code_manager_install_callbacks
mono_code_manager_invalidate
mono_code_manager_new
mono_code_manager_new_dynamic
mono_code_manager_reserve
mono_code_manager_reserve_align
mono_code_manager_set_read_only
mono_code_manager_size
mono_compile_method
mono_conc_hashtable_destroy
mono_conc_hashtable_foreach
mono_conc_hashtable_foreach_steal
mono_conc_hashtable_insert
mono_conc_hashtable_lookup
mono_conc_hashtable_new
mono_conc_hashtable_new_full
mono_conc_hashtable_remove
mono_config_cleanup
mono_config_for_assembly
mono_config_get_cpu
mono_config_get_os
mono_config_get_wordsize
mono_config_is_server_mode
mono_config_parse
mono_config_parse_memory
mono_config_set_server_mode
mono_config_string_for_assembly_file
mono_context_get
mono_context_get_desc
mono_context_get_domain_id
mono_context_get_id
mono_context_init
mono_context_set
mono_counter_get_name
mono_counter_get_section
mono_counter_get_size
mono_counter_get_type
mono_counter_get_unit
mono_counter_get_variance
mono_counters_cleanup
mono_counters_dump
mono_counters_enable
mono_counters_foreach
mono_counters_init
mono_counters_on_register
mono_counters_register
mono_counters_register_with_size
mono_counters_sample
mono_cpu_count
mono_custom_attrs_construct
mono_custom_attrs_free
mono_custom_attrs_from_assembly
mono_custom_attrs_from_class
mono_custom_attrs_from_event
mono_custom_attrs_from_field
mono_custom_attrs_from_index
mono_custom_attrs_from_method
mono_custom_attrs_from_param
mono_custom_attrs_from_property
mono_custom_attrs_get_attr
mono_custom_attrs_get_attrs
mono_custom_attrs_has_attr
mono_debug_add_delegate_trampoline
mono_debug_add_method
mono_debug_cleanup
mono_debug_close_image
mono_debug_close_mono_symbol_file
mono_debug_domain_create
mono_debug_domain_unload
mono_debug_enabled
mono_debug_find_method
mono_debug_free_locals
mono_debug_free_method_jit_info
mono_debug_free_source_location
mono_debug_il_offset_from_address
mono_debug_init
mono_debug_lookup_locals
mono_debug_lookup_method
mono_debug_lookup_method_addresses
mono_debug_lookup_source_location
mono_debug_open_image_from_memory
mono_debug_open_mono_symbols
mono_debug_print_stack_frame
mono_debug_print_vars
mono_debug_remove_method
mono_debug_symfile_free_location
mono_debug_symfile_is_loaded
mono_debug_symfile_lookup_locals
mono_debug_symfile_lookup_location
mono_debug_symfile_lookup_method
mono_debugger_agent_parse_options
mono_debugger_agent_register_transport
mono_debugger_agent_transport_handshake
mono_debugger_insert_breakpoint
mono_debugger_method_has_breakpoint
mono_debugger_run_finally
mono_declsec_flags_from_assembly
mono_declsec_flags_from_class
mono_declsec_flags_from_method
mono_declsec_get_assembly_action
mono_declsec_get_class_action
mono_declsec_get_demands
mono_declsec_get_inheritdemands_class
mono_declsec_get_inheritdemands_method
mono_declsec_get_linkdemands
mono_declsec_get_method_action
mono_digest_get_public_token
mono_disasm_code
mono_disasm_code_one
mono_dl_fallback_register
mono_dl_fallback_unregister
mono_dl_open
mono_dllmap_insert
mono_domain_assembly_foreach
mono_domain_assembly_open
mono_domain_create
mono_domain_create_appdomain
mono_domain_finalize
mono_domain_foreach
mono_domain_free
mono_domain_from_appdomain
mono_domain_get
mono_domain_get_by_id
mono_domain_get_friendly_name
mono_domain_get_id
mono_domain_has_type_resolve
mono_domain_is_unloading
mono_domain_owns_vtable_slot
mono_domain_set
mono_domain_set_config
mono_domain_set_internal
mono_domain_try_type_resolve
mono_domain_try_unload
mono_domain_unload
mono_environment_exitcode_get
mono_environment_exitcode_set
mono_error_cleanup
mono_error_get_error_code
mono_error_get_message
mono_error_init
mono_error_init_flags
mono_error_ok
mono_escape_uri_string
mono_event_get_add_method
mono_event_get_flags
mono_event_get_name
mono_event_get_object
mono_event_get_parent
mono_event_get_raise_method
mono_event_get_remove_method
mono_exception_from_name
mono_exception_from_name_domain
mono_exception_from_name_msg
mono_exception_from_name_two_strings
mono_exception_from_token
mono_exception_from_token_two_strings
mono_exception_walk_trace
mono_field_from_token
mono_field_full_name
mono_field_get_data
mono_field_get_flags
mono_field_get_name
mono_field_get_object
mono_field_get_offset
mono_field_get_parent
mono_field_get_type
mono_field_get_value
mono_field_get_value_object
mono_field_set_value
mono_field_static_get_value
mono_field_static_set_value
mono_file_map
mono_file_map_close
mono_file_map_fd
mono_file_map_open
mono_file_map_size
mono_file_unmap
mono_free
mono_free_bstr
mono_free_method
mono_free_verify_list
mono_g_hash_table_destroy
mono_g_hash_table_find
mono_g_hash_table_foreach
mono_g_hash_table_foreach_remove
mono_g_hash_table_insert
mono_g_hash_table_lookup
mono_g_hash_table_lookup_extended
mono_g_hash_table_new_type
mono_g_hash_table_print_stats
mono_g_hash_table_remove
mono_g_hash_table_replace
mono_g_hash_table_size
mono_gc_collect
mono_gc_collection_count
mono_gc_finalize_notify
mono_gc_get_generation
mono_gc_get_heap_size
mono_gc_get_used_size
mono_gc_invoke_finalizers
mono_gc_max_generation
mono_gc_pending_finalizers
mono_gc_reference_queue_add
mono_gc_reference_queue_free
mono_gc_reference_queue_new
mono_gc_register_finalizer_callbacks
mono_gc_register_root
mono_gc_toggleref_add
mono_gc_toggleref_register_callback
mono_gc_walk_heap
mono_gc_wbarrier_arrayref_copy
mono_gc_wbarrier_generic_nostore
mono_gc_wbarrier_generic_store
mono_gc_wbarrier_generic_store_atomic
mono_gc_wbarrier_object_copy
mono_gc_wbarrier_set_arrayref
mono_gc_wbarrier_set_field
mono_gc_wbarrier_value_copy
mono_gchandle_free
mono_gchandle_get_target
mono_gchandle_is_in_domain
mono_gchandle_new
mono_gchandle_new_weakref
mono_get_array_class
mono_get_boolean_class
mono_get_byte_class
mono_get_char_class
mono_get_config_dir
mono_get_corlib
mono_get_dbnull_object
mono_get_delegate_begin_invoke
mono_get_delegate_end_invoke
mono_get_delegate_invoke
mono_get_double_class
mono_get_enum_class
mono_get_exception_appdomain_unloaded
mono_get_exception_argument
mono_get_exception_argument_null
mono_get_exception_argument_out_of_range
mono_get_exception_arithmetic
mono_get_exception_array_type_mismatch
mono_get_exception_bad_image_format
mono_get_exception_bad_image_format2
mono_get_exception_cannot_unload_appdomain
mono_get_exception_class
mono_get_exception_divide_by_zero
mono_get_exception_execution_engine
mono_get_exception_field_access
mono_get_exception_file_not_found
mono_get_exception_file_not_found2
mono_get_exception_index_out_of_range
mono_get_exception_invalid_cast
mono_get_exception_invalid_operation
mono_get_exception_io
mono_get_exception_method_access
mono_get_exception_missing_field
mono_get_exception_missing_method
mono_get_exception_not_implemented
mono_get_exception_not_supported
mono_get_exception_null_reference
mono_get_exception_out_of_memory
mono_get_exception_overflow
mono_get_exception_reflection_type_load
mono_get_exception_runtime_wrapped
mono_get_exception_security
mono_get_exception_serialization
mono_get_exception_stack_overflow
mono_get_exception_synchronization_lock
mono_get_exception_thread_abort
mono_get_exception_thread_interrupted
mono_get_exception_thread_state
mono_get_exception_type_initialization
mono_get_exception_type_load
mono_get_find_plugin_callback
mono_get_inflated_method
mono_get_int16_class
mono_get_int32_class
mono_get_int64_class
mono_get_intptr_class
mono_get_machine_config
mono_get_method
mono_get_method_constrained
mono_get_method_full
mono_get_object_class
mono_get_root_domain
mono_get_runtime_build_info
mono_get_sbyte_class
mono_get_single_class
mono_get_string_class
mono_get_thread_class
mono_get_uint16_class
mono_get_uint32_class
mono_get_uint64_class
mono_get_uintptr_class
mono_get_void_class
mono_guid_to_string
mono_guid_to_string_minimal
mono_hazard_pointer_get
mono_image_add_to_name_cache
mono_image_addref
mono_image_close
mono_image_ensure_section
mono_image_ensure_section_idx
mono_image_fixup_vtable
mono_image_get_assembly
mono_image_get_entry_point
mono_image_get_filename
mono_image_get_guid
mono_image_get_name
mono_image_get_public_key
mono_image_get_resource
mono_image_get_strong_name
mono_image_get_table_info
mono_image_get_table_rows
mono_image_has_authenticode_entry
mono_image_init
mono_image_init_name_cache
mono_image_is_dynamic
mono_image_load_file_for_image
mono_image_load_module
mono_image_loaded
mono_image_loaded_by_guid
mono_image_loaded_by_guid_full
mono_image_loaded_full
mono_image_lookup_resource
mono_image_open
mono_image_open_from_data
mono_image_open_from_data_full
mono_image_open_from_data_with_name
mono_image_open_full
mono_image_rva_map
mono_image_strerror
mono_image_strong_name_position
mono_images_cleanup
mono_images_init
mono_init
mono_init_from_assembly
mono_init_version
mono_install_assembly_load_hook
mono_install_assembly_postload_refonly_search_hook
mono_install_assembly_postload_search_hook
mono_install_assembly_preload_hook
mono_install_assembly_refonly_preload_hook
mono_install_assembly_refonly_search_hook
mono_install_assembly_search_hook
mono_install_ftnptr_eh_callback
mono_install_load_aot_data_hook
mono_install_runtime_cleanup

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funni game/money/MonoBleedingEdge/etc/mono/2.0/Browsers/Compat.browser
funni game/money/MonoBleedingEdge/etc/mono/2.0/DefaultWsdlHelpGenerator.aspx
.js
funni game/money/MonoBleedingEdge/etc/mono/2.0/machine.config
.xml
funni game/money/MonoBleedingEdge/etc/mono/2.0/settings.map
.xml
funni game/money/MonoBleedingEdge/etc/mono/2.0/web.config
.xml
funni game/money/MonoBleedingEdge/etc/mono/4.0/Browsers/Compat.browser
funni game/money/MonoBleedingEdge/etc/mono/4.0/DefaultWsdlHelpGenerator.aspx
.js
funni game/money/MonoBleedingEdge/etc/mono/4.0/machine.config
.xml
funni game/money/MonoBleedingEdge/etc/mono/4.0/settings.map
.xml
funni game/money/MonoBleedingEdge/etc/mono/4.0/web.config
.xml
funni game/money/MonoBleedingEdge/etc/mono/4.5/Browsers/Compat.browser
funni game/money/MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.aspx
.js
funni game/money/MonoBleedingEdge/etc/mono/4.5/machine.config
.xml
funni game/money/MonoBleedingEdge/etc/mono/4.5/settings.map
.xml
funni game/money/MonoBleedingEdge/etc/mono/4.5/web.config
.xml
funni game/money/MonoBleedingEdge/etc/mono/browscap.ini
funni game/money/MonoBleedingEdge/etc/mono/config
funni game/money/MonoBleedingEdge/etc/mono/mconfig/config.xml
.xml
funni game/money/UnityCrashHandler64.exe
.exe windows:6 windows x64 arch:x64

710d55e38d250e6e702e5761811dca0a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:88:3b:fb:88:38:ac:27:c4:5b:74:c5:0f:42:b2:5b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-07-2018 00:00

Not After

10-07-2021 23:59

Subject

CN=Unity Technologies Aps,OU=Core Developer Services,O=Unity Technologies Aps,L=København K,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:85:76:92:6b:ee:6e:c7:8d:9f:12:86:8d:20:c8:99:47:c0:e1:ee
Signer

Actual PE Digest

48:85:76:92:6b:ee:6e:c7:8d:9f:12:86:8d:20:c8:99:47:c0:e1:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

OffsetRect
LookupIconIdFromDirectoryEx
GetWindowLongA
UnionRect
InflateRect
SendMessageW
DialogBoxParamA
EndDialog
GetDlgItem
SetWindowPos
AdjustWindowRect
SendDlgItemMessageA
SetForegroundWindow
CreateIconFromResourceEx
LoadImageA
GetIconInfo
SetWindowTextW

kernel32

HeapQueryInformation
HeapSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapReAlloc
HeapFree
HeapAlloc
GetModuleFileNameW
SetFilePointerEx
GetConsoleCP
GetConsoleMode
SetConsoleCtrlHandler
MultiByteToWideChar
RaiseException
OpenThread
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WaitForSingleObjectEx
CreateThread
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
VerSetConditionMask
FreeLibrary
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
LoadLibraryA
WideCharToMultiByte
GetEnvironmentVariableA
GetCurrentDirectoryA
GetFileAttributesA
OutputDebugStringA
GetLastError
SetLastError
WaitForSingleObject
CreateEventW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
SuspendThread
ResumeThread
GetThreadContext
ReadProcessMemory
LocalFree
FormatMessageW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
IsDebuggerPresent
FindFirstFileExW
WaitForMultipleObjectsEx
Sleep
TerminateProcess
GetExitCodeProcess
CreateProcessW
GetProcessId
GetThreadId
OpenProcess
GetStdHandle
CreateFileW
DeleteFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileSize
ReadFile
GetTempPathW
GetSystemTime
GetSystemTimeAsFileTime
CopyFileExW
AllocConsole
SetErrorMode
GetCommandLineW
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetFileTime
WriteFile
InitializeCriticalSection
CreateEventA
TerminateThread
WriteConsoleW
GlobalMemoryStatusEx
GetSystemInfo
VirtualQueryEx
GetModuleHandleA
LoadLibraryExW
LoadResource
LockResource
SizeofResource
LoadLibraryW
FileTimeToDosDateTime
lstrlenA
FindResourceA
EnumResourceNamesA
GetFileType
SetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwindEx
RtlPcToFileHeader
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
TlsGetValue
TlsAlloc
DecodePointer
EncodePointer
GetCPInfo
GetStringTypeW
InitializeSListHead
QueryPerformanceCounter
SetEvent
GetExitCodeThread
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent

dbghelp

SymRegisterFunctionEntryCallback64
SymLoadModuleEx

shell32

CommandLineToArgvW
SHCreateDirectoryExW

ole32

CoCreateGuid
CoTaskMemFree
CoInitializeEx

psapi

GetModuleFileNameExW
GetProcessMemoryInfo
GetPerformanceInfo

advapi32

CryptCreateHash
CryptAcquireContextA
GetUserNameW
CryptDestroyHash
CryptHashData
GetUserNameA
CryptGetHashParam
CryptReleaseContext

wininet

InternetConnectA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
HttpQueryInfoA
InternetCrackUrlA
HttpSendRequestA

gdi32

GetObjectA

version

GetFileVersionInfoSizeW
GetFileVersionInfoA
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 855KB - Virtual size: 854KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funni game/money/UnityPlayer.dll
.dll windows:6 windows x64 arch:x64

cfb73ae6e838adaac9ab1d950df53f4f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:88:3b:fb:88:38:ac:27:c4:5b:74:c5:0f:42:b2:5b
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-07-2018 00:00

Not After

10-07-2021 23:59

Subject

CN=Unity Technologies Aps,OU=Core Developer Services,O=Unity Technologies Aps,L=København K,C=DK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:77:29:74:ab:39:a0:d8:40:5f:4b:ce:1a:96:25:ae:29:39:1b:6a
Signer

Actual PE Digest

29:77:29:74:ab:39:a0:d8:40:5f:4b:ce:1a:96:25:ae:29:39:1b:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
RemoveDirectoryW
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFilePointerEx
SetFileTime
OpenThread
SuspendThread
ResumeThread
GetSystemTime
LocalFree
FormatMessageW
CopyFileW
MoveFileExW
ReplaceFileW
SystemTimeToFileTime
Thread32First
Thread32Next
CreateMutexA
RtlLookupFunctionEntry
RtlVirtualUnwind
GetEnvironmentVariableA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
DebugBreak
SetLastError
CreateThread
GetThreadContext
ReadProcessMemory
GetModuleFileNameA
LocalAlloc
GetOverlappedResult
CancelIo
ResetEvent
GetModuleHandleA
TerminateProcess
GetStartupInfoA
SetConsoleCtrlHandler
SetDllDirectoryW
SleepEx
RaiseException
SetThreadPriority
GetThreadPriority
GetFullPathNameW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FormatMessageA
GetWindowsDirectoryW
CreateIoCompletionPort
GetQueuedCompletionStatus
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetLocalTime
GetTimeZoneInformation
GetFileSize
FlushFileBuffers
GetCommandLineW
RtlCaptureContext
LoadLibraryExW
SetEnvironmentVariableW
GetTickCount
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
FindNextFileW
SetConsoleMode
SetStdHandle
GetFileAttributesExW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapFree
HeapAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
DuplicateHandle
FreeLibraryAndExitThread
HeapQueryInformation
HeapSize
HeapReAlloc
GetModuleHandleExW
ExitProcess
RtlPcToFileHeader
RtlUnwindEx
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
DecodePointer
EncodePointer
VerifyVersionInfoA
ExpandEnvironmentStringsA
InitializeCriticalSectionEx
GetTickCount64
GlobalMemoryStatus
GetFileType
GetSystemDirectoryA
CreateWaitableTimerA
SetWaitableTimer
OpenEventA
CreateFileA
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReadConsoleInputW
FlushConsoleInputBuffer
SetThreadAffinityMask
SwitchToThread
GetStdHandle
GetCurrentThread
GetSystemTimeAsFileTime
GetSystemInfo
GlobalMemoryStatusEx
GetProcessId
CreateProcessW
GetCurrentThreadId
GetExitCodeProcess
WaitForMultipleObjects
FindFirstFileExW
FindFirstFileW
FindClose
DeleteFileW
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
VerifyVersionInfoW
GlobalLock
GlobalUnlock
GlobalAlloc
VerSetConditionMask
CreateToolhelp32Snapshot
GetTempFileNameW
GetFileAttributesW
GetProcessHeap
CreateEventW
SetEvent
QueryPerformanceFrequency
GetDiskFreeSpaceExW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemPowerStatus
GetComputerNameW
GetModuleHandleW
VirtualFree
VirtualProtect
IsValidCodePage
VirtualAlloc
CreatePipe
SetErrorMode
SetUnhandledExceptionFilter
SetHandleInformation
OutputDebugStringA
GetTempPathW
CloseHandle
WriteFile
FreeEnvironmentStringsW
GetCurrentProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLastError
CreateEventA
WaitForSingleObject
WideCharToMultiByte
LoadLibraryA
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleFileNameW
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
CreateSemaphoreW
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
WriteConsoleW

user32

SetWindowLongA
ChangeDisplaySettingsW
EnumDisplaySettingsW
SetClipboardData
CloseClipboard
ReleaseDC
UpdateWindow
ShowWindow
CreateWindowExW
DestroyWindow
MessageBoxW
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
GetSystemMetrics
GetDC
LoadCursorA
DestroyCursor
DestroyIcon
CreateIconIndirect
SendMessageA
DefWindowProcW
SetWindowPos
CreateDialogParamA
GetDlgItem
GetClientRect
OpenClipboard
ScreenToClient
GetWindowLongA
GetWindowLongPtrA
SetWindowLongPtrA
GetParent
GetThreadDesktop
GetUserObjectInformationA
RegisterWindowMessageA
SendMessageTimeoutA
IsIconic
SetForegroundWindow
EnumWindows
UnregisterClassW
RegisterClassExW
DialogBoxParamW
EndDialog
SetDlgItemTextA
SetDlgItemTextW
SendDlgItemMessageW
MessageBoxA
CopyRect
OffsetRect
GetDesktopWindow
LoadIconA
GetAncestor
GetKeyboardLayoutNameW
TranslateMessage
DispatchMessageA
GetMessagePos
GetMessageTime
GetMessageExtraInfo
GetProcessWindowStation
GetUserObjectInformationW
GetCaretBlinkTime
EnumDisplaySettingsA
TrackMouseEvent
AllowSetForegroundWindow
MsgWaitForMultipleObjects
GetWindowRect
PeekMessageA
SetCursor
AdjustWindowRectEx
GetWindowPlacement
EnumDisplayMonitors
GetMonitorInfoW
GetMonitorInfoA
MonitorFromWindow
MonitorFromRect
MonitorFromPoint
EnumDisplayDevicesA
IsDialogMessageW
CopyImage
SetWindowLongPtrW
GetWindowLongPtrW
ClipCursor
ShowCursor
RegisterDeviceNotificationW
UnregisterDeviceNotification
IsWindowVisible
GetKeyState
SetWindowTextW
ValidateRect
DragDetect
EnableWindow
KillTimer
SetTimer
GetFocus
GetActiveWindow
SetFocus
IsDlgButtonChecked
CheckDlgButton
DialogBoxParamA
CreateDialogParamW
RegisterClassW
PostQuitMessage
SendMessageW
PeekMessageW
DispatchMessageW
GetMessageA
GetRawInputDeviceList
GetAsyncKeyState
GetKeyNameTextW
SetCapture
ReleaseCapture
SetCursorPos
RegisterRawInputDevices
GetRawInputDeviceInfoW
GetRawInputData
SystemParametersInfoW
PtInRect
ClientToScreen
GetCursorPos

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ole32

CoCreateFreeThreadedMarshaler
PropVariantClear
PropVariantCopy
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoSetProxyBlanket

shlwapi

PathFileExistsW
SHDeleteKeyW
PathCanonicalizeW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsA

advapi32

RegisterEventSourceW
CryptReleaseContext
CryptDestroyKey
CryptGetHashParam
CryptImportKey
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
OpenProcessToken
GetSidSubAuthority
GetTokenInformation
GetUserNameA
RegCreateKeyW
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
CryptEncrypt
CryptAcquireContextA
ReportEventW
DeregisterEventSource

gdi32

ChoosePixelFormat
GetDeviceCaps
GetObjectA
CreateDIBSection
DeleteObject
CreateBitmap
SetPixelFormat
SwapBuffers

shell32

SHFileOperationW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

opengl32

wglGetCurrentContext
wglGetCurrentDC
wglMakeCurrent
wglGetProcAddress
wglCreateContext
wglDeleteContext

winmm

waveOutReset
waveOutGetPosition
waveInGetNumDevs
waveInGetDevCapsA
waveOutUnprepareHeader
waveOutWrite
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveInOpen
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutGetDevCapsW
waveOutGetDevCapsA
waveInGetDevCapsW
timeGetTime
timeBeginPeriod
timeEndPeriod
waveOutGetNumDevs

ws2_32

socket
shutdown
setsockopt
sendto
send
WSAStartup
recvfrom
ntohs
listen
inet_addr
htons
htonl
getsockname
ioctlsocket
connect
closesocket
bind
accept
__WSAFDIsSet
gethostname
WSACleanup
WSASetLastError
WSAGetLastError
WSAIoctl
WSASocketA
getaddrinfo
freeaddrinfo
getnameinfo
ntohl
getpeername
recv
gethostbyname
getprotobyname
WSARecvFrom
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSASendDisconnect
WSASetEvent
WSAWaitForMultipleEvents
select

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType

imm32

ImmSetCompositionStringW
ImmGetCompositionStringW
ImmAssociateContextEx
ImmAssociateContext
ImmReleaseContext
ImmGetConversionStatus
ImmSetOpenStatus
ImmGetContext

winhttp

WinHttpGetIEProxyConfigForCurrentUser

bcrypt

BCryptGenRandom

hid

HidP_SetUsageValue
HidP_SetUsages
HidP_GetData
HidP_MaxDataListLength
HidP_GetValueCaps
HidP_GetButtonCaps
HidP_GetCaps
HidD_GetHidGuid
HidD_GetPreparsedData
HidD_FreePreparsedData
HidD_GetProductString
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetAttributes

crypt32

CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext

windowscodecs

WICConvertBitmapSource

dwmapi

DwmGetWindowAttribute

wsock32

gethostbyaddr
getsockopt
WSACancelAsyncRequest
WSAAsyncGetHostByName

Exports

Exports

UnityMain

Sections

.text
Size: 17.6MB - Virtual size: 17.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 920KB - Virtual size: 919KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funni game/money/VclStylesinno.dll
.dll windows:5 windows x86 arch:x86

0a5d11872bb24c76855e11ad5d938976

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemInfo
GetSystemTimes
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FlushInstructionCache
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWorldTransform
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetGraphicsMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
ResizePalette
RemoveFontMemResourceEx
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBkMode
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExtCreateRegion
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
Chord
BitBlt
ArcTo
Arc
AngleArc
AddFontMemResourceEx
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shell32

Shell_NotifyIconW

msvcrt

memset
memcpy

Exports

Exports

LoadVCLStyleA
LoadVCLStyleW
UnLoadVCLStyles

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 100KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
funni game/money/WinPixEventRuntime.dll
.dll windows:10 windows x64 arch:x64

67e82997378985102f1a3515af25cc4b

Code Sign

33:00:00:00:b5:ac:7d:6d:87:6b:26:11:47:00:00:00:00:00:b5
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07-09-2016 17:58

Not After

07-09-2018 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18-08-2016 20:17

Not After

02-11-2017 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

17-11-2016 22:09

Not After

17-02-2018 22:09

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:c1:75:fc:b3:79:71:0a:ec:0e:1e:8c:b2:8b:21:ce:3c:1c:41:98:63:ae:d0:ef:72:1f:32:8d:09:22:4e:8f
Signer

Actual PE Digest

7c:c1:75:fc:b3:79:71:0a:ec:0e:1e:8c:b2:8b:21:ce:3c:1c:41:98:63:ae:d0:ef:72:1f:32:8d:09:22:4e:8f

Digest Algorithm

sha256

PE Digest Matches

true

f9:6c:1e:c6:c5:1f:c8:4f:f3:e1:45:87:75:4e:4d:56:65:14:55:fb
Signer

Actual PE Digest

f9:6c:1e:c6:c5:1f:c8:4f:f3:e1:45:87:75:4e:4d:56:65:14:55:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

advapi32

EventUnregister
EventWrite
EventRegister

msvcp140

?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z

kernel32

TerminateProcess
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
GetCurrentThreadId
GetSystemTime
QueryPerformanceCounter
SetEvent
ResetEvent
CreateEventW
GetCurrentProcessId
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent

vcruntime140

memmove
wcsstr
__C_specific_handler
__std_type_info_destroy_list
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

wcscpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

Exports

Exports

PEvtGetTimeRange
PEvtGetTimeRangeEvent
PEvtResetService
PEvtSetState
PEvtStartService
PEvtStartServiceEx
PEvtStopService
PEvtSweepBlks
PEvtSweepBlksRange
PIXBeginCapture
PIXEndCapture
PIXEventsReplaceBlock
PIXGetCaptureState
PIXGetThreadInfo
PIXStartEventTrace
PIXStopEventTrace

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 16.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funni game/money/good game.exe
.exe windows:5 windows x64 arch:x64

0b5552dccd9d0a834cea55c0c8fc05be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
IsValidCodePage
GetACP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetOEMCP
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetEndOfFile
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Creal.pyc
funni game/money/readme.txt
funni game/money/version history.txt

Sharing

General

Malware Config

Signatures

Files

02483cd76378259a50b7b66146b45f06

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

d6:d5:21:44:87:a4:87:f6:84:c8:27:2e:90:f4:8d:98:d2:12:c9:41Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

comctl32

rpcrt4

shell32

shlwapi

user32

cabinet

oleaut32

version

Exports

Exports

Sections

.text Size: 161KB - Virtual size: 161KB

.data Size: 5KB - Virtual size: 13KB

.boxld01 Size: 512B - Virtual size: 194B

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 10KB - Virtual size: 10KB

1494de9b53e05fc1f40cb92afbdd6ce4

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:05:a2:30:00:00:00:00:00:08Certificate

Extended Key Usages

Key Usages

47:b8:85:36:04:6e:46:6d:2f:58:b3:18:fd:18:43:f0:b8:4b:28:d3Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

version

Sections

.text Size: 34KB - Virtual size: 33KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 239KB - Virtual size: 240KB

1ff011c2e13ea492fe69b2fbfc802083

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

d6:d5:21:44:87:a4:87:f6:84:c8:27:2e:90:f4:8d:98:d2:12:c9:41
Signer

.text
Size: 161KB - Virtual size: 161KB

.data
Size: 5KB - Virtual size: 13KB

.boxld01
Size: 512B - Virtual size: 194B

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 10KB - Virtual size: 10KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:05:a2:30:00:00:00:00:00:08
Certificate

47:b8:85:36:04:6e:46:6d:2f:58:b3:18:fd:18:43:f0:b8:4b:28:d3
Signer

.text
Size: 34KB - Virtual size: 33KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 239KB - Virtual size: 240KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

36:33:6d:83:6a:19:e2:44:ff:0e:52:88:2e:b5:b1:de
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

cb:34:e3:72:3d:d1:2b:57:d7:86:46:9b:d8:78:2f:92:cf:2d:5d:4f
Signer

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 636KB - Virtual size: 633KB

33:00:00:01:34:22:1e:7e:49:2a:ac:da:6a:00:00:00:00:01:34
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

b4:cd:00:d9:81:97:db:3f:fb:fb:3f:54:d1:0a:0d:d4:f4:56:29:a6:03:63:86:3f:a0:b1:71:7e:4c:43:8a:da
Signer

77:97:6d:62:92:5a:37:44:2f:5d:c5:b0:8d:43:91:09:56:54:b2:48
Signer

.text
Size: 294KB - Virtual size: 293KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 2KB - Virtual size: 5KB

.wixburn
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 224B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 15KB - Virtual size: 15KB

33:00:00:01:2a:30:bf:85:c5:0e:b1:e2:8c:00:00:00:00:01:2a
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate