Blinky_0[.]1[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Blinky_0.1.zip
Size

380KB
MD5

550702579c13a9a28e59662942cf9b3b
SHA1

2cc57d1624e3217bb37fd4f78d7d42637e3c23fc
SHA256

99f8a4fb14b382d0e9fe0189cd8e4053c4e53641ee6b10c78a5b516873425b13
SHA512

8d018f7a5b7243c48dc08bc67f83ae04dde8771d882440827e5e55919b6ecca8860a4cd19e7bf2794716b9ddbfbf7f1dff8e299d082e6fdd33e08918975458a4
SSDEEP

6144:Xlsa7vh8kjKWpiFOgbEM2u2xzEHeFl3HRqwkSZ7rGsN88YxiSUJEmXWMjcxVX:Xlsa7ZHiFVbEbuLeFl3xqwT3VePDkWf/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Blinky/Blinky.exe
unpack001/Blinky/WinDivert.dll

Files

Blinky_0.1.zip
.zip
Blinky/Blinky.exe
.exe windows:6 windows x64 arch:x64

bc6a82c2f7ea2b30c0fe86065a971704

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\Cleanest\Nouveau dossier (2)\Nouveau dossier\ImGui-desktop-design-base-main\release\Blink.pdb

Imports

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

FreeLibrary
QueryPerformanceCounter
ReadFile
GetModuleFileNameA
Process32First
WriteProcessMemory
SetConsoleTitleA
TerminateProcess
GetModuleFileNameW
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
GetLastError
CreateFileA
Process32Next
CloseHandle
CreateThread
VirtualAllocEx
GetFileSize
GetConsoleWindow
CreateRemoteThread
CreateProcessA
VirtualFreeEx
GlobalFree
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetFileInformationByHandleEx
GlobalAlloc
QueryPerformanceFrequency
GetModuleHandleW
AreFileApisANSI
SetFileInformationByHandle
FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
GetLocaleInfoEx
FormatMessageA
LocalFree
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GlobalUnlock
WideCharToMultiByte
Sleep
GetModuleHandleA
GetStdHandle
GlobalLock
SetConsoleTextAttribute
SleepConditionVariableSRW
UnhandledExceptionFilter

user32

GetWindowRect
DestroyWindow
GetSystemMetrics
GetWindowThreadProcessId
KillTimer
RegisterClassExA
UpdateWindow
GetKeyState
ShowWindow
SetTimer
SetWindowLongA
GetWindowLongA
MessageBoxA
MoveWindow
DefWindowProcA
FindWindowA
TranslateMessage
GetForegroundWindow
SetWindowsHookExA
GetCursorInfo
GetAsyncKeyState
CallNextHookEx
LoadCursorA
ScreenToClient
CreateWindowExA
SetLayeredWindowAttributes
UnregisterClassA
GetCapture
ClientToScreen
TrackMouseEvent
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
PeekMessageA
PostQuitMessage
PostMessageA
GetCursorPos
LoadIconA
DispatchMessageA
GetMessageA
SetClipboardData
GetClipboardData
EmptyClipboard
OpenClipboard
CloseClipboard

advapi32

RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegEnumValueW

shell32

ShellExecuteA

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Query_perf_counter
_Thrd_detach
_Xtime_get_ticks
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

winmm

timeEndPeriod
timeBeginPeriod

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

windivert

WinDivertClose
WinDivertOpen

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlGetVersion

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
memmove
memcpy
__std_exception_copy
memset
_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
memcmp
strstr
__std_terminate
memchr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
ftell
_get_stream_buffer_pointers
__stdio_common_vfprintf
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
_set_fmode
fwrite
_wfopen
fgetc
__stdio_common_vsprintf
fclose
fflush
fputc
__stdio_common_vsscanf
__p__commode
fseek

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode
_callnewh

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand

api-ms-win-crt-runtime-l1-1-0

_exit
_initterm_e
_initterm
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
system
_crt_atexit
exit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
__p___argc
_wassert
_beginthreadex
terminate
_errno
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-string-l1-1-0

tolower
strcmp
strcpy_s

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

api-ms-win-crt-math-l1-1-0

ceilf
acosf
sinf
cosf
__setusermatherr
sqrtf

Sections

.text
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blinky/WinDivert.dll
.dll windows:4 windows x64 arch:x64

4b5b0fb09f29ed8e5306bbb27b5ae668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW

kernel32

CloseHandle
CreateEventW
CreateFileW
DeviceIoControl
GetLastError
GetModuleFileNameW
GetOverlappedResult
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

msvcrt

isalnum
isspace
isxdigit
strcmp
tolower

Exports

Exports

DivertClose
DivertGetParam
DivertHelperCalcChecksums
DivertHelperParseIPv4Address
DivertHelperParseIPv6Address
DivertHelperParsePacket
DivertOpen
DivertRecv
DivertSend
DivertSetParam
WinDivertClose
WinDivertDllEntry
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertSetParam

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 132B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Blinky/WinDivert64.sys
.sys windows:6 windows x64 arch:x64

5c9956100a10f17fd6cacca768f3c364

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:42:f1:e3:68:68:b7:25:06:ea:50:77:bf:7b:bc:5b
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-08-2014 00:00

Not After

09-09-2015 12:00

Subject

CN=Nemea Mjukvaruutveckling AB,O=Nemea Mjukvaruutveckling AB,L=Stockholm,ST=Vastra Gotaland,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:45

Not After

15-04-2021 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:da:76:ff:9a:56:81:d7:d7:9f:b8:81:15:69:91:15:f6:21:9c:00
Signer

Actual PE Digest

97:da:76:ff:9a:56:81:d7:d7:9f:b8:81:15:69:91:15:f6:21:9c:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\windivert\install\WDDK\amd64\WinDivert64.pdb

Imports

ntoskrnl.exe

RtlCopyUnicodeString
KeBugCheckEx
IoAllocateMdl
MmMapLockedPagesSpecifyCache
IoFreeMdl
MmBuildMdlForNonPagedPool
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExFreePoolWithTag
ExUuidCreate
ExAllocatePoolWithTag

ndis.sys

NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisAllocateNetBufferListPool
NdisGetDataBuffer
NdisFreeNetBufferListPool

fwpkclnt.sys

FwpmCalloutDeleteByKey0
FwpsInjectNetworkReceiveAsync0
FwpmSubLayerAdd0
FwpsCalloutUnregisterByKey0
FwpsFreeCloneNetBufferList0
FwpsQueryPacketInjectionState0
FwpsFreeNetBufferList0
FwpmEngineClose0
FwpmTransactionBegin0
FwpmFilterAdd0
FwpmEngineOpen0
FwpmTransactionAbort0
FwpsCalloutRegister0
FwpsInjectForwardAsync0
FwpmFilterDeleteByKey0
FwpmCalloutAdd0
FwpsInjectNetworkSendAsync0
FwpmTransactionCommit0
FwpsInjectionHandleCreate0
FwpsAllocateNetBufferAndNetBufferList0
FwpsInjectionHandleDestroy0
FwpmSubLayerDeleteByKey0

wdfldr.sys

WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 246B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc6a82c2f7ea2b30c0fe86065a971704

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

kernel32

user32

advapi32

shell32

msvcp140

winmm

imm32

d3dcompiler_43

dwmapi

windivert

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 305KB - Virtual size: 304KB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 300KB - Virtual size: 308KB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 1KB - Virtual size: 1KB

4b5b0fb09f29ed8e5306bbb27b5ae668

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 1024B

.pdata Size: 512B - Virtual size: 360B

.xdata Size: 512B - Virtual size: 288B

.bss Size: - Virtual size: 16B

.edata Size: 1024B - Virtual size: 730B

.idata Size: 1024B - Virtual size: 1016B

.reloc Size: 512B - Virtual size: 132B

5c9956100a10f17fd6cacca768f3c364

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0a:42:f1:e3:68:68:b7:25:06:ea:50:77:bf:7b:bc:5bCertificate

Extended Key Usages

Key Usages

61:20:4d:b4:00:00:00:00:00:27Certificate

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

97:da:76:ff:9a:56:81:d7:d7:9f:b8:81:15:69:91:15:f6:21:9c:00Signer

Headers

.text
Size: 305KB - Virtual size: 304KB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 300KB - Virtual size: 308KB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 1024B

.pdata
Size: 512B - Virtual size: 360B

.xdata
Size: 512B - Virtual size: 288B

.bss
Size: - Virtual size: 16B

.edata
Size: 1024B - Virtual size: 730B

.idata
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 132B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0a:42:f1:e3:68:68:b7:25:06:ea:50:77:bf:7b:bc:5b
Certificate

61:20:4d:b4:00:00:00:00:00:27
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

97:da:76:ff:9a:56:81:d7:d7:9f:b8:81:15:69:91:15:f6:21:9c:00
Signer

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 4KB

.pdata
Size: 1024B - Virtual size: 540B

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 246B