Ex_PE_v3[.]1[.]9[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Ex_PE_v3.1.9.rar
Size

2.9MB
MD5

948c008a4a732a37a2e66fc50da0946a
SHA1

b1f6fd65f910118b7046f2930a4b77d682631bbb
SHA256

04ec8be17e718e7df090dcd4c8297859c64e3b30738c099809895dca50ad7b11
SHA512

9021333a8268d4d158beb9f5e51b12dbe5a7ac90cce95a8f6165364ed010c56bd8fc613606bba1773b388650a98a3579ebdb4d3a5d56384a7e19b058de169876
SSDEEP

49152:d4EJqKNTvjjQL5shj//YeBQSIIb05bBJJgr081nmQLQlUEDTU0wVhzvZ28+1p189:6ElNTvMGigQSII45Vgr0kn30eEDAVD2i

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Xceed.Wpf.AvalonDock.Themes.VS2010.dll
unpack001/Xceed.Wpf.Toolkit.dll
unpack001/wmidx.dll

Files

Ex_PE_v3.1.9.rar
.rar
AppXRuntime.admx
.xml
Help.admx
ReadMe.txt
Sft_Extra.exe
.exe windows:5 windows x64 arch:x64

b7e244ba46aac2a40ea643244bcedc5b

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:c2:75:72:31:f2:01:c4:fe:84:98:96:a8:e9:ec:40:7c:71:ab:e8:83:35:a7:ec:5d:53:66:19:0a:42:a3:c1
Signer

Actual PE Digest

bb:c2:75:72:31:f2:01:c4:fe:84:98:96:a8:e9:ec:40:7c:71:ab:e8:83:35:a7:ec:5d:53:66:19:0a:42:a3:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\e\src\out\Release_x64\identity_helper.exe.pdb

Imports

msedge_elf

GetInstallDetailsPayload
SignalInitializeCrashReporting

advapi32

BuildTrusteeWithSidW
ConvertStringSidToSidW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
EventRegister
EventSetInformation
EventUnregister
EventWrite
GetLengthSid
GetNamedSecurityInfoW
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
IsValidAcl
IsValidSecurityDescriptor
IsValidSid
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclW
SetNamedSecurityInfoW
SetSecurityInfo

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

winmm

timeGetTime

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileMappingW
CreateFileW
CreateThread
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetFileAttributesW
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
GetWindowsDirectoryW
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
PrefetchVirtualMemory
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetProcessShutdownParameters
SetStdHandle
SetThreadInformation
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenA

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoUninitialize

ole32

CoCreateInstance
CoTaskMemFree

shell32

CommandLineToArgvW
ord680
SHGetFolderPathW
SHGetKnownFolderPath

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantClear

Exports

Exports

GetHandleVerifier
OQS_CPU_has_extension
OQS_KEM_alg_count
OQS_KEM_alg_identifier
OQS_KEM_alg_is_enabled
OQS_KEM_decaps
OQS_KEM_encaps
OQS_KEM_free
OQS_KEM_keypair
OQS_KEM_kyber_768_decaps
OQS_KEM_kyber_768_encaps
OQS_KEM_kyber_768_keypair
OQS_KEM_new
OQS_MEM_cleanse
OQS_MEM_insecure_free
OQS_MEM_secure_bcmp
OQS_MEM_secure_free
OQS_SIG_alg_count
OQS_SIG_alg_identifier
OQS_SIG_alg_is_enabled
OQS_SIG_free
OQS_SIG_keypair
OQS_SIG_new
OQS_SIG_sign
OQS_SIG_verify
OQS_destroy
OQS_init
OQS_randombytes
OQS_randombytes_custom_algorithm
OQS_randombytes_nist_kat_init_256bit
OQS_randombytes_switch_algorithm
OQS_version

Sections

.text
Size: 868KB - Virtual size: 867KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 397B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
W32Time.admx
WCM.admx
WinEULA.txt
Xceed.Wpf.AvalonDock.Themes.VS2010.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\ExtendedWPFToolkit\Release\Latest\OpenSource\Generated\Src\Xceed.Wpf.AvalonDock.Themes.VS2010\obj\Release\Xceed.Wpf.AvalonDock.Themes.VS2010.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Xceed.Wpf.Toolkit.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\ExtendedWPFToolkit\Release\Latest\OpenSource\Generated\Src\Xceed.Wpf.Toolkit\obj\Release\Xceed.Wpf.Toolkit.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
halfandhalf.json
lockout.dbf
msedge_elf.dll
.dll windows:5 windows x64 arch:x64

e5e4f3f5367c0c82df24a4723fbd8a3c

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2023 19:51

Not After

16-10-2024 19:51

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:f8:4a:bc:d7:d7:60:51:af:3b:32:90:96:e0:5c:97:52:94:e6:94:8b:e7:82:be:3e:68:c8:95:97:4b:d4:a6
Signer

Actual PE Digest

3d:f8:4a:bc:d7:d7:60:51:af:3b:32:90:96:e0:5c:97:52:94:e6:94:8b:e7:82:be:3e:68:c8:95:97:4b:d4:a6

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\e\src\out\Release_x64\msedge_elf.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
AddVectoredExceptionHandler
AssignProcessToJobObject
CancelIo
CloseHandle
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateRemoteThread
CreateThread
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FileTimeToSystemTime
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetComputerNameExW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDriveTypeW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileTime
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNamedPipeClientProcessId
GetNamedPipeServerProcessId
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersionExW
GetWindowsDirectoryW
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeProcThreadAttributeList
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
InterlockedPushEntrySList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32GetMappedFileNameW
K32GetModuleInformation
K32QueryWorkingSetEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LocalFree
LockFileEx
MapViewOfFile
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReadProcessMemory
RegisterWaitForSingleObject
ReleaseMutex
ReleaseSRWLockExclusive
RemoveDirectoryW
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetConsoleCtrlHandler
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointerEx
SetHandleInformation
SetLastError
SetNamedPipeHandleState
SetProcessMitigationPolicy
SetStdHandle
SetThreadInformation
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
SleepEx
SwitchToThread
SystemTimeToTzSpecificLocalTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TransactNamedPipe
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnlockFileEx
UnmapViewOfFile
UnregisterWaitEx
UpdateProcThreadAttribute
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualProtectEx
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
lstrcmpiA
lstrcmpiW
lstrlenA

ntdll

NtClose
NtCreateKey
NtDeleteKey
NtOpenKeyEx
NtQueryValueKey
NtSetValueKey
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
RtlGetLastNtStatus
RtlInitUnicodeString

oleaut32

GetErrorInfo
SetErrorInfo
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

??0PwaHelperImpl@edge_pwahelper@@QEAA@XZ
??1PwaHelperImpl@edge_pwahelper@@UEAA@XZ
??_7PwaHelperImpl@edge_pwahelper@@6B@
?AppendMojoServerBindingInfo@PwaHelperImpl@edge_pwahelper@@AEAAXPEAVCommandLine@base@@@Z
?BadgeNotification@PwaHelperImpl@edge_pwahelper@@UEAAXW4BadgeNotificationType@mojom@2@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
?BindWidgetManager@PwaHelperImpl@edge_pwahelper@@AEAAXV?$ScopedHandleBase@VMessagePipeHandle@mojo@@@mojo@@@Z
?DigitalGoodsAbortPaymentApp@PwaHelperImpl@edge_pwahelper@@UEAAXV?$OnceCallback@$$A6AX_N@Z@base@@@Z
?DigitalGoodsConsume@PwaHelperImpl@edge_pwahelper@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$OnceCallback@$$A6AXW4BillingResponseCode@mojom@payments@@@Z@base@@@Z
?DigitalGoodsGetDetails@PwaHelperImpl@edge_pwahelper@@UEAAXAEBV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@V?$OnceCallback@$$A6AXW4BillingResponseCode@mojom@payments@@V?$vector@V?$StructPtr@VItemDetails@mojom@payments@@@mojo@@V?$allocator@V?$StructPtr@VItemDetails@mojom@payments@@@mojo@@@__Cr@std@@@__Cr@std@@@Z@base@@@Z
?DigitalGoodsInvokePaymentApp@PwaHelperImpl@edge_pwahelper@@UEAAXAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$OnceCallback@$$A6AXW4PurchaseResponseCode@mojom@edge_pwahelper@@@Z@base@@@Z
?DigitalGoodsListPurchaseHistory@PwaHelperImpl@edge_pwahelper@@UEAAXV?$OnceCallback@$$A6AXW4BillingResponseCode@mojom@payments@@V?$vector@V?$InlinedStructPtr@VPurchaseReference@mojom@payments@@@mojo@@V?$allocator@V?$InlinedStructPtr@VPurchaseReference@mojom@payments@@@mojo@@@__Cr@std@@@__Cr@std@@@Z@base@@@Z
?DigitalGoodsListPurchases@PwaHelperImpl@edge_pwahelper@@UEAAXV?$OnceCallback@$$A6AXW4BillingResponseCode@mojom@payments@@V?$vector@V?$InlinedStructPtr@VPurchaseReference@mojom@payments@@@mojo@@V?$allocator@V?$InlinedStructPtr@VPurchaseReference@mojom@payments@@@mojo@@@__Cr@std@@@__Cr@std@@@Z@base@@@Z
?GetAppAcquisitionDetail@PwaHelperImpl@edge_pwahelper@@UEAAXV?$OnceCallback@$$A6AXW4AcquisitionInfoResponseCode@mojom@edge_acquisition_info@@V?$InlinedStructPtr@VAcquisitionDetails@mojom@edge_acquisition_info@@@mojo@@@Z@base@@@Z
?InitMojo@PwaHelperImpl@edge_pwahelper@@AEAAXXZ
?InitializeAppUserModelIdForCurrentProcess@PwaHelperImpl@edge_pwahelper@@QEAA_NXZ
?OnClientConnected@PwaHelperImpl@edge_pwahelper@@AEAAXPEAVWaitableEvent@base@@@Z
?PinTileToStart@PwaHelperImpl@edge_pwahelper@@UEAAXXZ
?PinTileToTaskbar@PwaHelperImpl@edge_pwahelper@@UEAAXXZ
?SetPwaHwnd@PwaHelperImpl@edge_pwahelper@@UEAAX_K@Z
?SetSingletonProcessId@PwaHelperImpl@edge_pwahelper@@UEAAXI@Z
?Shutdown@PwaHelperImpl@edge_pwahelper@@AEAAXI@Z
?StartAppWithIncomingMojo@PwaHelperImpl@edge_pwahelper@@QEAAXVPlatformChannelEndpoint@mojo@@@Z
?StartAppWithPlatformChannel@PwaHelperImpl@edge_pwahelper@@QEAAXV?$unique_ptr@VCommandLine@base@@U?$default_delete@VCommandLine@base@@@__Cr@std@@@__Cr@std@@@Z
?StartProcessWithMojoIPC@PwaHelperImpl@edge_pwahelper@@QEAAKPEAXV?$unique_ptr@VCommandLine@base@@U?$default_delete@VCommandLine@base@@@__Cr@std@@@__Cr@std@@V?$unique_ptr@VScopedTempDir@base@@U?$default_delete@VScopedTempDir@base@@@__Cr@std@@@45@@Z
?TryActivateInstance@PwaHelperImpl@edge_pwahelper@@AEAAXPEAVCommandLine@base@@@Z
?ValidateHandShake@PwaHelperImpl@edge_pwahelper@@AEAAXXZ
ClearReportsBetween_ExportThunk
CrashForException_ExportThunk
DisableHook
DrainLog
DumpHungProcessWithPtype_ExportThunk
DumpProcessWithoutCrash
GetApplyHookResult
GetBlockedModulesCount
GetCrashReports_ExportThunk
GetCrashpadDatabasePath_ExportThunk
GetElfLoadThreadId
GetHandleVerifier
GetInjectionMitigationStatus
GetInstallDetailsPayload
GetUniqueBlockedModulesCount
GetUserDataDirectoryThunk
InjectDumpForHungInput_ExportThunk
IsBrowserProcess
IsExtensionPointDisableSet
IsThirdPartyInitialized
OQS_CPU_has_extension
OQS_KEM_alg_count
OQS_KEM_alg_identifier
OQS_KEM_alg_is_enabled
OQS_KEM_decaps
OQS_KEM_encaps
OQS_KEM_free
OQS_KEM_keypair
OQS_KEM_kyber_768_decaps
OQS_KEM_kyber_768_encaps
OQS_KEM_kyber_768_keypair
OQS_KEM_new
OQS_MEM_cleanse
OQS_MEM_insecure_free
OQS_MEM_secure_bcmp
OQS_MEM_secure_free
OQS_SIG_alg_count
OQS_SIG_alg_identifier
OQS_SIG_alg_is_enabled
OQS_SIG_free
OQS_SIG_keypair
OQS_SIG_new
OQS_SIG_sign
OQS_SIG_verify
OQS_destroy
OQS_init
OQS_randombytes
OQS_randombytes_custom_algorithm
OQS_randombytes_nist_kat_init_256bit
OQS_randombytes_switch_algorithm
OQS_version
RegisterLogNotification
RequestSingleCrashUpload_ExportThunk
SetMetricsClientId
SetTelemetryLevel_ExportThunk
SetUploadConsent_ExportThunk
SignalChromeElf
SignalInitializeCrashReporting
StartAppWithParameter

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 597KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crthunk
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 196B

.rodata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 522B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CPADinfo
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

malloc_h
Size: 512B - Virtual size: 226B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wmidx.dll
.dll windows:10 windows x64 arch:x64

fb8d0d572c7a4bc177a5f94662736d6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

wmidx.pdb

Imports

msvcrt

_wcsicmp
memcmp
memcpy
__dllonexit
_onexit
_unlock
_lock
memmove
_initterm
_amsg_exit
_XcptFilter
_callnewh
strcat_s
_purecall
strcpy_s
realloc
malloc
free
__C_specific_handler
memset

rpcrt4

UuidCreate

user32

CharPrevA
CharNextA
LoadStringA

wmasf

ord13
ASFCreateMediaObjectIndexMaker
ord14
ASFReadHeaderFromFileHandle

kernel32

GetTempPathW
GetVersion
HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemInfo
MultiByteToWideChar
CreateThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetLastError
WideCharToMultiByte
SetFilePointer
SetEndOfFile
CreateFileW
CreateFileA
GetFileType
GetFileSizeEx
ReadFile
WriteFile
GetSystemTime
SystemTimeToFileTime
DeleteFileW
DeleteFileA
lstrlenW
GetFileSize
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleA
lstrcmpiA
lstrcpynA
RtlVirtualUnwind
SizeofResource
LoadResource
FindResourceExA
GetModuleFileNameA
DisableThreadLibraryCalls
HeapDestroy
FormatMessageA
LoadLibraryA
Sleep
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
IsDBCSLeadByte

ole32

ProgIDFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysStringLen
VarUI4FromStr
VariantInit
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
SysAllocString
SysFreeString
VariantClear

advapi32

CryptAcquireContextA
CryptReleaseContext
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
CryptGenRandom

Exports

Exports

WMCreateASFChopper

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7e244ba46aac2a40ea643244bcedc5b

Code Sign

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

bb:c2:75:72:31:f2:01:c4:fe:84:98:96:a8:e9:ec:40:7c:71:ab:e8:83:35:a7:ec:5d:53:66:19:0a:42:a3:c1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msedge_elf

advapi32

dbghelp

winmm

kernel32

api-ms-win-core-winrt-l1-1-0

ole32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 868KB - Virtual size: 867KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 62KB - Virtual size: 104KB

.pdata Size: 34KB - Virtual size: 34KB

.00cfg Size: 512B - Virtual size: 48B

.gxfg Size: 10KB - Virtual size: 10KB

.retplne Size: 512B - Virtual size: 140B

.tls Size: 512B - Virtual size: 397B

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 80KB - Virtual size: 79KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

e5e4f3f5367c0c82df24a4723fbd8a3c

Code Sign

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

3d:f8:4a:bc:d7:d7:60:51:af:3b:32:90:96:e0:5c:97:52:94:e6:94:8b:e7:82:be:3e:68:c8:95:97:4b:d4:a6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

oleaut32

Exports

Exports

Sections

33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

bb:c2:75:72:31:f2:01:c4:fe:84:98:96:a8:e9:ec:40:7c:71:ab:e8:83:35:a7:ec:5d:53:66:19:0a:42:a3:c1
Signer

.text
Size: 868KB - Virtual size: 867KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 62KB - Virtual size: 104KB

.pdata
Size: 34KB - Virtual size: 34KB

.00cfg
Size: 512B - Virtual size: 48B

.gxfg
Size: 10KB - Virtual size: 10KB

.retplne
Size: 512B - Virtual size: 140B

.tls
Size: 512B - Virtual size: 397B

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 80KB - Virtual size: 79KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:a4:cb:e3:56:b8:cb:7f:e4:27:00:00:00:00:03:a4
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

3d:f8:4a:bc:d7:d7:60:51:af:3b:32:90:96:e0:5c:97:52:94:e6:94:8b:e7:82:be:3e:68:c8:95:97:4b:d4:a6
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 597KB - Virtual size: 596KB

.data
Size: 73KB - Virtual size: 139KB

.pdata
Size: 108KB - Virtual size: 108KB

.00cfg
Size: 512B - Virtual size: 48B

.crthunk
Size: 512B - Virtual size: 128B

.gxfg
Size: 12KB - Virtual size: 11KB

.retplne
Size: 512B - Virtual size: 196B

.rodata
Size: 2KB - Virtual size: 2KB

.tls
Size: 1024B - Virtual size: 522B

CPADinfo
Size: 512B - Virtual size: 56B

_RDATA
Size: 512B - Virtual size: 348B

malloc_h
Size: 512B - Virtual size: 226B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 13KB

.text
Size: 166KB - Virtual size: 165KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB