Winterz_Updated[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Winterz_Updated.zip
Size

56.5MB
MD5

0bb822a8834be191e7d35524a14a4f07
SHA1

9e931b0697f13765d119b3681e868ef2c28d697d
SHA256

03166b16a6f03c9a60a17c374ac0e43601b7321dcbfceb7d56da785185fa2c9e
SHA512

4ac892827e879b4a63a7f4dd5e33519773ec04e66770802fb483fd73a57f6e9316173020b8b949c7d7100f1ef576b500127e93cca5805367f44f4f8ea8e0580b
SSDEEP

1572864:x58z9XkgrofMrhJrIZ/qZUY4pRLXvf4DV/qZu:x+zFkgrofMrLiqjMVf4Dpqg

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AimmyLauncher.exe
unpack001/AimmyWPF.dll
unpack001/AimmyWPF.exe

Files

Winterz_Updated.zip
.zip

Password: infected
Accord.dll.config
AimmyLauncher.exe
.exe windows:6 windows x64 arch:x64

Password: infected

90d2464c05751e0163b327ef7e8a4518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
__p___argc
_invalid_parameter_noinfo_noreturn
__p___wargv
exit
_initterm_e
_initterm
_errno
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_c_exit
_exit
terminate
_set_app_type
_seh_filter_exe
_cexit
_register_onexit_function
abort
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
setvbuf
__stdio_common_vswprintf
__acrt_iob_func
_set_fmode
fputwc
fputws
__stdio_common_vsnwprintf_s
_wfsopen
fflush
__p__commode
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc
calloc

api-ms-win-crt-string-l1-1-0

wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales
localeconv
___lc_codepage_func
_configthreadlocale
__pctype_func
setlocale
___lc_locale_name_func
___mb_cur_max_func

api-ms-win-crt-math-l1-1-0

__setusermatherr
frexp

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AimmyWPF.deps.json
AimmyWPF.dll
.exe windows:4 windows x64 arch:x64

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AimmyWPF.dll.config
AimmyWPF.exe
.exe windows:6 windows x64 arch:x64

Password: infected

90d2464c05751e0163b327ef7e8a4518

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb

Imports

kernel32

FindNextFileW
GetCurrentProcess
GetModuleHandleExW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
GetEnvironmentVariableW
FindClose
MultiByteToWideChar
GetLastError
GetFileAttributesExW
GetFullPathNameW
GetProcAddress
DeleteCriticalSection
WideCharToMultiByte
IsWow64Process
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EnterCriticalSection
FindFirstFileExW
OutputDebugStringW
LoadLibraryA
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
SetLastError
RaiseException
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
GetStringTypeW

user32

MessageBoxW

shell32

ShellExecuteW

advapi32

RegOpenKeyExW
RegGetValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
__p___argc
_invalid_parameter_noinfo_noreturn
__p___wargv
exit
_initterm_e
_initterm
_errno
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_register_thread_local_exe_atexit_callback
_c_exit
_exit
terminate
_set_app_type
_seh_filter_exe
_cexit
_register_onexit_function
abort
_crt_atexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
setvbuf
__stdio_common_vswprintf
__acrt_iob_func
_set_fmode
fputwc
fputws
__stdio_common_vsnwprintf_s
_wfsopen
fflush
__p__commode
__stdio_common_vfwprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
free
_set_new_mode
malloc
calloc

api-ms-win-crt-string-l1-1-0

wcsnlen
strcpy_s
_wcsdup
strcspn
wcsncmp
toupper

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales
localeconv
___lc_codepage_func
_configthreadlocale
__pctype_func
setlocale
___lc_locale_name_func
___mb_cur_max_func

api-ms-win-crt-math-l1-1-0

__setusermatherr
frexp

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AimmyWPF.runtimeconfig.json
DirectML.Debug.dll
.dll windows:6 windows x64 arch:x64

Password: infected

6af4a8d442d21ca96033085fddf29a99

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:2d:42:53:a1:45:6e:a1:04:15:18:48:f1:c9:86:25:da:2e:5d:c1:c0:74:c2:e5:dc:5b:fa:af:22:98:1c:59
Signer

Actual PE Digest

ab:2d:42:53:a1:45:6e:a1:04:15:18:48:f1:c9:86:25:da:2e:5d:c1:c0:74:c2:e5:dc:5b:fa:af:22:98:1c:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\__w\1\s\build\x64-win-redist-release\bin\DirectML.Debug.pdb

Imports

kernel32

IsDebuggerPresent
DebugBreak
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateSemaphoreExW
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
FormatMessageW
OutputDebugStringA
CreateFileW
FormatMessageA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
LocalFree
GetLocaleInfoEx
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
CompareStringEx
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleFileNameW
GetCurrentThread
GetStdHandle
GetFileType
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
SetConsoleCtrlHandler
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileSizeEx
SetFilePointerEx
SetStdHandle
HeapSize
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
ReadFile
ReadConsoleW
WriteConsoleW

Exports

Exports

DMLCreateDebugDevice

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DirectML.dll
.dll windows:6 windows x64 arch:x64

Password: infected

de90869f37e914fc01b99c913f65b5b5

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:c2:0e:91:b0:b2:da:ff:23:0b:b8:11:5c:25:bc:77:30:e0:86:67:88:a5:b0:2e:23:e6:b7:eb:ef:67:54:a6
Signer

Actual PE Digest

8e:c2:0e:91:b0:b2:da:ff:23:0b:b8:11:5c:25:bc:77:30:e0:86:67:88:a5:b0:2e:23:e6:b7:eb:ef:67:54:a6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\__w\1\s\build\x64-win-redist-release\bin\DirectML.pdb

Imports

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
GetProcessHeap
HeapSize
HeapReAlloc

api-ms-win-core-synch-l1-1-0

WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
DeleteCriticalSection
ReleaseMutex
ReleaseSemaphore
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
OpenSemaphoreW
CreateMutexExW

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
TlsFree
TlsGetValue
TlsAlloc
ExitProcess
GetCurrentThreadId
TerminateProcess
GetCurrentProcessId
GetStartupInfoW
GetCurrentProcess

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleFileNameW
LoadLibraryExW
DisableThreadLibraryCalls
LoadResource
GetModuleHandleW
LockResource
GetProcAddress
FreeLibrary

api-ms-win-core-localization-l1-2-0

GetOEMCP
FormatMessageW
GetLocaleInfoEx
GetLocaleInfoW
EnumSystemLocalesW
GetUserDefaultLCID
GetACP
IsValidLocale
LCMapStringW
GetCPInfo
LCMapStringEx
IsValidCodePage

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-libraryloader-l1-2-1

FindResourceW
LoadLibraryW

api-ms-win-core-memory-l1-1-0

VirtualFree
VirtualAlloc

d3d12

D3D12SerializeVersionedRootSignature

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringEx
MultiByteToWideChar
CompareStringW
GetStringTypeW

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
CreateFileW
SetFilePointerEx
WriteFile
FlushFileBuffers
FindFirstFileExW
GetFileType

api-ms-win-core-fibers-l1-1-0

FlsFree
FlsSetValue
FlsAlloc
FlsGetValue

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
GetStdHandle
SetStdHandle
FreeEnvironmentStringsW

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-core-console-l1-1-0

GetConsoleMode
GetConsoleOutputCP
WriteConsoleW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-appmodel-runtime-l1-1-0

GetCurrentPackageFullName

Exports

Exports

DMLCreateDevice
DMLCreateDevice1

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 82KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/Overlay.cfg
bin/configs/Default.cfg
bin/models/PhantomForces_Hamsta_v1.onnx
bin/models/Universal_Hamsta_v4.onnx
onnxruntime.dll
.dll windows:6 windows x64 arch:x64

Password: infected

39e1a29a795654c064e5e6ee1d09c320

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:c5:5b:e5:7b:f8:7b:45:cb:d8:d9:84:05:84:44:65:96:e9:58:cd:b4:7b:83:93:1e:94:56:6e:fb:19:4e:24
Signer

Actual PE Digest

c6:c5:5b:e5:7b:f8:7b:45:cb:d8:d9:84:05:84:44:65:96:e9:58:cd:b4:7b:83:93:1e:94:56:6e:fb:19:4e:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\b\RelWithDebInfo\RelWithDebInfo\onnxruntime.pdb

Imports

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
GetFinalPathNameByHandleW
GetFileAttributesW
ReadFile
FindNextFileW
CreateDirectoryW
GetFileAttributesA
DeleteFileW
GetFullPathNameW
SetFilePointerEx
CreateDirectoryA
FindClose
GetFileSizeEx
FindFirstFileW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

msvcp140

??7ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?eof@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
_Xtime_get_ticks
_Query_perf_counter
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??Bios_base@std@@QEBA_NXZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
_Thrd_id
?wclog@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Thrd_hardware_concurrency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
strchr
__std_terminate
__current_exception
_purecall
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
memcpy
__std_type_info_name
memchr
__RTtypeid
__std_type_info_destroy_list
__current_exception_context
memmove
memset
_CxxThrowException
memcmp

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
abort
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
__doserrno
_beginthreadex
_set_doserrno
_errno
strerror_s
_seh_filter_dll
_initterm_e
_initterm
strerror
_invalid_parameter_noinfo
_crt_atexit
_get_errno
terminate
_cexit
_execute_onexit_table
_set_errno

api-ms-win-crt-stdio-l1-1-0

_wsopen_s
fclose
_write
_close
fputc
__stdio_common_vswprintf
_read
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
fgetc
__stdio_common_vsprintf
fwrite
fflush
__acrt_iob_func
_sopen_s
__stdio_common_vsprintf_s
ungetc
setvbuf
fgetpos
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

isalpha
isalnum
strncmp
towlower
iswspace
toupper
tolower
_towlower_l
_strnicmp
strcmp
isdigit
isspace
strnlen
_towupper_l

api-ms-win-crt-convert-l1-1-0

strtoull
strtod
strtoll
atoi
strtol
strtof
_strtoi64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_fstat64i32
_wstat64
_unlock_file

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_aligned_free
calloc
_aligned_malloc

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeConditionVariable
InitOnceComplete
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
CreateEventW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumber
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformationEx
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageA
FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualAlloc
MapViewOfFile
VirtualQuery
VirtualProtect
CreateFileMappingW
VirtualFree

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-processtopology-l1-1-0

SetThreadGroupAffinity

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchRemoveBackslash

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-crt-time-l1-1-0

_difftime64
_mktime64
_gmtime64_s
wcsftime
_localtime64_s

api-ms-win-crt-locale-l1-1-0

localeconv
_free_locale
_create_locale

api-ms-win-crt-math-l1-1-0

acosf
exp
expf
_ldclass
_fdclass
_dclass
sin
sinf
floor
floorf
atanf
sinhf
fmod
sqrt
ceil
sqrtf
fmodf
log
log10
asinf
ceilf
log2
_ldsign
llroundl
_fdsign
asinhf
atanhf
acoshf
log1pf
nearbyintf
remainderf
rintf
rint
cos
tanhf
logf
cosf
ilogbf
scalbn
ilogb
scalbnf
tanf
ldexp
fmax
roundf
pow
powf
tanh
coshf
_dsign

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

OrtGetApiBase
OrtGetWinMLAdapter
OrtSessionOptionsAppendExecutionProviderEx_DML
OrtSessionOptionsAppendExecutionProvider_CPU
OrtSessionOptionsAppendExecutionProvider_DML

Sections

.text
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 377KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtimes/win-arm/native/onnxruntime.dll
.dll windows:6 windows

Password: infected

c0b3d77fdce8a6e210b73b8ab89af645

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:4e:13:f0:68:7c:33:42:b6:9a:df:6f:70:88:29:c7:a3:d1:bd:d0:a2:26:52:8a:cc:4b:84:9b:f2:3c:81:4f
Signer

Actual PE Digest

83:4e:13:f0:68:7c:33:42:b6:9a:df:6f:70:88:29:c7:a3:d1:bd:d0:a2:26:52:8a:cc:4b:84:9b:f2:3c:81:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\a\_work\1\b\RelWithDebInfo\RelWithDebInfo\onnxruntime.pdb

Imports

api-ms-win-core-file-l1-1-0

FindClose
GetFullPathNameW
GetFileAttributesA
GetFileAttributesW
FindNextFileW
GetFinalPathNameByHandleW
SetFilePointerEx
CreateDirectoryA
RemoveDirectoryW
GetFileSizeEx
ReadFile
FindFirstFileW
DeleteFileW
CreateDirectoryW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

msvcp140

?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBA?AVlocale@2@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAAHXZ
??Bid@locale@std@@QAAIXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAAAAV01@AAF@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAA?AVlocale@2@ABV32@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAA@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAAAAV01@AAI@Z
_Xtime_get_ticks
_Query_perf_counter
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?eof@ios_base@std@@QBA_NXZ
?good@ios_base@std@@QBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAAAAV12@PAD_J@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBA_JXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBAPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAA@XZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAXPAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBAPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBAPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBAPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBAPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBAPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAA@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAA_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAAXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAA@XZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAA_JPB_W_J@Z
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBAPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAAAAV12@XZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBAPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBA_WXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAAG_W@Z
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBAPA_WXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAA@XZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAAXPA_W0@Z
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBAPA_WXZ
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBAPA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBAPA_WXZ
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBAPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAAXH@Z
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAAXPA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IBAPA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAAXPA_W00@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAAPA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAA@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAA_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAA_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAAPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAAXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAA@XZ
?width@ios_base@std@@QAA_J_J@Z
?width@ios_base@std@@QBA_JXZ
?flags@ios_base@std@@QBAHXZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAA_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAADD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAAHD@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBAPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBAPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@_K@Z
?setf@ios_base@std@@QAAHHH@Z
?_Getcvt@_Locinfo@std@@QBA?AU_Cvtvec@@XZ
?always_noconv@codecvt_base@std@@QBA_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBA_WD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV12@D@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBA_NXZ
??7ios_base@std@@QBA_NXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBADD@Z
?getloc@ios_base@std@@QBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAAAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@P6AAAV01@AAV01@@Z@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?classic@locale@std@@SAABV12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAA@H@Z
??1_Lockit@std@@QAA@XZ
_Query_perf_frequency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@PBX@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAA@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@H@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBAHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAXPAPAD0PAH001@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAA_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBAHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@_J@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??0_Locinfo@std@@QAA@PBD@Z
??1_Locinfo@std@@QAA@XZ
?_Getfalse@_Locinfo@std@@QBAPBDXZ
?_Gettrue@_Locinfo@std@@QBAPBDXZ
??0facet@locale@std@@IAA@I@Z
??1facet@locale@std@@MAA@XZ
?c_str@?$_Yarn@D@std@@QBAPBDXZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAA?AVlocale@2@ABV32@@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBUtm@@PB_W4@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
_Thrd_id
?wclog@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAAAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAAAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@G@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAAAAV01@AAH@Z
?rdstate@ios_base@std@@QBAHXZ
?setf@ios_base@std@@QAAHH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?out@?$codecvt@DDU_Mbstatet@@@std@@QBAHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAAAAV01@M@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAPADXZ
_Thrd_hardware_concurrency
?_Incref@facet@locale@std@@UAAXXZ
?_Decref@facet@locale@std@@UAAPAV_Facet_base@3@XZ
?_Addfac@_Locimp@locale@std@@AAAXPAVfacet@23@I@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBAHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBAHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAAXH@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAA@I@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBA_JXZ
??1?$codecvt@_WDU_Mbstatet@@@std@@MAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAA@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??4?$_Yarn@D@std@@QAAAAV01@PBD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAAHXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

vcruntime140

__RTtypeid
memcmp
memcpy
_CxxThrowException
memset
__current_exception_context
__current_exception
__std_type_info_name
__C_specific_handler
strchr
__std_terminate
_purecall
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
__std_type_info_destroy_list
memmove
__std_type_info_compare

api-ms-win-crt-runtime-l1-1-0

abort
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
__doserrno
_beginthreadex
_set_doserrno
_errno
strerror_s
_initterm_e
_initterm
strerror
_get_errno
_invalid_parameter_noinfo_noreturn
_cexit
_invalid_parameter_noinfo
_set_errno
terminate

api-ms-win-crt-stdio-l1-1-0

_wsopen_s
_write
__stdio_common_vsnprintf_s
_close
fputc
_get_stream_buffer_pointers
_read
_fseeki64
fread
__stdio_common_vswprintf
ungetc
setvbuf
__stdio_common_vsprintf
__stdio_common_vfprintf
fclose
__acrt_iob_func
_sopen_s
__stdio_common_vsprintf_s
fgetpos
fsetpos
fwrite
fgetc
fflush

api-ms-win-crt-string-l1-1-0

isalpha
isalnum
towlower
toupper
_strnicmp
iswspace
strcmp
strlen
strncmp
_towupper_l
isdigit
isspace
_towlower_l
strnlen
tolower

api-ms-win-crt-convert-l1-1-0

strtod
atoi
strtol
strtoll
strtof
strtoull
_strtoi64

api-ms-win-crt-filesystem-l1-1-0

_fstat64i32
_wstat64
_unlock_file
_lock_file

api-ms-win-crt-heap-l1-1-0

_aligned_malloc
calloc
free
_callnewh
malloc
_aligned_free

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
WakeConditionVariable

api-ms-win-core-synch-l1-1-0

CreateEventW
CreateMutexExW
OpenSemaphoreW
ReleaseSRWLockExclusive
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreExW
ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLogicalProcessorInformationEx
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
LoadLibraryExA
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryExW
GetModuleFileNameA

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetCurrentProcessorNumber

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

FormatMessageA
GetLocaleInfoEx
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
VirtualProtect
VirtualAlloc
MapViewOfFile
VirtualFree
VirtualQuery

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-processtopology-l1-1-0

SetThreadGroupAffinity

api-ms-win-core-registry-l1-1-0

RegGetValueA

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchRemoveBackslash

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-crt-time-l1-1-0

_difftime64
wcsftime
_gmtime64_s
_mktime64
_localtime64_s

api-ms-win-crt-locale-l1-1-0

_create_locale
localeconv
_free_locale

api-ms-win-crt-math-l1-1-0

logf
ceilf
cos
cosf
lrintf
pow
powf
coshf
exp
_fdclass
expf
log10
floorf
sin
_ldclass
acosf
sinhf
_dclass
log2
asinf
fmod
_ldsign
llroundl
fmodf
tanhf
_fdsign
asinhf
atanhf
acoshf
log1pf
nearbyintf
remainderf
rintf
rint
atanf
ldexp
tanf
sinf
ilogbf
scalbn
ilogb
scalbnf
tanh
_dsign
fmax
roundf
ceil
log
floor

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

OrtGetApiBase
OrtGetWinMLAdapter
OrtSessionOptionsAppendExecutionProviderEx_DML
OrtSessionOptionsAppendExecutionProvider_CPU
OrtSessionOptionsAppendExecutionProvider_DML

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 325KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtimes/win-arm/native/onnxruntime.lib
runtimes/win-arm64/native/onnxruntime.dll
runtimes/win-arm64/native/onnxruntime.lib
runtimes/win-x64/native/onnxruntime.dll
.dll windows:6 windows x64 arch:x64

Password: infected

39e1a29a795654c064e5e6ee1d09c320

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:c5:5b:e5:7b:f8:7b:45:cb:d8:d9:84:05:84:44:65:96:e9:58:cd:b4:7b:83:93:1e:94:56:6e:fb:19:4e:24
Signer

Actual PE Digest

c6:c5:5b:e5:7b:f8:7b:45:cb:d8:d9:84:05:84:44:65:96:e9:58:cd:b4:7b:83:93:1e:94:56:6e:fb:19:4e:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\b\RelWithDebInfo\RelWithDebInfo\onnxruntime.pdb

Imports

api-ms-win-core-file-l1-1-0

RemoveDirectoryW
GetFinalPathNameByHandleW
GetFileAttributesW
ReadFile
FindNextFileW
CreateDirectoryW
GetFileAttributesA
DeleteFileW
GetFullPathNameW
SetFilePointerEx
CreateDirectoryA
FindClose
GetFileSizeEx
FindFirstFileW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

msvcp140

??7ios_base@std@@QEBA_NXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@I@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPEBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?eof@ios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAF@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
_Xtime_get_ticks
_Query_perf_counter
?id@?$ctype@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPEBD@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?classic@locale@std@@SAAEBV12@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
??Bios_base@std@@QEBA_NXZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AEAVios_base@2@_WPEBUtm@@PEB_W4@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
_Thrd_id
?wclog@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
_Thrd_hardware_concurrency
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
strchr
__std_terminate
__current_exception
_purecall
__std_exception_copy
__std_exception_destroy
__std_type_info_compare
memcpy
__std_type_info_name
memchr
__RTtypeid
__std_type_info_destroy_list
__current_exception_context
memmove
memset
_CxxThrowException
memcmp

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
abort
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
__doserrno
_beginthreadex
_set_doserrno
_errno
strerror_s
_seh_filter_dll
_initterm_e
_initterm
strerror
_invalid_parameter_noinfo
_crt_atexit
_get_errno
terminate
_cexit
_execute_onexit_table
_set_errno

api-ms-win-crt-stdio-l1-1-0

_wsopen_s
fclose
_write
_close
fputc
__stdio_common_vswprintf
_read
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
fgetc
__stdio_common_vsprintf
fwrite
fflush
__acrt_iob_func
_sopen_s
__stdio_common_vsprintf_s
ungetc
setvbuf
fgetpos
__stdio_common_vfprintf

api-ms-win-crt-string-l1-1-0

isalpha
isalnum
strncmp
towlower
iswspace
toupper
tolower
_towlower_l
_strnicmp
strcmp
isdigit
isspace
strnlen
_towupper_l

api-ms-win-crt-convert-l1-1-0

strtoull
strtod
strtoll
atoi
strtol
strtof
_strtoi64

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_fstat64i32
_wstat64
_unlock_file

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free
_aligned_free
calloc
_aligned_malloc

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
WakeConditionVariable
InitOnceComplete
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSemaphore
CreateEventW
CreateMutexExW
OpenSemaphoreW
WaitForSingleObjectEx
ReleaseMutex
WaitForSingleObject

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumber
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetLogicalProcessorInformationEx
GetSystemTimeAsFileTime
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleW
LoadLibraryExW
GetProcAddress
FreeLibrary

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-localization-l1-2-0

GetLocaleInfoEx
FormatMessageA
FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualAlloc
MapViewOfFile
VirtualQuery
VirtualProtect
CreateFileMappingW
VirtualFree

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-processtopology-l1-1-0

SetThreadGroupAffinity

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchRemoveBackslash

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventWriteTransfer
EventUnregister
EventSetInformation

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-crt-time-l1-1-0

_difftime64
_mktime64
_gmtime64_s
wcsftime
_localtime64_s

api-ms-win-crt-locale-l1-1-0

localeconv
_free_locale
_create_locale

api-ms-win-crt-math-l1-1-0

acosf
exp
expf
_ldclass
_fdclass
_dclass
sin
sinf
floor
floorf
atanf
sinhf
fmod
sqrt
ceil
sqrtf
fmodf
log
log10
asinf
ceilf
log2
_ldsign
llroundl
_fdsign
asinhf
atanhf
acoshf
log1pf
nearbyintf
remainderf
rintf
rint
cos
tanhf
logf
cosf
ilogbf
scalbn
ilogb
scalbnf
tanf
ldexp
fmax
roundf
pow
powf
tanh
coshf
_dsign

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

OrtGetApiBase
OrtGetWinMLAdapter
OrtSessionOptionsAppendExecutionProviderEx_DML
OrtSessionOptionsAppendExecutionProvider_CPU
OrtSessionOptionsAppendExecutionProvider_DML

Sections

.text
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 377KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtimes/win-x64/native/onnxruntime.lib
runtimes/win-x86/native/onnxruntime.dll
.dll windows:6 windows x86 arch:x86

9b9eefe3aa2efecf5bfc3511ac8762b1

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:d7:77:b2:a9:ff:28:51:3c:d3:77:d8:c0:b2:bd:49:4b:fe:a3:86:27:87:a9:36:51:79:99:1b:f4:d6:d8:13
Signer

Actual PE Digest

f6:d7:77:b2:a9:ff:28:51:3c:d3:77:d8:c0:b2:bd:49:4b:fe:a3:86:27:87:a9:36:51:79:99:1b:f4:d6:d8:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\b\RelWithDebInfo\RelWithDebInfo\onnxruntime.pdb

Imports

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFileAttributesA
GetFinalPathNameByHandleW
DeleteFileW
FindFirstFileW
RemoveDirectoryW
SetFilePointerEx
CreateDirectoryA
GetFileSizeEx
GetFullPathNameW
FindClose
FindNextFileW
CreateDirectoryW
ReadFile

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableA

msvcp140

?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_init_in_situ
_Mtx_unlock
?eof@ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_function_call@std@@YAXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?classic@locale@std@@SAABV12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
_Query_perf_counter
_Xtime_get_ticks
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBUtm@@PB_W4@Z
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$numpunct@_W@std@@2V0locale@2@A
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAF@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
??7ios_base@std@@QBE_NXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
_Thrd_id
?wclog@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?_Syserror_map@std@@YAPBDH@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Winerror_map@std@@YAHH@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
_Thrd_hardware_concurrency

vcruntime140

_except_handler4_common
__CxxFrameHandler3
__std_exception_destroy
memchr
memcpy
memmove
__std_type_info_compare
_CxxThrowException
__std_type_info_name
__RTtypeid
__std_exception_copy
_purecall
__std_terminate
strchr
__std_type_info_destroy_list
__current_exception_context
__current_exception
memset

api-ms-win-crt-runtime-l1-1-0

terminate
_crt_atexit
_execute_onexit_table
_invalid_parameter_noinfo
_get_errno
_register_onexit_function
_initialize_onexit_table
_set_errno
_configure_narrow_argv
_initterm
_initterm_e
strerror
abort
_invalid_parameter_noinfo_noreturn
_errno
__doserrno
_beginthreadex
_set_doserrno
_initialize_narrow_environment
strerror_s
_cexit
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

fread
_get_stream_buffer_pointers
fsetpos
_sopen_s
ungetc
__stdio_common_vsnprintf_s
setvbuf
__stdio_common_vswprintf
fgetpos
__acrt_iob_func
fwrite
_wsopen_s
fgetc
fflush
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf
_read
__stdio_common_vsprintf_s
_fseeki64
_write
fputc
_close

api-ms-win-crt-string-l1-1-0

_towlower_l
strncmp
isalnum
towlower
toupper
isalpha
isspace
strnlen
_strnicmp
iswspace
tolower
_towupper_l
isdigit

api-ms-win-crt-convert-l1-1-0

strtof
strtoll
strtod
strtoull
strtol
atoi
_strtoi64

api-ms-win-crt-filesystem-l1-1-0

_wstat64
_unlock_file
_fstat64i32
_lock_file

api-ms-win-crt-heap-l1-1-0

_aligned_free
_aligned_malloc
malloc
calloc
_callnewh
free

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
WakeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
Sleep

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
CreateEventW
WaitForSingleObject
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseMutex

api-ms-win-core-processthreads-l1-1-0

GetCurrentThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
TerminateProcess

api-ms-win-core-processthreads-l1-1-1

GetCurrentProcessorNumber
IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemInfo
GetSystemTimeAsFileTime
GetLogicalProcessorInformationEx

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA
GetModuleHandleW
GetModuleHandleExW
LoadLibraryExA
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetProcAddress
GetModuleFileNameA

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-localization-l1-2-0

FormatMessageA
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
VirtualAlloc
VirtualFree
VirtualProtect
MapViewOfFile
UnmapViewOfFile
VirtualQuery

api-ms-win-core-file-l1-2-0

CreateFile2

api-ms-win-core-processtopology-l1-1-0

SetThreadGroupAffinity

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathCchRemoveFileSpec

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-sysinfo-l1-2-0

GetSystemTimePreciseAsFileTime

api-ms-win-crt-time-l1-1-0

_difftime64
_gmtime64_s
_mktime64
wcsftime
_localtime64_s

api-ms-win-crt-locale-l1-1-0

_create_locale
localeconv
_free_locale

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
ceil
floor
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_libm_sse2_atan_precise
_ldsign
llroundl
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_ldclass
_fdclass
ldexp
_dclass
log2
_dsign
_CItanh
_CIsinh
_CIfmod
roundf
fmax
_fdsign
asinhf
atanhf
acoshf
log1pf
nearbyintf
remainderf
rintf
rint
_CIcosh
scalbnf
_libm_sse2_exp_precise
ilogbf
scalbn
ilogb

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

Exports

Exports

OrtGetApiBase
OrtGetWinMLAdapter
OrtSessionOptionsAppendExecutionProviderEx_DML
OrtSessionOptionsAppendExecutionProvider_CPU
OrtSessionOptionsAppendExecutionProvider_DML

Sections

.text
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 325KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 437KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
runtimes/win-x86/native/onnxruntime.lib

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

90d2464c05751e0163b327ef7e8a4518

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 1024B - Virtual size: 840B

.rsrc Size: 1KB - Virtual size: 1KB

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 5.8MB - Virtual size: 5.8MB

.rsrc Size: 1KB - Virtual size: 1KB

Password: infected

90d2464c05751e0163b327ef7e8a4518

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

shell32

advapi32

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 5KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 348B

.reloc Size: 1024B - Virtual size: 840B

.rsrc Size: 1KB - Virtual size: 1KB

Password: infected

6af4a8d442d21ca96033085fddf29a99

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4eCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ab:2d:42:53:a1:45:6e:a1:04:15:18:48:f1:c9:86:25:da:2e:5d:c1:c0:74:c2:e5:dc:5b:fa:af:22:98:1c:59Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 840B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 5.8MB - Virtual size: 5.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 840B

.rsrc
Size: 1KB - Virtual size: 1KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ab:2d:42:53:a1:45:6e:a1:04:15:18:48:f1:c9:86:25:da:2e:5d:c1:c0:74:c2:e5:dc:5b:fa:af:22:98:1c:59
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 472KB - Virtual size: 471KB

.data
Size: 17KB - Virtual size: 25KB

.pdata
Size: 97KB - Virtual size: 97KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 22KB - Virtual size: 22KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

8e:c2:0e:91:b0:b2:da:ff:23:0b:b8:11:5c:25:bc:77:30:e0:86:67:88:a5:b0:2e:23:e6:b7:eb:ef:67:54:a6
Signer

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 2.7MB - Virtual size: 2.7MB

.data
Size: 82KB - Virtual size: 97KB

.pdata
Size: 114KB - Virtual size: 114KB

_RDATA
Size: 512B - Virtual size: 512B

.rsrc
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 35KB - Virtual size: 35KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

c6:c5:5b:e5:7b:f8:7b:45:cb:d8:d9:84:05:84:44:65:96:e9:58:cd:b4:7b:83:93:1e:94:56:6e:fb:19:4e:24
Signer