x64 M-Centres 3[.]3[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

x64 M-Centres 3.3.zip
Size

3.0MB
MD5

3e0ccaa823e595919785395677b122bc
SHA1

e509fa8bf1118346b3eb912d0b14aef7669e8c10
SHA256

0b0451f8dc00f01e56fc4ac71204f8e9ae7b4b2993b4b9abeb1fe4d265d36ee5
SHA512

c16816d0fb0f1975cc7d2137affaf32154b4055ae0cd038b718edc29ff95de62592ba3618dcac6aebaefcc0130b071f0b3df7bcd1925d319b2289d860ab6e3ab
SSDEEP

98304:H3AG8qhoYHRSCevSLn/96bM3AGyqigzHPp3AGyqim:HIqvgYnYgWhgLPpWhm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/x64 M-Centres 3.3/M-Centres 3.3.exe

Files

x64 M-Centres 3.3.zip
.zip

Password: uninfected
x64 M-Centres 3.3/25951.1000/x64/Windows.ApplicationModel.Store.dll
.dll windows:10 windows x64 arch:x64

Password: uninfected

13b4861232004ca16623814955cda5b0

Code Sign

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:b8:91:0a:cd:ee:bd:57:4f:d9:46:77:47:fd:ea:40:3a:fe:fd:2e:74:6a:5c:a0:71:9e:84:58:34:d8:93:aa
Signer

Actual PE Digest

ee:b8:91:0a:cd:ee:bd:57:4f:d9:46:77:47:fd:ea:40:3a:fe:fd:2e:74:6a:5c:a0:71:9e:84:58:34:d8:93:aa

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.ApplicationModel.Store.pdb

Imports

msvcrt

_callnewh
_wtoi
wcscspn
_wtof
wcstoul
_vsnprintf
_snwprintf_s
_wcstoui64
wcschr
wcsrchr
wcstod
_wcstoi64
_wcsdup
_wtol
toupper
wcsstr
floor
_itow_s
_wcsicmp
memcmp
memcpy
memmove
memset
mbstowcs_s
memmove_s
strcmp
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
strchr
strrchr
_set_errno
strtol
strncpy_s
wcstombs
sprintf_s
_wcsupr
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
malloc
wcscpy_s
??_V@YAXPEAX@Z
__C_specific_handler
free
_purecall
memcpy_s
_vsnwprintf
wcscmp

ntdll

RtlUpcaseUnicodeChar
NtQueryInformationProcess
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosError
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlUnsubscribeWnfStateChangeNotification
EtwEventWriteTransfer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime

combase

ord12
ord14
ord2
ord13
CStdStubBuffer_CountRefs
ord16
CStdStubBuffer_QueryInterface
ord7
ord9
CStdStubBuffer_DebugServerRelease
ord24
CStdStubBuffer_IsIIDSupported
ord15
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
ord23
ord20
ord21
ord17
NdrCStdStubBuffer2_Release
ord8
ord19
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
ord10
CStdStubBuffer2_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_Disconnect
ord6
CStdStubBuffer2_QueryInterface
CStdStubBuffer_AddRef
ord22
ord33
ord34
ord11
CStdStubBuffer2_Connect
ord18
ord32
ord25
ord5

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
FreeResource
LockResource
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
LoadStringW

api-ms-win-core-localization-l1-2-0

GetGeoInfoW
GetUserDefaultLocaleName
GetUserGeoID
LCMapStringEx
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
OpenThread
GetCurrentProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
GetProcessIdOfThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
InitializeSRWLock
ResetEvent
WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventExW
SetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcBindingFromStringBindingW
UuidFromStringW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
UuidCreate
RpcStringFreeW
NdrClientCall3
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrOleFree
NdrStubCall3
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrOleAllocate

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetTickCount
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
DuplicateTokenEx
GetLengthSid
CopySid
RevertToSelf
AllocateAndInitializeSid
FreeSid
GetTokenInformation

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

GetFileSize
WriteFile
CompareFileTime
DeleteFileA
CreateFileA
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
CreateDirectoryW
ReadFile
DeleteFileW
CreateFileW
FindClose
FindFirstFileA
GetFileInformationByHandle
SetFilePointer

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-file-l1-2-2

GetTempFileNameA
GetTempPathA

cabinet

ord14
ord10
ord13
ord11

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-path-l1-1-0

PathCchAppendEx
PathCchAddExtension

api-ms-win-core-localization-l2-1-0

GetCurrencyFormatEx

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-url-l1-1-0

UrlEscapeW

cryptsp

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW
FlushTraceW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCombineA
PathAppendA
PathRemoveFileSpecA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree

api-ms-win-security-capability-l1-1-0

CapabilityCheck

iertutil

ord74
ord85
ord76
ord89

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen

webservices

WsCreateReader
WsReadXmlBufferFromBytes
WsSetInputToBuffer
WsMoveReader
WsReadToStartElement
WsGetReaderPosition
WsReadBytes
WsReadStartElement
WsCreateError
WsCreateHeap
WsFreeReader
WsFreeHeap
WsFreeError
WsReadEndAttribute
WsReadStartAttribute
WsFindAttribute
WsReadChars

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64 M-Centres 3.3/25951.1000/x64/opcodes.json
x64 M-Centres 3.3/25951.1000/x86/Windows.ApplicationModel.Store.dll
.dll windows:10 windows x86 arch:x86

Password: uninfected

f46d08ee2b5f9e762874668b5aa3344d

Code Sign

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:fc:a6:37:29:f0:d1:2b:9e:ef:08:b5:cc:6b:a9:55:48:40:a3:43:b4:95:eb:a0:62:0a:b0:63:5b:38:94:8c
Signer

Actual PE Digest

fa:fc:a6:37:29:f0:d1:2b:9e:ef:08:b5:cc:6b:a9:55:48:40:a3:43:b4:95:eb:a0:62:0a:b0:63:5b:38:94:8c

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Windows.ApplicationModel.Store.pdb

Imports

msvcrt

wcscpy_s
??_V@YAXPAX@Z
free
_purecall
_wtof
wcstoul
_vsnprintf
_snwprintf_s
memcpy_s
_wcstoui64
wcschr
_amsg_exit
_ftol2_sse
realloc
_errno
_ftol2
wcstod
_wcstoi64
_initterm
floor
_vsnwprintf
_wcsupr
_wcsdup
_wtol
wcsstr
_unlock
_except_handler4_common
_itow_s
_wcsicmp
wcscspn
_wtoi
_callnewh
wcsrchr
toupper
memmove_s
strchr
strrchr
_set_errno
strtol
strncpy_s
wcstombs
sprintf_s
memcmp
__CxxFrameHandler3
memcpy
memmove
_lock
malloc
_XcptFilter
_onexit
__dllonexit
mbstowcs_s
memset

ntdll

RtlUpcaseUnicodeChar
RtlNtStatusToDosError
NtQueryInformationProcess
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlUnsubscribeWnfStateChangeNotification
EtwEventWriteTransfer
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlPublishWnfStateData

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime

combase

NdrCStdStubBuffer2_Release
ord19
ord22
ord13
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
ord18
CStdStubBuffer2_CountRefs
CStdStubBuffer_DebugServerQueryInterface
ord17
ord21
CStdStubBuffer2_Disconnect
ord2
ord25
ord11
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
ord15
CStdStubBuffer_QueryInterface
ord24
ord23
ord10
ord6
CStdStubBuffer2_QueryInterface
ord16
CStdStubBuffer_AddRef
ord33
ord34
ord5
ord7
ord8
CStdStubBuffer2_Connect
ord9
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
ord32
CStdStubBuffer_CountRefs
ord14
ord12
ord20

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetModuleHandleW
FindResourceExW
FreeLibrary
LockResource
FreeResource
LoadStringW
GetModuleFileNameA
LoadResource
DisableThreadLibraryCalls
GetModuleHandleExW
GetProcAddress

api-ms-win-core-localization-l1-2-0

LCMapStringEx
GetLocaleInfoEx
GetUserGeoID
FormatMessageW
GetUserDefaultLocaleName
GetGeoInfoW

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentProcessId
GetProcessId
GetCurrentThread
OpenThread
GetProcessIdOfThread
TerminateProcess
OpenProcessToken
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

SetEvent
ReleaseMutex
WaitForSingleObjectEx
ReleaseSemaphore
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
InitializeCriticalSectionEx
ResetEvent
WaitForMultipleObjectsEx
InitializeCriticalSection
WaitForSingleObject
OpenSemaphoreW
InitializeSRWLock
ReleaseSRWLockExclusive
CreateEventExW
CreateMutexExW
CreateSemaphoreExW
EnterCriticalSection
CreateEventW
DeleteCriticalSection
LeaveCriticalSection

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

rpcrt4

NdrClientCall4
UuidFromStringW
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcServerInqCallAttributesW
I_RpcBindingInqLocalClientPID
IUnknown_QueryInterface_Proxy
NdrOleAllocate
IUnknown_Release_Proxy
NdrOleFree
IUnknown_AddRef_Proxy
NdrStubCall2
NdrStubForwardingFunction
NdrDllCanUnloadNow
NdrDllGetClassObject
UuidCreate

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-synch-l1-2-0

Sleep
WakeAllConditionVariable
InitOnceExecuteOnce
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetLocalTime
GetTickCount
GetVersionExA
GetSystemTime
GetSystemTimeAsFileTime

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventProviderEnabled
EventWriteTransfer
EventActivityIdControl

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-security-base-l1-1-0

GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
GetLengthSid
CopySid
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

DeleteFileA
SetFilePointer
GetFileInformationByHandle
ReadFile
CreateFileA
CompareFileTime
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
FindClose
FindFirstFileA
CreateDirectoryW
CreateFileW
GetFileSize
DeleteFileW
WriteFile

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-file-l1-2-2

GetTempFileNameA
GetTempPathA

cabinet

ord10
ord13
ord14
ord11

api-ms-win-core-registry-l1-1-0

RegGetValueW
RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-path-l1-1-0

PathCchAddExtension
PathCchAppendEx

api-ms-win-core-localization-l2-1-0

GetCurrencyFormatEx

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-url-l1-1-0

UrlEscapeW

cryptsp

CryptCreateHash
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptAcquireContextW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-eventing-legacy-l1-1-0

FlushTraceW
QueryTraceW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCombineA
PathRemoveFileSpecA
PathAppendA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree

api-ms-win-security-capability-l1-1-0

CapabilityCheck

iertutil

ord85
ord74
ord89
ord76

winhttp

WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpReadData
WinHttpSetStatusCallback
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpCloseHandle
WinHttpSetTimeouts
WinHttpOpen
WinHttpConnect
WinHttpCrackUrl

webservices

WsCreateError
WsReadXmlBufferFromBytes
WsSetInputToBuffer
WsMoveReader
WsReadToStartElement
WsGetReaderPosition
WsReadBytes
WsReadStartElement
WsCreateReader
WsFreeReader
WsFreeHeap
WsFreeError
WsCreateHeap
WsReadEndAttribute
WsReadStartAttribute
WsFindAttribute
WsReadChars

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64 M-Centres 3.3/25951.1000/x86/opcodes.json
x64 M-Centres 3.3/M-Centres 3.3.exe
.exe windows:4 windows x64 arch:x64

Password: uninfected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
x64 M-Centres 3.3/M-Centres 3.3.exe.config
x64 M-Centres 3.3/Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

Password: uninfected

dae02f32a21e03ce65412f6e56942daa

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:b0:41:8d:a5:1e:14:8c:33:1b:bc:de:b7:13:83:23
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/04/2018, 12:41

Not After

27/04/2028, 12:41

Subject

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:71:a1:b0:c2:96:f5:c7:90:65:47:0a:3c:20:53:7e
Certificate

Issuer

CN=.NET Foundation Projects Code Signing CA,O=.NET Foundation,C=US

Not Before

25/10/2018, 00:00

Not After

29/10/2021, 12:00

Subject

SERIALNUMBER=603 389 068,CN=Json.NET (.NET Foundation),O=Json.NET (.NET Foundation),L=Redmond,ST=wa,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10
Signer

Actual PE Digest

2e:83:93:14:a9:06:f5:64:04:02:a1:dc:eb:a3:1a:a7:e9:21:c8:88:2c:dd:c2:3c:e4:c0:45:50:4c:ee:75:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 675KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64 M-Centres 3.3/Newtonsoft.Json.xml
.xml
x64 M-Centres 3.3/Windows.ApplicationModel.Store.dll
.dll windows:10 windows x64 arch:x64

Password: uninfected

13b4861232004ca16623814955cda5b0

Code Sign

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:85:19:22:f8:21:5f:db:1d:f7:d1:a1:14:40:71:ac:bf:2d:9c:90:0b:05:09:0f:25:74:69:62:6d:7f:5a:f0
Signer

Actual PE Digest

87:85:19:22:f8:21:5f:db:1d:f7:d1:a1:14:40:71:ac:bf:2d:9c:90:0b:05:09:0f:25:74:69:62:6d:7f:5a:f0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.ApplicationModel.Store.pdb

Imports

msvcrt

_callnewh
_wtoi
wcscspn
_wtof
wcstoul
_vsnprintf
_snwprintf_s
_wcstoui64
wcschr
wcsrchr
wcstod
_wcstoi64
_wcsdup
_wtol
toupper
wcsstr
floor
_itow_s
_wcsicmp
memcmp
memcpy
memmove
memset
mbstowcs_s
memmove_s
strcmp
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
strchr
strrchr
_set_errno
strtol
strncpy_s
wcstombs
sprintf_s
_wcsupr
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
malloc
wcscpy_s
??_V@YAXPEAX@Z
__C_specific_handler
free
_purecall
memcpy_s
_vsnwprintf
wcscmp

ntdll

RtlUpcaseUnicodeChar
NtQueryInformationProcess
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosError
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlUnsubscribeWnfStateChangeNotification
EtwEventWriteTransfer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime

combase

ord12
ord14
ord2
ord13
CStdStubBuffer_CountRefs
ord16
CStdStubBuffer_QueryInterface
ord7
ord9
CStdStubBuffer_DebugServerRelease
ord24
CStdStubBuffer_IsIIDSupported
ord15
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
ord23
ord20
ord21
ord17
NdrCStdStubBuffer2_Release
ord8
ord19
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
ord10
CStdStubBuffer2_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_Disconnect
ord6
CStdStubBuffer2_QueryInterface
CStdStubBuffer_AddRef
ord22
ord33
ord34
ord11
CStdStubBuffer2_Connect
ord18
ord32
ord25
ord5

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
FreeResource
LockResource
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
LoadStringW

api-ms-win-core-localization-l1-2-0

GetGeoInfoW
GetUserDefaultLocaleName
GetUserGeoID
LCMapStringEx
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
OpenThread
GetCurrentProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
GetProcessIdOfThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
InitializeSRWLock
ResetEvent
WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventExW
SetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcBindingFromStringBindingW
UuidFromStringW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
UuidCreate
RpcStringFreeW
NdrClientCall3
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrOleFree
NdrStubCall3
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrOleAllocate

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetTickCount
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
DuplicateTokenEx
GetLengthSid
CopySid
RevertToSelf
AllocateAndInitializeSid
FreeSid
GetTokenInformation

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

GetFileSize
WriteFile
CompareFileTime
DeleteFileA
CreateFileA
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
CreateDirectoryW
ReadFile
DeleteFileW
CreateFileW
FindClose
FindFirstFileA
GetFileInformationByHandle
SetFilePointer

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-file-l1-2-2

GetTempFileNameA
GetTempPathA

cabinet

ord14
ord10
ord13
ord11

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-path-l1-1-0

PathCchAppendEx
PathCchAddExtension

api-ms-win-core-localization-l2-1-0

GetCurrencyFormatEx

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-url-l1-1-0

UrlEscapeW

cryptsp

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW
FlushTraceW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCombineA
PathAppendA
PathRemoveFileSpecA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree

api-ms-win-security-capability-l1-1-0

CapabilityCheck

iertutil

ord74
ord85
ord76
ord89

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen

webservices

WsCreateReader
WsReadXmlBufferFromBytes
WsSetInputToBuffer
WsMoveReader
WsReadToStartElement
WsGetReaderPosition
WsReadBytes
WsReadStartElement
WsCreateError
WsCreateHeap
WsFreeReader
WsFreeHeap
WsFreeError
WsReadEndAttribute
WsReadStartAttribute
WsFindAttribute
WsReadChars

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64 M-Centres 3.3/dlls/Windows.ApplicationModel.Store.dll
.dll windows:10 windows x64 arch:x64

Password: uninfected

13b4861232004ca16623814955cda5b0

Code Sign

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/03/2020, 18:29

Not After

03/03/2021, 18:29

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

87:85:19:22:f8:21:5f:db:1d:f7:d1:a1:14:40:71:ac:bf:2d:9c:90:0b:05:09:0f:25:74:69:62:6d:7f:5a:f0
Signer

Actual PE Digest

87:85:19:22:f8:21:5f:db:1d:f7:d1:a1:14:40:71:ac:bf:2d:9c:90:0b:05:09:0f:25:74:69:62:6d:7f:5a:f0

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Windows.ApplicationModel.Store.pdb

Imports

msvcrt

_callnewh
_wtoi
wcscspn
_wtof
wcstoul
_vsnprintf
_snwprintf_s
_wcstoui64
wcschr
wcsrchr
wcstod
_wcstoi64
_wcsdup
_wtol
toupper
wcsstr
floor
_itow_s
_wcsicmp
memcmp
memcpy
memmove
memset
mbstowcs_s
memmove_s
strcmp
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
strchr
strrchr
_set_errno
strtol
strncpy_s
wcstombs
sprintf_s
_wcsupr
_unlock
_lock
_initterm
_amsg_exit
_XcptFilter
malloc
wcscpy_s
??_V@YAXPEAX@Z
__C_specific_handler
free
_purecall
memcpy_s
_vsnwprintf
wcscmp

ntdll

RtlUpcaseUnicodeChar
NtQueryInformationProcess
NtQueryWnfStateData
RtlGetDeviceFamilyInfoEnum
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlQueryWnfStateData
RtlNtStatusToDosError
EtwEventRegister
EtwEventUnregister
EtwEventSetInformation
RtlUnsubscribeWnfStateChangeNotification
EtwEventWriteTransfer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-kernel32-legacy-l1-1-0

FileTimeToDosDateTime

combase

ord12
ord14
ord2
ord13
CStdStubBuffer_CountRefs
ord16
CStdStubBuffer_QueryInterface
ord7
ord9
CStdStubBuffer_DebugServerRelease
ord24
CStdStubBuffer_IsIIDSupported
ord15
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
ord23
ord20
ord21
ord17
NdrCStdStubBuffer2_Release
ord8
ord19
NdrCStdStubBuffer_Release
CStdStubBuffer_Invoke
ord10
CStdStubBuffer2_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer2_Disconnect
ord6
CStdStubBuffer2_QueryInterface
CStdStubBuffer_AddRef
ord22
ord33
ord34
ord11
CStdStubBuffer2_Connect
ord18
ord32
ord25
ord5

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
FreeResource
LockResource
GetModuleHandleW
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameA
GetModuleHandleExW
LoadStringW

api-ms-win-core-localization-l1-2-0

GetGeoInfoW
GetUserDefaultLocaleName
GetUserGeoID
LCMapStringEx
FormatMessageW
GetLocaleInfoEx

api-ms-win-core-processthreads-l1-1-0

GetProcessId
TerminateProcess
OpenThread
GetCurrentProcess
GetCurrentThread
OpenThreadToken
OpenProcessToken
GetCurrentProcessId
GetProcessIdOfThread
GetCurrentThreadId

api-ms-win-core-heap-l1-1-0

HeapReAlloc
GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
IsDebuggerPresent
DebugBreak

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
CreateMutexExW
InitializeSRWLock
ResetEvent
WaitForSingleObject
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
OpenSemaphoreW
CreateEventW
ReleaseMutex
ReleaseSemaphore
ReleaseSRWLockShared
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventExW
SetEvent
InitializeCriticalSectionEx
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

rpcrt4

I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcBindingFromStringBindingW
UuidFromStringW
RpcStringBindingComposeW
RpcBindingSetAuthInfoExW
UuidCreate
RpcStringFreeW
NdrClientCall3
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrStubForwardingFunction
IUnknown_AddRef_Proxy
NdrOleFree
NdrStubCall3
IUnknown_QueryInterface_Proxy
IUnknown_Release_Proxy
NdrOleAllocate

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA

api-ms-win-core-synch-l1-2-0

Sleep
InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetTickCount
GetSystemTime
GetTickCount64
GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventRegister
EventProviderEnabled
EventWriteTransfer

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-security-base-l1-1-0

ImpersonateLoggedOnUser
DuplicateTokenEx
GetLengthSid
CopySid
RevertToSelf
AllocateAndInitializeSid
FreeSid
GetTokenInformation

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-file-l1-1-0

GetFileSize
WriteFile
CompareFileTime
DeleteFileA
CreateFileA
FileTimeToLocalFileTime
FindFirstFileExA
FindNextFileA
CreateDirectoryW
ReadFile
DeleteFileW
CreateFileW
FindClose
FindFirstFileA
GetFileInformationByHandle
SetFilePointer

api-ms-win-security-base-l1-2-0

CheckTokenMembershipEx

api-ms-win-core-file-l1-2-2

GetTempFileNameA
GetTempPathA

cabinet

ord14
ord10
ord13
ord11

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegOpenKeyExW
RegCloseKey
RegGetValueW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW
RegDeleteKeyValueW

api-ms-win-core-path-l1-1-0

PathCchAppendEx
PathCchAddExtension

api-ms-win-core-localization-l2-1-0

GetCurrencyFormatEx

api-ms-win-shcore-stream-winrt-l1-1-0

CreateRandomAccessStreamOverStream

api-ms-win-core-url-l1-1-0

UrlEscapeW

cryptsp

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-eventing-legacy-l1-1-0

QueryTraceW
FlushTraceW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathCombineA
PathAppendA
PathRemoveFileSpecA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalFree

api-ms-win-security-capability-l1-1-0

CapabilityCheck

iertutil

ord74
ord85
ord76
ord89

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpReadData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpen

webservices

WsCreateReader
WsReadXmlBufferFromBytes
WsSetInputToBuffer
WsMoveReader
WsReadToStartElement
WsGetReaderPosition
WsReadBytes
WsReadStartElement
WsCreateError
WsCreateHeap
WsFreeReader
WsFreeHeap
WsFreeError
WsReadEndAttribute
WsReadStartAttribute
WsFindAttribute
WsReadChars

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64 M-Centres 3.3/temp/main

Sharing

General

Malware Config

Signatures

Files

Password: uninfected

Password: uninfected

13b4861232004ca16623814955cda5b0

Code Sign

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

ee:b8:91:0a:cd:ee:bd:57:4f:d9:46:77:47:fd:ea:40:3a:fe:fd:2e:74:6a:5c:a0:71:9e:84:58:34:d8:93:aaSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-kernel32-legacy-l1-1-0

combase

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

rpcrt4

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-file-l1-2-2

cabinet

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-path-l1-1-0

api-ms-win-core-localization-l2-1-0

api-ms-win-shcore-stream-winrt-l1-1-0

api-ms-win-core-url-l1-1-0

cryptsp

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-eventing-legacy-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-security-capability-l1-1-0

iertutil

winhttp

webservices

api-ms-win-core-apiquery-l1-1-0

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 876KB - Virtual size: 875KB

.data Size: 8KB - Virtual size: 14KB

.pdata Size: 41KB - Virtual size: 40KB

.didat Size: 1024B - Virtual size: 888B

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 65KB - Virtual size: 65KB

Password: uninfected

f46d08ee2b5f9e762874668b5aa3344d

Code Sign

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

ee:b8:91:0a:cd:ee:bd:57:4f:d9:46:77:47:fd:ea:40:3a:fe:fd:2e:74:6a:5c:a0:71:9e:84:58:34:d8:93:aa
Signer

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 876KB - Virtual size: 875KB

.data
Size: 8KB - Virtual size: 14KB

.pdata
Size: 41KB - Virtual size: 40KB

.didat
Size: 1024B - Virtual size: 888B

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 65KB - Virtual size: 65KB

33:00:00:03:25:48:b2:9d:0e:7f:c5:f4:1f:00:00:00:00:03:25
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

fa:fc:a6:37:29:f0:d1:2b:9e:ef:08:b5:cc:6b:a9:55:48:40:a3:43:b4:95:eb:a0:62:0a:b0:63:5b:38:94:8c
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 4KB - Virtual size: 8KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 428B

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 112KB - Virtual size: 112KB