mirai | 5dcfac410a8ac5371ec25cbf19002209f1d52c7429ea992e2efd965ff55d4fa9

Resubmissions

23/02/2024, 03:45

240223-ea6qpsaf9t 10

23/02/2024, 02:03

240223-cg4htahg5x 10

Sharing

Copy URL

Twitter E-mail

Reason

office: non-rc4 encrypted document not supported

Reason

office: non-rc4 encrypted document not supported

General

Target

5dcfac410a8ac5371ec25cbf19002209f1d52c7429ea992e2efd965ff55d4fa9
Size

285.1MB
MD5

be703c491575eecc60d4cbd09c3205e3
SHA1

69aad609e9e6621bd83881d116adeeba72f77249
SHA256

5dcfac410a8ac5371ec25cbf19002209f1d52c7429ea992e2efd965ff55d4fa9
SHA512

610f0c81ea41b8ab884a27a30374ed6642e2e07d59b575f8c10b94b360f61437b7e1b1b2b853dce12351dd83d9d6f45a900605dada6c35521ea9c8e9655955ae
SSDEEP

6291456:ELXxkOxmKeHhrX/CNQMH5QeV1ubbxbuRi2zer2FoIxIlPUHDIy:gpxDeB8F5QhHx72zeUoI6q0y

Malware Config

Extracted

Family

mirai

Botnet

UNSTABLE

unratio.funpass.services

scamanje.stresserit.pro

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

agenttesla

https://api.telegram.org/bot7013847015:AAGJ9U6sgMmsBCQ0DNkHT8DYuslAtpiqCbA/

Extracted

Family

gafgyt

185.91.127.233:23

103.82.20.7:42516

93.123.39.166:671

Extracted

Family

mirai

Botnet

UNSTABLE

unratio.funpass.services

scamanje.stresserit.pro

Extracted

Family

mirai

scan.rebirthltd.dev

love.booter.cat

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

BOTNET

scan.rebirthltd.dev

194.169.175.31

Extracted

Family

mirai

Botnet

MIRAI

Extracted

Family

mirai

Botnet

UNST

Extracted

Family

njrat

Version

im523

Botnet

Hacked

0.tcp.eu.ngrok.io:19599

Mutex

3a8ee47129614a8ed745ed44d22e4759

Attributes

reg_key
3a8ee47129614a8ed745ed44d22e4759
splitter
|'|'|

Extracted

Family

mirai

Botnet

UNSTABLE

unratio.funpass.services

scamanje.stresserit.pro

Extracted

Family

mirai

Botnet

MIRAI

Extracted

Family

mirai

Botnet

UNSTABLE

unratio.funpass.services

scamanje.stresserit.pro

Extracted

Family

revengerat

Botnet

NyanCatRevenge

marcelotatuape.ddns.net:333

Mutex

13b150f8ef23499092

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

scamanje.stresserit.pro

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

njrat

Version

0.7NC

Botnet

NYAN CAT

patria.duckdns.org:1998

Mutex

85f10a8a09aa4

Attributes

reg_key
85f10a8a09aa4
splitter
@!#&^%$

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

mirai

Botnet

MIRAI

Extracted

Family

mirai

Botnet

UNSTABLE

unratio.funpass.services

scamanje.stresserit.pro

Extracted

Family

mirai

Botnet

UNSTABLE

unratio.funpass.services

scamanje.stresserit.pro

Extracted

Family

mirai

Botnet

WICKED

Extracted

Family

nanocore

Version

1.2.2.0

0.tcp.ngrok.io:18237

127.0.0.1:18237

Mutex

25d94285-e644-4394-8a59-361d828035f4

Attributes

activate_away_mode
true
backup_connection_host
127.0.0.1
backup_dns_server
8.8.4.4
buffer_size
65535
build_time
2023-11-29T08:14:25.249811736Z
bypass_user_account_control
true
bypass_user_account_control_data
clear_access_control
true
clear_zone_identifier
false
connect_delay
3988
connection_port
18237
default_group
Default
enable_debug_mode
true
gc_threshold
1.048576e+07
keep_alive_timeout
30000
keyboard_logging
false
lan_timeout
2500
max_packet_size
1.048576e+07
mutex
25d94285-e644-4394-8a59-361d828035f4
mutex_timeout
5000
prevent_system_sleep
false
primary_connection_host
0.tcp.ngrok.io
primary_dns_server
8.8.8.8
request_elevation
true
restart_delay
5000
run_delay
0
run_on_startup
false
set_critical_process
true
timeout_interval
5000
use_custom_dns_server
false
version
1.2.2.0
wan_timeout
8000

Extracted

Family

amadey

Version

4.18

http://147.45.47.35

Attributes

install_dir
0a25b59f74
install_file
Dctooux.exe
strings_key
57658e7aa84093060e0ebefa5ad4aa45
url_paths
/bDjkb2xSd/index.php

rc4.plain

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

njrat

Version

0.7d

Botnet

Hacked

amma.myftp.biz:1177

Mutex

5067798511594293a736c9b0b92fa333

Attributes

reg_key
5067798511594293a736c9b0b92fa333
splitter
|'|'|

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

mirai

Botnet

SORA

Extracted

Family

amadey

Version

4.18

http://147.45.47.35

Attributes

strings_key
57658e7aa84093060e0ebefa5ad4aa45
url_paths
/bDjkb2xSd/index.php

rc4.plain

Extracted

Family

njrat

Version

im523

Botnet

Лошок

5.tcp.eu.ngrok.io:13326

Mutex

1c7d94c93e29463dd3914e19ee6714b6

Attributes

reg_key
1c7d94c93e29463dd3914e19ee6714b6
splitter
|'|'|

Extracted

Family

mirai

Botnet

LZRD

Extracted

Family

mirai

Botnet

BOTNET

scan.rebirthltd.dev

194.169.175.31

Signatures

Agenttesla family
agenttesla
Amadey family
amadey

DCRat payload 2 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
static1/unpack001/7de8bedc1d2107a51363439e1f9c58e0631256b3bb6141545e953d25570e4511.exe	dcrat
static1/unpack001/924d37ab763e5093673e647251deab171e2d03926ba159593e6352373c29de00.exe	dcrat

Dcrat family
dcrat

Detect ZGRat V1 2 IoCs

resource	yara_rule
static1/unpack001/25ab561d014bdd7b50d5fa913d111bcb4dd3e41d22a5850764a7659aece4d33f.exe	family_zgrat_v1
static1/unpack001/9bf4636e2be3154a2c956982b1e547b7206b73bce86a42ce6573404c1773ce40.exe	family_zgrat_v1

Detected Gafgyt variant 30 IoCs

resource	yara_rule
static1/unpack001/0cc3fa35c0667389b3d40f296bbb73d627081dcf6663610d2cc9265d9ad1ad0b.elf	family_gafgyt
static1/unpack001/2212c7a616eec9c8b885e648011b7ecf15052d42ef2f7362203f2dfa9df7da25.elf	family_gafgyt
static1/unpack001/272cf1862c16c9b067ef5da9b099868e72592445cedb1f7dc286ff3359c9e324.elf	family_gafgyt
static1/unpack001/36e1aeaae5d1bffc4668bb646707d1fd9d4755cff6f32546c1abe310cf7293ac.elf	family_gafgyt
static1/unpack001/37417a9fe7c534e24386cc20c54ef3c998a0bec3577b1865c17387c5b64c92e2.elf	family_gafgyt
static1/unpack001/42b076c5ee3c60d65ef357ed908f9ee22ff38e826daa782071e8509780f4fc14.elf	family_gafgyt
static1/unpack001/45b18df80235f8ea55ec98b9b4bdd90cffaa1100b0edce53fc5d459503c84103.elf	family_gafgyt
static1/unpack001/489d7dbcfb918e3246f10029be18b5f2030b726ce4068909da4325c8dec20340.elf	family_gafgyt
static1/unpack001/539f3569eaf4a4a21eb6f9ee3b871334ec8a2628ec3b95bdfc3987adaf440037.elf	family_gafgyt
static1/unpack001/5942ecac81d81dc1ff1dd3cf1572669a02d2873117918e6a09b1573dd48e8d48.elf	family_gafgyt
static1/unpack001/6cfa5e1884dc7377cc8e3037592aba2ce7623a24838e8b58720695965ebc5231.elf	family_gafgyt
static1/unpack001/7e2165bfa732e207a3b268f091f7c1f9b545c7e4d88e621638ba3ade2f2ead83.elf	family_gafgyt
static1/unpack001/85da573dc8db0b1fc419d2a657dc0c5c3f1043b9f326b8392ee24f017d911f3d.elf	family_gafgyt
static1/unpack001/8898413844f25bf36791cdd187400681583f68496c3110df1ffb760e8fd5220d.elf	family_gafgyt
static1/unpack001/8ad2a922e44bb31dd225fb71a49fc9dfe9a9243a562a2ad9a2438f1730be3035.elf	family_gafgyt
static1/unpack001/8dcf670df8f445e76567c9c4f0c42533bd2b803a272b30bbd1f990d76669f25a.elf	family_gafgyt
static1/unpack001/8dda66a34a941d1bb2c9ab9ab12cab7e891d8b8c6a340697f634960738eb682c.elf	family_gafgyt
static1/unpack001/921563ee385a90abbeee3359d823750bea3f208c6f2a9fcaf83afaf59329eee1.elf	family_gafgyt
static1/unpack001/9cf2f0dd81ebd23d87f5ab55cf9980f1edd3b605c61032460085668685bfdb18.elf	family_gafgyt
static1/unpack001/a43e9ac03c240047c8a01173a8f0f50bbc27994eca0e38e2681145f814055db3.elf	family_gafgyt
static1/unpack001/a6360cf07cce2f6d339ac7db526fdbd78c3c4f50bdeacd080aac981f502dbd17.elf	family_gafgyt
static1/unpack001/a647913c3915c9a849bee272e91b5dbde205999505b5314661c2641a5e7c51a9.elf	family_gafgyt
static1/unpack001/a73d853722187c24804ed6c63419904345573d844c10758dd7bb5048e6651835.elf	family_gafgyt
static1/unpack001/aa1169180af01000df2cdecdd024ef7d5e012c36d38efcdde52f8f02026352da.elf	family_gafgyt
static1/unpack001/ad1bf6351e725b287a487eeeb93215733496f3850e4fe87ad3c2896c65576cb4.elf	family_gafgyt
static1/unpack001/c8cbfff1ed87fed6640c19321e3a2830b15b5128c9f36b8f4eb7462564571f31.elf	family_gafgyt
static1/unpack001/d2a5ee5a8ed5150ea84c6375e0715554dd62c3d8311cb8adec500643815584cf.elf	family_gafgyt
static1/unpack001/dc798cedc27aaa2f8749b5daddeace77fe21489f5a3372dc08488a7e2c76dcaf.elf	family_gafgyt
static1/unpack001/e226857f5c5f9a274825a537fe84a8d636b5d920368f20206089a99b56d7de7f.elf	family_gafgyt
static1/unpack001/f5adbe090b5da815ac42c166f4db33c1198725d793050541fc8897eca49c7df9.elf	family_gafgyt

Gafgyt family
gafgyt
Mirai family
mirai
Nanocore family
nanocore
Njrat family
njrat
Revengerat family
revengerat

SLocker payload 1 IoCs

resource	yara_rule
static1/unpack001/b5ab87692109c072cc277246e957ab32cfce6973f9f06c609ba51b53114cce51.apk	family_slocker_1

Slocker family
slocker
Zgrat family
zgrat

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
static1/unpack001/2bfe10b56aab056697477d8c4d3311a01cea0f071dd0e891bacf10b8fee84bc1.xlsx	office_macro_on_action

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/275c050d461f4215f18321e15eaed51b0443ab0605de50996d11a5c048ed96e1.xlsx

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/078981526fd0969e928c1b785c9e1da97ff159248dabf04132ea8fab9347acf6.exe	themida
static1/unpack001/e046c5e3f0ead64c214eaa411189b0001bdc5431f3a942d0e6fff1ba87fadb9f.exe	themida

UPX packed file 31 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/0386b038402a99ab607a9b0ceb469d25f563f34b3d5c1548751c6b9c7843e653.elf	upx
static1/unpack001/0f20ea70b1f2475ccf08bbe2646847f7693c259f10f32d158e018a97e38dadfa.elf	upx
static1/unpack001/19306dccfc2c25d953a83cc279cfc641d87818c6eca93d23c3aa507bdd400870.elf	upx
static1/unpack001/22cbfcd2ffb7a7c5901d89d03aa47ebdfd0238e9651f5d81cf81ab844f7c5d62.elf	upx
static1/unpack001/23576768ebb962854a01728f5de0dd55de0b681f40dfc15d40fe651e7f1d6cae.elf	upx
static1/unpack001/26cdb48348c94a289cdf8a1004575ba52da191672edb82624dd333413bb13150.elf	upx
static1/unpack001/3ab8ff44da4ed2af8c938e7a1340f190c0aef20d857933ce766ba91b6ddf527f.elf	upx
static1/unpack001/432825784a9d7b30a14ee513b59fb849b5c73166b0fd6ff46276c40584cab2dd.elf	upx
static1/unpack001/4419d55c1a6cb9ac9be272c04af5b8c21e2ae3a97b183d43dc6d9cf8f5e44b5a.elf	upx
static1/unpack001/48bc82d0984afc57dce0c4cc9444769cf9cae618130778ab9d588849410c5b59.elf	upx
static1/unpack001/4fe4fa8dab6190661ce264db75129553886d56a863312b79e50b227f16099d19.elf	upx
static1/unpack001/58ad53154bab1862392708b89b01c7851d11093d7a7d69cc2a6256fe6546448b.elf	upx
static1/unpack001/5ffc61aad552fb2349ac6567202a5100f0f5f1404108e285dba218d97764ae3a.elf	upx
static1/unpack001/65ff2a35d7542764e4e83ef824346341f95a2c22b6135d3d48899d1efbf87d38.elf	upx
static1/unpack001/72458cae5c7d963dbe4b470e00917f4c66fc2082672a945ed7c96353d17a57f9.elf	upx
static1/unpack001/76c142ca9d7c521e8df9a0cecd738b4657e107664a16174ec13f12ca275ee240.elf	upx
static1/unpack001/7c3f720c02708542fa45f50521b169f59053ff6a4a202c947b71037826bdfc31.elf	upx
static1/unpack001/8267f3195cca8c7854ec0c4a460f41bb345a89f299a4702358beffda6cec358a.elf	upx
static1/unpack001/8fd2101e6ed38b5546ed69a0acfe7ecda6f819e421f32939c5a7b56c74b92e2d.elf	upx
static1/unpack001/9a3e5baf097ea6a7c888004c347dbbb8192a5c904545711080fa392c6d9bc737.elf	upx
static1/unpack001/b6cd1f6205a17905609ce2e082a3d4552af2023c434d3f05df371adb2c5987e4.elf	upx
static1/unpack001/b8abb9661b5320f40059055bcc8f5d22259ea3ec4f8b4d0eb91523418489bcf3.elf	upx
static1/unpack001/b9b4673ff9380064701fa96554ee5d36f701e036b8f76c5585f6767854889105.elf	upx
static1/unpack001/babcc9014b04c955a174b143bd9165f0e2c6cd77e26f5ab082986fc0313b2312.elf	upx
static1/unpack001/c755138ad63de80e55ad0c99049151cb918ed6d2346335b5ee39beb0326388e8.elf	upx
static1/unpack001/cc3501048481f0cb1b33fe20a7ac827fb42d6f4365c04d83463f2e1eddd04e18.elf	upx
static1/unpack001/cfc3263e2f161d833b591666dee425b2e8b62d708c39b362b500512441119ca9.elf	upx
static1/unpack001/d4e050a3ded1ec2d38cba954b4868dc6cc7352241b3fefc56b1324c1094aaea5.elf	upx
static1/unpack001/e4dafea0263823affefe445b40ea002c5f63b785cb3b18270b045b86b22ba682.elf	upx
static1/unpack001/e500b83db91a16021dc5f38a5cfacd4262a43c34bba5fa7211409e0ace06c85a.exe	upx
static1/unpack001/f0bdd1cbfdf5abdf1752a6002a66122e3f5cf70349ea263f2b41b2c73bf20dee.elf	upx

Requests dangerous framework permissions 1 IoCs

description	ioc
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW

AutoIT Executable 14 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/039cf1e827f8a2bcf066d1b64e92b333a5973fe9ada6c0f6a6bef4020925355b.exe	autoit_exe
static1/unpack003/FACTURA-098670000.exe	autoit_exe
static1/unpack001/2207af79bef87871aac8ac795c010aeb4d0a21e3b34ff233bf63c4e4b5c2c5b2.exe	autoit_exe
static1/unpack001/2d591c9eb9c192c99f9e76d14bc9e8632c18aaa863808e0d1d39a8950283c6e8.exe	autoit_exe
static1/unpack001/3df3b7abf812cc4840623c526ac35442a5ceb2617cbc508719ad181e111cfeff.exe	autoit_exe
static1/unpack001/449ecf2471ec8a48d115b252928053edc56f2bbf622a88db78274bdf3cc574ac.exe	autoit_exe
static1/unpack001/57e9cd4097b50b6c174ec06bd21cd8f9f0583f92dd8ec3da4e3c93a9c820bd2a.exe	autoit_exe
static1/unpack001/6674febb46a74c6d0f20b2b92ff5d89f334b02b9ee9cd8011cf388e993b566b6.exe	autoit_exe
static1/unpack001/9f708fc26f51a62c4255027c9e07cdc9c885c0453da450735795153ae33f0366.exe	autoit_exe
static1/unpack001/b425d419b3c6bafe0bf7d6fbd92832942f1f77eed32625715a551550b5d02dda.exe	autoit_exe
static1/unpack001/d3e3dc900b4bfbec43e635f49fd55913e11e748f677b4e4035fdf774a1ed6fb6.exe	autoit_exe
static1/unpack001/d49072a6852ca5136c43e6ff5ad83ae81ee47ca295698f2827187451c7241ee1.exe	autoit_exe
static1/unpack001/e5b92c64269cc60d8db665c2a71cf0b7c917bb0585d833324f6e8c3a1d22025a.exe	autoit_exe
static1/unpack001/ef8648a4e11f17606230b349943910c02f3a26faab05f00f779c6802f03eca97.exe	autoit_exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/c53c627eddfb4635d0437c6fffa45d006077828b3d6f5bac0278210993a2bd42.exe	pyinstaller

Unsigned PE 150 IoCs

Checks for missing Authenticode signature.

resource
unpack001/02a690404a3d82ed7aef87f8518cac02809384d6b0550a36fc837c8552255d3d.exe
unpack001/02e3a95647684ad0501b2e25d0ff6afe117e8ae38c892f3416f174baafb8445d.exe
unpack001/039cf1e827f8a2bcf066d1b64e92b333a5973fe9ada6c0f6a6bef4020925355b.exe
unpack001/078981526fd0969e928c1b785c9e1da97ff159248dabf04132ea8fab9347acf6.exe
unpack001/07e5ccafd9ac5416dce0c5c04eba91ba647cb00fdac7fb67b11b1d42729beeab.exe
unpack001/0932f5d800ebb0e22e6323f1e64bdf3b6125b2e9b205d9f333f1857da72d7516.exe
unpack001/096a3baa4ba3d03b673524a281f63fa16e15a7880e5174a8679db9193eb48a75.exe
unpack001/0993d4c07d308fe8dffae59c2bcea46471d87eb128e0212a295941bd7703733e.exe
unpack001/0a0070a22c28587c932cde74814087abf7089964f35f51c350da68cc3ab9684c.exe
unpack001/0d9afb99c21cfef2b0930b5229e5f2f2051e5663d1be074a1be9d0099945bfef.exe
unpack001/101da1fc6c2b5289bca646cabead73af514b63c341e7572a071b26cd649e42e1.exe
unpack001/12b07fe74110ebf9b5547f87732613d5f9f5d5dd6a8cc62bd014e26e92e913c5.exe
unpack002/Purchase Order #7654.exe
unpack003/FACTURA-098670000.exe
unpack001/189b5f3cb70793fea771d2e0b5db4dc2fd2695f1c7510e35437e3a2f634e9536.exe
unpack001/1936d057c09f17db16fe499af609d5935d0b17e62f4199999543f0459cb43b05.exe
unpack001/1b2879fe198c51148dbe3d08946df84117f6663c2c4b0322784604442c286d39.exe
unpack001/1b61bb7a551bc826162e9811cd78cc27d21292de8e9516bac165090d465d2e10.exe
unpack001/1d4dcaf2b07cab6f785c4607040b90d2e87a2d94c3368dd57f89c97a6d77bbe3.dll
unpack001/1f2f38766e7ed058845430f9a50b1e5a924632a248570b5d34be000633ed7165.exe
unpack001/2132f7ef747d47bb65a9525dccacf04e967102d6de055179f80d8cbf62a65b76.exe
unpack001/21b76072ea2bf0e71af90604ee83f2627a53cdbd100300eeffb6d9580c98f795.exe
unpack001/2207af79bef87871aac8ac795c010aeb4d0a21e3b34ff233bf63c4e4b5c2c5b2.exe
unpack001/23b02a697196412dc72b191d239a55d791a819e8aea8a1ed636f2a8182c834d1.exe
unpack001/2515eaa2524af3e606406d5e0b7d20565d6c1a2a06903a4ff0d0fceaba7414b8.exe
unpack001/256d53d0669bbe5e81ae5dbf52e1edfa07126f22c1b3455e6d1189c663b33064.dll
unpack001/25ab561d014bdd7b50d5fa913d111bcb4dd3e41d22a5850764a7659aece4d33f.exe
unpack001/2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe
unpack001/2900e0153c26e219faef9110b4e8460c13958665f4e76a9534ad0ea8a0b4f8c5.exe
unpack001/2950ce9dbfde412f661b84dd8764fa9994c2a8edd92fea05a7f2c364420b151c.exe
unpack001/2b1056d4345ad77e4307f89a6e9181b96f20d7b82d4fec18dbc9be1e0636b0b7.dll
unpack001/2d591c9eb9c192c99f9e76d14bc9e8632c18aaa863808e0d1d39a8950283c6e8.exe
unpack001/30d2c8eb828cdcc0768a51196c11ac26ec0d5d4408db7b9a1e53d3668d83cf31.exe
unpack001/326068aa434690c190e1784ac4eef5198e550e41b7189738879ed042ed97e732.exe
unpack001/340f4a7db0024413428f3663d06af5d5b430a2dadc8931a8b6c75b650e951f69.exe
unpack001/344bb8ae2d9afbf9f666a844f6e9a7606eaa226a0383b84cf173f0f3725fabff.exe
unpack001/37ab61ae86c08d6a684fff573cbd927b144dfac5006d660cc3cb58676fb15c2c.exe
unpack001/3c1141fdf73eba7509dcb6ddf63c9622b16496803274e47700d4d4915a2725e2.exe
unpack001/3df3b7abf812cc4840623c526ac35442a5ceb2617cbc508719ad181e111cfeff.exe
unpack001/41612cf82710561b8aaaa63eccb4749f1e462270fe4525f97f19bee196764774.exe
unpack001/4320ef536d6736f88ed5018198c723c9c6d046d6c00ca97fe9b4fbb6482114ac.exe
unpack001/4416b9214d72b07c657a7916e033c4e5487e6049eb263c7a813ae673026a6fea.exe
unpack001/449ecf2471ec8a48d115b252928053edc56f2bbf622a88db78274bdf3cc574ac.exe
unpack001/478bdcdd85ddc7287b5dde32391881591cc77db75412ef5340f5bd3531738245.exe
unpack006/CV Mariana Alvarez.exe
unpack007/Quotation R2100131410.exe
unpack008/EJ9wbX3RFyX19aq.exe
unpack001/4b7ba4a99e9ce1f3363fb89f18c3b0ec0af1fe4466ae14f8466e2a7cf23eb825.exe
unpack001/4edc1f0904f3ea0305ff2ca311db86ed8abb8b05aadef0599e0015fff0620403.exe
unpack001/4ff2b35479cd45520aa714643c2dcb649e7d73caf9a6ab1c83d73ec439b6121b.exe
unpack009/$PLUGINSDIR/System.dll
unpack001/57e9cd4097b50b6c174ec06bd21cd8f9f0583f92dd8ec3da4e3c93a9c820bd2a.exe
unpack001/595c20f94db2ba132681d1b669ddd21a561f50a5afd4df0925fe8fd2d988f3c6.exe
unpack001/5d94973c1721adf02c34669a00c29e5aae5010a71f79ca8ae16994edccec2830.exe
unpack001/5e8119622389d8ee840a2e9429a31d5fad907bd25c2fff9e81f969a6111af092.exe
unpack001/5f170a259ed79735753b3795bf9fa7c4fc1d0924e907161d90f89e097ec54fc3.exe
unpack001/6048838a96507ca26c12c642663939ccceba50c27fda8af018b6a05ffedf7c24.exe
unpack001/616022de766bd55945033159a2ef9220e9987a03fb88c89e57d9784629b965bd.exe
unpack001/63df257d05c5ae9f6e76314a3a44c2fb7bf1a1ef78ffa687fc0bf35f331639e4.exe
unpack001/6674febb46a74c6d0f20b2b92ff5d89f334b02b9ee9cd8011cf388e993b566b6.exe
unpack001/6a0b8f403b660202a6d599aa998802af71064fa3cdbbc2377b75885149cf1773.exe
unpack001/6a8e67efe93ced793d9a285c68a6c62208d185f72eb39a110defe97138b917a8.exe
unpack001/6b7c969bbcd1395769e6c8a03148cad3c2290bffcd4991a7383d397cb7c105c5.exe
unpack001/70dcd8ca36ef88c90b42a117ee5313ee0256bcb9b67ae7e6aca428e5927a8982.exe
unpack001/7307275801a4b5c3c6c5039b9417479952cd36dcc365a74fdcb72cad35d0a423.exe
unpack001/73e175be77f4507c8f8dc13d0ab2a15b86e35ff9717a750f71a9dac8d31c3f32.exe
unpack001/742eebfa844751ac27dd63859b04cc6d7aa4baf2ef798ef257ac07ac8b167b43.exe
unpack001/75f22523ab64e7eaca89fd03bdc6d32c1594d82d2f6f6a65834cb00cde74885c.exe
unpack001/79f16c7e9e15bdae4963e258d3c2fd5c797fea4350d81e26f64cd19686832f5c.exe
unpack001/7b78d121a7fff35d2efdbabeac9ace888d0c6e917b27a258058cd4b075ebcb71.exe
unpack001/7de8bedc1d2107a51363439e1f9c58e0631256b3bb6141545e953d25570e4511.exe
unpack001/7eda96196aba8ede36cfb15ac508debe75927d0b2997ef9c494d0223fb478dd3.exe
unpack001/7f6c6e054579e9cb04200a5179117b8e17dbdddb0c280e85f7fe9d77a5a90079.exe
unpack001/80c40f9a2f2bbf92496d9b8d50158885f8cfe845c54680851892287491370d58.exe
unpack001/832506397be8817683e8dcac4604eaee19f0add472b9332cb667067562487896.exe
unpack001/8348a12f9db7da150a1920718df15448bc7fe34dbe4bc8b788f3d269f940fa3c.exe
unpack001/8418a0391b5cca38e10e71d95d1a02e5e06849d3c5299c3ceb8ac012b2ad7a0f.exe
unpack001/88a2bc6a71b781818a170e74b81b01e99a6d018d1b095652557fb1afcd1e0d9d.exe
unpack001/8940574ca19d087350f6914af877bb4dcdaa32268ac4b35e9de2dc80590d7087.exe
unpack001/8a93fc1f94b6919a6776d6d0151d04a352d30a8743d58ff9090d3def3c2aa571.exe
unpack001/8e59e63c053985a8553a063e09afad261e9cd0f4a40fafd333ea0b705c483573.exe
unpack001/9033b9abad982d94ad4172788694b6d365c7917cd3a9d5532a7507dc48b2df2a.exe
unpack001/91b03fbfec8d0fb1c1e6bb9ceb9893f26807c160809bcb8d71f2217960399e30.exe
unpack001/91ff4b06f7998bb1adb5e183e8b3440a5f7fa743190f31f58ddf3fada68e51e4.exe
unpack001/924d37ab763e5093673e647251deab171e2d03926ba159593e6352373c29de00.exe
unpack001/9911129661bce9c536c1232b12b2aa19501d9dfae099c146d25308c7bb6839ac.exe
unpack001/9a6f5a1bda6fe4c8c596e025cd42e04911e01be388b3bda780279f92c0ef4f23.exe
unpack001/9bf4636e2be3154a2c956982b1e547b7206b73bce86a42ce6573404c1773ce40.exe
unpack001/9c051c1f0938d57caab88ddf7c68456838889f84907436aa6dbf50b1e35ea6ab.exe
unpack001/9c20710607760934fbc59a5b6e60ff8ba2441b6f5ab2de182bca1e18209e9150.exe
unpack001/9d521333a79d744ede01a133eded8bf562e739bc93af8695acf2342d96f80d99.dll
unpack001/9e31a71a7c453bfce6b1ddf343b056cfbfc89ae83c5c5529d90949161ab1e9fa.exe
unpack001/9ed76d0cdb1f2b686adb7739764e2bdde84c7497b753cdd92ebefd5efea9b378.exe
unpack001/9f121f9e36a53eb08ff86c94cf9678245d0c1d56670118d44351bea52e74aec7.exe
unpack001/9f708fc26f51a62c4255027c9e07cdc9c885c0453da450735795153ae33f0366.exe
unpack001/a03e517dd3772d7f304c77676c7cb50e5dbf146d67a4812eb2bf7ec9a9641520.exe
unpack001/a0c35404de8e296472b68d8d640c1b172055cd7837909907ac45c4ed05c88a43.exe
unpack001/a25788e0fb0fd993fa396565fc7c8013dd70651443df2f7dc77c56ad6f07bdc8.exe
unpack001/a3259c28c735b4fc77af61b4d5e2331bfb2ca8e6fc9be6fea650f01c5ac54eb8.exe
unpack001/a510274771924b5532277575790faef750bbbb8cccd6cd773bdb7b1572150647.dll
unpack001/a79fbf1f6682f02689ef3400ff89f2c960b595b7498af36fb1a418fa0e7e0549.exe
unpack001/a7d7918287e20b0dba642c291b6e7efc6e73222cf5ed02254926b898c9107d5f.exe
unpack001/aa11e9d5b84487e28b0e003406b3a8d3d595ed9a9f1234a567548fa57aa06ce1.exe
unpack001/ace9e8a629f6ba8882afc43198dc9f7e6bf3b723140c2ed28ad36cf2f5786c93.dll
unpack001/b16c9c6b0d2c5e04fd3d3bcfb9f9a8712502b99a1fea9edf9a2ff1dd1cc8ed41.exe
unpack001/b25e0f52dc61ee0a114de10fd27d6783c6910b8f34616f9ea9ef04fd6649bb3c.exe
unpack001/b38cd79476d02cd0203566b46589befe82d8f88b85a4aaf361007aaf5aeffef6.exe
unpack001/b425d419b3c6bafe0bf7d6fbd92832942f1f77eed32625715a551550b5d02dda.exe
unpack001/b475bbe8df1e693355babceffa61f6411f8eacc029fa3b0df1e53dba350d2e62.exe
unpack001/b4c0af25d74cc62a4cdeeac0a7b19c6f2944fb9596e46908410b90bf540fa1a6.exe
unpack001/b50becdb79b109e85caa4f588343fdd7e96152f4e23f40ad213a0336118bc87b.exe
unpack001/b82adeb64feb86d3db0d37c4349b349b41ddf16b865ed980a115a9a2952f5b7f.exe
unpack001/b919be4df2b321304c804b9af68e6c5da6c03a821381c30cfc2d9d0fb042e0d1.exe
unpack001/bc5eea66e42ed9ccc98b9692c4b5e5c198b1bed42052f696c2161789a4fdba25.exe
unpack001/c3540a76dd237e9df12b0aef03a65b95dbcc67ed59e4720cb2c9ae065c2564ae.exe
unpack001/c36d9a5680ece3f4ceb44ed997961422d13e6b7eba7ea1d678a0efc561934194.exe
unpack001/c53c627eddfb4635d0437c6fffa45d006077828b3d6f5bac0278210993a2bd42.exe
unpack001/c5fc537060561b1860ac757f31b3dc86f22efab2c5186569f997ecd83fedf697.exe
unpack001/c6b066e441a2740f87cfa1e2a8da69a5dc7814411088d3f69c4d9fe9d2bf2ce4.exe
unpack001/c70f9b94806694a6376ff44967ea1fcadb966d436e49cc04c32aa9b828360acd.exe
unpack001/c846901a49c2366de9e754a6ca741a8dcaf5ce6a927dc2b32fff40ae321b06ff.exe
unpack001/c8ff44d83e4e95fe4b651a3b2c12aea8e3082688615fdf865f0a01de484910d0.exe
unpack001/cc7d30067401f6969ead8a72184ba73a47be7faf7be5464464315ec9cecd5932.exe
unpack001/cef570542198bfab9319da2c3068da34484f72d77e5437f3f0592d26b26aaf69.exe
unpack001/cfc804c7fea469061d40fa067369c0f422ef9ddc4444880ab6e532a815755f67.exe
unpack001/d3e3dc900b4bfbec43e635f49fd55913e11e748f677b4e4035fdf774a1ed6fb6.exe
unpack001/d49072a6852ca5136c43e6ff5ad83ae81ee47ca295698f2827187451c7241ee1.exe
unpack001/d607b4eddf572f2fec9793349518180df59d795f58fce6223e8183ebf45b7e6c.exe
unpack001/d874c5f6b10e26cfd96af59be1a40b173d0614770703a36fb84dd855900fd78c.exe
unpack001/d9e11bf6dbbb2e9e75574f370b57e32efd4be3b1ba193b934933515aed9b933e.exe
unpack001/d9e9ad2e1129ea6aa884668a13f6e3b73b7cedaa7fec69a38c4e683bea546879.exe
unpack001/dae4facd24ebff0352f1c58ed73a8f060cb86b5c9895bce9e78a273f7ac627a5.exe
unpack001/dc35bb3e599d118d48f019a8abf13ad6ad56920ec366406a841b2aac785324df.exe
unpack001/dfef81de68b9aaf054df713c596c3902f3f92156d7cf041f903188b32a35e4a9.exe
unpack001/e0324f9407031cdea025049097bf0d30a80f02eeb6e04a5d1d4a21eb8d703bc3.exe
unpack001/e268df66fb92ff6e5b2719279c5bee5383d56a4b97add2c7dc0ede45d2aec175.exe
unpack001/e500b83db91a16021dc5f38a5cfacd4262a43c34bba5fa7211409e0ace06c85a.exe
unpack001/e586bf17566b9188b9274097ddf059cf20569b87754f38e460c2fd884ae88a15.exe
unpack001/e5b92c64269cc60d8db665c2a71cf0b7c917bb0585d833324f6e8c3a1d22025a.exe
unpack001/e6152cc4702000546accc8d72aed7cb2a17381fbfed6b2dae32a336e15440549.exe
unpack001/e7757fdf8b8e6b584cab959c54383e10065ba2aceb5dd653dd0566d4cbce1ec8.exe
unpack001/e8ba4a43b8c03e1ea3ab83bed7c1c415cd17a289293a1e0e351da3ba85683eab.exe
unpack001/ec291f72135b5826eae935f229e4c1bc2bc14d3671c9001452be407fc130ca3b.exe
unpack001/ec36ebae6ef6f254f20c4a444c17db05be30a0acbbaf33f5f568608a38452d7c.exe
unpack001/ef8648a4e11f17606230b349943910c02f3a26faab05f00f779c6802f03eca97.exe
unpack001/f297ff70bf504f4de6493af8ee41f6db917d6c849436c88caaaeda0bc779d599.exe
unpack001/f571ec60e80f59ca67e085d6578306da2af3de4e3c9b48714dc20ade153fed35.exe
unpack001/f953f4ede7a4cf9640cef3c513c62e9c592dfff4a9e4fd2549d3507a7def18b8.exe
unpack001/fa72ce2ca8b2c02af5ed2b6c6b7d5ebef09db6853681dd0681e42886fde0a8a5.exe
unpack001/fab70e91670f8a5c0d6740f05592ea1fd44776d3fce3be0a200c9ce81f1eb3d5.exe

Files

5dcfac410a8ac5371ec25cbf19002209f1d52c7429ea992e2efd965ff55d4fa9
.zip

Password: infected
00decd06732fecef7a4c6db953d90a9fc76b9ad9ed2b8e183a07a365c45254c0.vbs
.vbs
016005310b52d074fae59ca6682bd047ffe909f2849122ea0181c26ad2da41cb.elf
.elf linux x86
0282cdf346cafd7c63e35926443f388a18de964f07a3db45a88270e8d09f697d.elf
.elf linux ppc
02a690404a3d82ed7aef87f8518cac02809384d6b0550a36fc837c8552255d3d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
02e3a95647684ad0501b2e25d0ff6afe117e8ae38c892f3416f174baafb8445d.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

yRaz.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0386b038402a99ab607a9b0ceb469d25f563f34b3d5c1548751c6b9c7843e653.elf
.elf linux arm
039cf1e827f8a2bcf066d1b64e92b333a5973fe9ada6c0f6a6bef4020925355b.exe
.exe windows:5 windows x86 arch:x86

04b4eec1b14791bf23f31173f27a5df0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

__WSAFDIsSet
setsockopt
ntohs
recvfrom
sendto
htons
select
listen
WSAStartup
bind
closesocket
connect
socket
send
WSACleanup
ioctlsocket
accept
WSAGetLastError
inet_addr
gethostbyname
gethostname
recv

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx
ImageList_Destroy

mpr

WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W
WNetUseConnectionW

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable

psapi

EnumProcesses
GetModuleBaseNameW
GetProcessMemoryInfo
EnumProcessModules

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile
LoadUserProfileW

kernel32

HeapAlloc
Sleep
GetCurrentThreadId
RaiseException
MulDiv
GetVersionExW
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
lstrcpyW
MultiByteToWideChar
lstrlenW
lstrcmpiW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
DeleteFileW
FindNextFileW
MoveFileW
CopyFileW
CreateDirectoryW
RemoveDirectoryW
GetProcessHeap
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetLocalTime
CompareStringW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
GetTempPathW
GetTempFileNameW
VirtualFree
FormatMessageW
GetExitCodeProcess
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
DeviceIoControl
SetFileAttributesW
GetShortPathNameW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetCurrentThread
GetProcessIoCounters
CreateProcessW
SetPriorityClass
LoadLibraryW
VirtualAlloc
LoadLibraryExW
HeapFree
WaitForSingleObject
CreateThread
DuplicateHandle
GetLastError
CloseHandle
GetCurrentProcess
GetProcAddress
LoadLibraryA
FreeLibrary
GetModuleFileNameW
GetFullPathNameW
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
ExitProcess
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetTimeFormatW
GetDateFormatW
GetCommandLineW
GetStartupInfoW
IsProcessorFeaturePresent
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeW
HeapCreate
SetHandleCount
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringW
RtlUnwind
SetFilePointer
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
HeapReAlloc
WriteConsoleW
SetEndOfFile
SetSystemPowerState
SetEnvironmentVariableA

user32

GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
ReleaseCapture
SetCapture
WindowFromPoint
LoadImageW
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
SetWindowPos
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
TranslateMessage
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
MessageBoxW
DefWindowProcW
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
GetMenuItemID
DispatchMessageW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
PeekMessageW
UnregisterHotKey
CharLowerBuffW
keybd_event
MonitorFromRect
GetWindowThreadProcessId

gdi32

DeleteObject
AngleArc
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
StrokePath
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
GetDeviceCaps
MoveToEx
DeleteDC
GetPixel
CreateDCW
Ellipse
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
LineTo

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
GetUserNameW
RegConnectRegistryW
CloseServiceHandle
UnlockServiceDatabase
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
CopySid
LogonUserW
LockServiceDatabase
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
GetAce
AddAce
SetSecurityDescriptorDacl
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
InitiateSystemShutdownExW
OpenSCManagerW
RegCloseKey

shell32

DragQueryPoint
ShellExecuteExW
SHGetFolderPathW
DragQueryFileW
SHEmptyRecycleBinW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CLSIDFromString
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
ProgIDFromCLSID
OleInitialize
CreateBindCtx
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket
OleUninitialize
IIDFromString

oleaut32

VariantChangeType
VariantCopyInd
DispCallFunc
CreateStdDispatch
CreateDispTypeInfo
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SysStringLen
SafeArrayAllocData
GetActiveObject
QueryPathOfRegTypeLi
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysAllocString
VariantCopy
VariantClear
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
OleLoadPicture
SafeArrayAccessData
VariantInit

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
04854dadf5950eb39709f2cd5ab2844f79490ac0ae58d71ca46cca479031ff5c.elf
.elf linux
077c3e19eacd87bf8ff3af56734434a989788ed52b20af77a6a2f89f5a1a986b.elf
.elf linux ppc
078981526fd0969e928c1b785c9e1da97ff159248dabf04132ea8fab9347acf6.exe
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 99KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 25KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 10KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 48KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 450KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
07e5ccafd9ac5416dce0c5c04eba91ba647cb00fdac7fb67b11b1d42729beeab.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Rolling.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0932f5d800ebb0e22e6323f1e64bdf3b6125b2e9b205d9f333f1857da72d7516.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
096a3baa4ba3d03b673524a281f63fa16e15a7880e5174a8679db9193eb48a75.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0993d4c07d308fe8dffae59c2bcea46471d87eb128e0212a295941bd7703733e.exe
.exe windows:5 windows x86 arch:x86

67249dba00354a5d46556d718ee3a4c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
InterlockedDecrement
CreateDirectoryW
GetSystemDefaultLCID
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0a0070a22c28587c932cde74814087abf7089964f35f51c350da68cc3ab9684c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0cc3fa35c0667389b3d40f296bbb73d627081dcf6663610d2cc9265d9ad1ad0b.elf
.elf linux mipsel
0d9afb99c21cfef2b0930b5229e5f2f2051e5663d1be074a1be9d0099945bfef.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
0f20ea70b1f2475ccf08bbe2646847f7693c259f10f32d158e018a97e38dadfa.elf
.elf linux arm
0f3a3868cb23418ff4703310dbf00676a401e39fde9b8e3b4ecfa0347fa352d5.doc
.rtf .doc
0fe29888e7b2862c3571b9e1e70b930d973f8efc516b972bea7811dcc98ec909.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ca:bf:db:4a:4e:0c:bb:dd:fe:e9:79:98:22:ba:09:df:d2:c8:f2:9d:55:f3:6a:d3:71:61:3a:dc:0a:fd:d9:56
Signer

Actual PE Digest

ca:bf:db:4a:4e:0c:bb:dd:fe:e9:79:98:22:ba:09:df:d2:c8:f2:9d:55:f3:6a:d3:71:61:3a:dc:0a:fd:d9:56

Digest Algorithm

sha256

PE Digest Matches

false

44:4e:dd:84:99:10:7b:3a:5a:5a:83:f2:72:e6:18:34:ee:f4:dd:70
Signer

Actual PE Digest

44:4e:dd:84:99:10:7b:3a:5a:5a:83:f2:72:e6:18:34:ee:f4:dd:70

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
101da1fc6c2b5289bca646cabead73af514b63c341e7572a071b26cd649e42e1.exe
.exe windows:5 windows x86 arch:x86

8f1805f3ae545b0e731cb9cff13122c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\huwedikep.pdb

Imports

kernel32

GetComputerNameA
GetFileSize
GetLocaleInfoA
GetConsoleAliasExesA
GetDriveTypeW
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
AddConsoleAliasW
CreateDirectoryExA
GetModuleHandleW
GetTickCount
GetNumberFormatA
ReadConsoleW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
SetLastError
GetProcAddress
VirtualAlloc
HeapSize
SetComputerNameA
VerLanguageNameW
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextChangeNotification
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
AreFileApisANSI
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
HeapReAlloc
SetStdHandle
RtlUnwind
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CreateFileA
CloseHandle

user32

IsWindowEnabled
CharUpperBuffW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
10cf938a815b6bcf40e572e0ccd84ffef50d2118af0b94916adb060088f3b328.elf
.elf linux arm
1261a4a5e07e9b91d0a2c242d06bc270f9089f1d7f62468eb2fd45d6a8440c38.elf
.elf linux mipsel
12b07fe74110ebf9b5547f87732613d5f9f5d5dd6a8cc62bd014e26e92e913c5.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xajodspp
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ngylwvdf
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1352c6b64baa9602c1c173054c8ab4ee21ac39484f62627f72a8f7c4f3909248.elf
.elf linux arm
157a81b4105a116ec1394173ea02e84ff59b55ce0a3c8dd2d7e681602688d181.rar
.rar
Purchase Order #7654.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\ImageViewer\obj\x86\Debug\ImageViewer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
16298a871094e2aeea87046d545381398ab3ad27a47b2f37b245dcca87da1a54.vbs
16ec0c121bf247d7f179844eeb1c673c905b754e2cae2d8c9d3a3d7460391da7.zip
.zip
FACTURA-098670000.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1814457fbd890028ff409edc2d23a11bbac93fb7318aa54523ada7e04f53ea7f.exe
.exe windows:6 windows x86 arch:x86

2f3a7c5c46373967696674b9a526bbc2

Code Sign

a0:b4:3d:09:c8:97:66:73:40:a8:c5:7e:11:a8:2b:d4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/05/2017, 00:00

Not After

30/04/2020, 23:59

Subject

CN=Omid Soroori,O=Omid Soroori,POSTALCODE=4550,STREET=Office 112\, Building 12\, Dubai Internet City,L=Dubai,ST=Dubai,C=AE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:b4:3d:09:c8:97:66:73:40:a8:c5:7e:11:a8:2b:d4
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/05/2017, 00:00

Not After

30/04/2020, 23:59

Subject

CN=Omid Soroori,O=Omid Soroori,POSTALCODE=4550,STREET=Office 112\, Building 12\, Dubai Internet City,L=Dubai,ST=Dubai,C=AE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f5:a9:c8:27:ec:74:f7:df:6c:7d:c7:34:f1:3f:f1:0e:dc:16:f4:d4:cd:87:eb:42:48:95:c2:35:f1:97:f1:28
Signer

Actual PE Digest

f5:a9:c8:27:ec:74:f7:df:6c:7d:c7:34:f1:3f:f1:0e:dc:16:f4:d4:cd:87:eb:42:48:95:c2:35:f1:97:f1:28

Digest Algorithm

sha256

PE Digest Matches

false

45:30:58:03:2e:34:e7:6e:fe:26:b8:10:93:d3:a3:63:66:2c:f6:69
Signer

Actual PE Digest

45:30:58:03:2e:34:e7:6e:fe:26:b8:10:93:d3:a3:63:66:2c:f6:69

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\7zsfxmm-cd920c2bb1fac536108acd5da87f93b5cd38e3fa\Output\Win32\7ZSfxMod.pdb

Imports

comctl32

ord17

kernel32

SetLastError
Sleep
CreateThread
GetExitCodeThread
GetLocalTime
SystemTimeToFileTime
GetEnvironmentVariableW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
CompareFileTime
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
RemoveDirectoryW
GetTempPathW
GetSystemTimeAsFileTime
lstrcmpW
lstrcmpiW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLCID
GetCommandLineW
SetEnvironmentVariableW
CreateFileW
GetDriveTypeW
WriteFile
GetTickCount
GetModuleFileNameW
GetModuleHandleW
LoadLibraryA
GetCurrentThreadId
TerminateThread
SuspendThread
ResumeThread
GetSystemDirectoryW
LoadResource
LockResource
GetProcAddress
MulDiv
FormatMessageW
lstrcpyW
FindResourceA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
SetFileTime
GetFileInformationByHandle
WaitForMultipleObjects
InitializeCriticalSection
SetEvent
ResetEvent
CreateEventW
RtlUnwind
RaiseException
EncodePointer
VirtualQuery
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
InitializeSListHead
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
SetFileAttributesW
WaitForSingleObject
GetLastError
CloseHandle
lstrlenW
LocalFree
TerminateProcess

user32

ReleaseDC
GetClientRect
MessageBeep
ClientToScreen
PtInRect
GetWindowLongW
SetWindowLongW
GetWindow
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindowDC
CallWindowProcW
DrawIconEx
SystemParametersInfoW
SetFocus
DefWindowProcW
wvsprintfW
MessageBoxA
GetKeyState
GetParent
ScreenToClient
GetDC
DrawTextW
EnableMenuItem
GetSystemMenu
GetSystemMetrics
EnableWindow
LoadIconW
KillTimer
SendMessageW
EndDialog
wsprintfW
GetDlgItem
DialogBoxIndirectParamW
SetWindowPos
ShowWindow
LoadImageW
IsWindow
CharUpperW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
SetTimer
GetWindowRect

gdi32

DeleteObject
GetDeviceCaps
SelectObject
GetObjectW
CreateFontIndirectW

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFileInfoW

ole32

CoCreateInstance
CoInitializeEx

oleaut32

SysAllocStringLen
VariantClear

api-ms-win-crt-convert-l1-1-0

_wtol

api-ms-win-crt-string-l1-1-0

wcscmp
strcpy_s
_wcsnicmp
wcsncpy
wcsncmp
strncpy

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
abort
_crt_atexit
_cexit
_beginthreadex
_set_app_type
terminate
_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_set_new_handler
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_register_onexit_function
_controlfp_s

api-ms-win-crt-heap-l1-1-0

_set_new_mode
_callnewh
free
malloc
calloc

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
189b5f3cb70793fea771d2e0b5db4dc2fd2695f1c7510e35437e3a2f634e9536.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 721KB - Virtual size: 720KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1919a1b877651e00acebeae51a55aaf26ba8828ee78bffbe420339cf204545cc.xls
.xls .pdf windows office2003 polyglot
19306dccfc2c25d953a83cc279cfc641d87818c6eca93d23c3aa507bdd400870.elf
.elf linux ppc
1936d057c09f17db16fe499af609d5935d0b17e62f4199999543f0459cb43b05.exe
.exe windows:5 windows x86 arch:x86

8f1805f3ae545b0e731cb9cff13122c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xayatami.pdb

Imports

kernel32

GetComputerNameA
GetFileSize
GetLocaleInfoA
GetConsoleAliasExesA
GetDriveTypeW
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
AddConsoleAliasW
CreateDirectoryExA
GetModuleHandleW
GetTickCount
GetNumberFormatA
ReadConsoleW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
SetLastError
GetProcAddress
VirtualAlloc
HeapSize
SetComputerNameA
VerLanguageNameW
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextChangeNotification
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
AreFileApisANSI
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
HeapReAlloc
SetStdHandle
RtlUnwind
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CreateFileA
CloseHandle

user32

IsWindowEnabled
CharUpperBuffW

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1b2879fe198c51148dbe3d08946df84117f6663c2c4b0322784604442c286d39.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1b61bb7a551bc826162e9811cd78cc27d21292de8e9516bac165090d465d2e10.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1cbb090d37ee27615888aa3b37ee34f354013bd1509872b2627105baa78ff892.elf
.elf linux arm
1d4dcaf2b07cab6f785c4607040b90d2e87a2d94c3368dd57f89c97a6d77bbe3.dll
.dll windows:5 windows x86 arch:x86

6f8e15e476c783b4975094c644e04e09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mpr

WNetEnumResourceW

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

ws2_32

WSAIoctl

shell32

Shell_NotifyIconW

user32

CopyImage

version

GetFileVersionInfoSizeW

oleaut32

SafeArrayPutElement

advapi32

RegSetValueExW

netapi32

NetWkstaGetInfo

kernel32

GetVersion
GetVersionExW

wsock32

gethostbyaddr

ole32

CreateBindCtx

gdi32

Pie

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
rwhwxwuopoyf

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oclnzfe
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.oclnzfe
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oclnzfe
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1e152a6b3ab2ee27764471136de4c5ef381197cbff8380a12a5863bfc69b95bd.zip
.zip
ADVERTENCIA_24_27049.msi
.msi
1f2f38766e7ed058845430f9a50b1e5a924632a248570b5d34be000633ed7165.exe
.exe windows:5 windows x86 arch:x86

483f0c4259a9148c34961abbda6146c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
1ff0b2c5e3eec4f1da8dc0732a8eeca3b7989ee2a77b0f8c06eb6c31d8e4e5e6.lnk
.lnk
2024b5c8dbc80df62e87915078704377872f21f10e00c1bcff633c5ea69e5299.elf
.elf linux
2132f7ef747d47bb65a9525dccacf04e967102d6de055179f80d8cbf62a65b76.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 690KB - Virtual size: 690KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
21b76072ea2bf0e71af90604ee83f2627a53cdbd100300eeffb6d9580c98f795.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2207af79bef87871aac8ac795c010aeb4d0a21e3b34ff233bf63c4e4b5c2c5b2.exe
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 480KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2212c7a616eec9c8b885e648011b7ecf15052d42ef2f7362203f2dfa9df7da25.elf
.elf linux arm
22cbfcd2ffb7a7c5901d89d03aa47ebdfd0238e9651f5d81cf81ab844f7c5d62.elf
.elf linux x86
23576768ebb962854a01728f5de0dd55de0b681f40dfc15d40fe651e7f1d6cae.elf
.elf linux arm
23b02a697196412dc72b191d239a55d791a819e8aea8a1ed636f2a8182c834d1.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DSsP.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 703KB - Virtual size: 703KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
247d21b5feaacb622fa659c7a0b90dca7d4e6a1835dc0c295326962240de7c44.elf
.elf linux x64
24e8a391dacc37b6c8fc1b3bc5af29e2dc87358c843cd8865fc40d699574c9c1.elf
.elf linux mipsbe
2515eaa2524af3e606406d5e0b7d20565d6c1a2a06903a4ff0d0fceaba7414b8.exe
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

67249dba00354a5d46556d718ee3a4c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
InterlockedDecrement
CreateDirectoryW
GetSystemDefaultLCID
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
256d53d0669bbe5e81ae5dbf52e1edfa07126f22c1b3455e6d1189c663b33064.dll
.dll windows:6 windows x86 arch:x86

61d6334c6ae4948c906d9fa7fdf019fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalLock
GlobalUnlock
WideCharToMultiByte
Sleep
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
DecodePointer

user32

EmptyClipboard
SetClipboardData
CloseClipboard
GetClipboardData
OpenClipboard

wininet

InternetOpenW
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

Exports

Exports

??4CClipperDLL@@QAEAAV0@$$QAV0@@Z
??4CClipperDLL@@QAEAAV0@ABV0@@Z
Main

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
25ab561d014bdd7b50d5fa913d111bcb4dd3e41d22a5850764a7659aece4d33f.exe
.exe windows:5 windows x86 arch:x86

12e12319f1029ec4f8fcbed7e82df162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
LocalFree
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
25bb0a644e2569c442f63bd4abe43c287168aa88672944e4489dbd8fdb04df5e.elf
.elf linux arm
25c9e1fd09b230075b72f77e5407107a6283769d6084e29c1dc47f31298b12c1.elf
.elf linux sh
2666313476c89dd173b3f45ba544de734644a5f3584b8a6c918176d0a61f698e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

datascoolhelperapp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
26cdb48348c94a289cdf8a1004575ba52da191672edb82624dd333413bb13150.elf
.elf linux arm
272cf1862c16c9b067ef5da9b099868e72592445cedb1f7dc286ff3359c9e324.elf
.elf linux sh
275c050d461f4215f18321e15eaed51b0443ab0605de50996d11a5c048ed96e1.xlsx
.xlam .xlsx office2007

ThisWorkbook

Sheet1

mAPI
2771baa606d53962497bbfe689741863aace150dbc340ad1e2799cbc1b3f6033.elf
.elf linux arm
2900e0153c26e219faef9110b4e8460c13958665f4e76a9534ad0ea8a0b4f8c5.exe
.exe windows:5 windows x86 arch:x86

eb8c844ad14da407481e1c81cd466558

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
WriteConsoleOutputCharacterA
InterlockedDecrement
GetSystemDefaultLCID
GetConsoleAliasesLengthA
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
CreateDirectoryA
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2950ce9dbfde412f661b84dd8764fa9994c2a8edd92fea05a7f2c364420b151c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2954dabf7e61f940ddf6095e1a160140d33e06da869dc9cb829461529f3a5366.elf
.elf linux sparc
295b2d6b23749ab0ab8b91ffc0934addbd598909a8bef7dcdf2909e715c6eb87.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:4a:e3:3f:f4:e6:23:e6:47:47:57:cd:16:a5:09:99
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2020, 00:00

Not After

08/09/2021, 23:59

Subject

CN=Blix Inc.,O=Blix Inc.,POSTALCODE=19711,STREET=40 E Main Street,L=Newark,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:4a:e3:3f:f4:e6:23:e6:47:47:57:cd:16:a5:09:99
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2020, 00:00

Not After

08/09/2021, 23:59

Subject

CN=Blix Inc.,O=Blix Inc.,POSTALCODE=19711,STREET=40 E Main Street,L=Newark,ST=Delaware,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:f6:0e:e2:31:b6:c9:4f:65:1b:e2:82:47:71:d8:3d:32:b0:de:9b:88:b7:3c:02:98:dc:99:e2:e5:cb:f1:04
Signer

Actual PE Digest

e2:f6:0e:e2:31:b6:c9:4f:65:1b:e2:82:47:71:d8:3d:32:b0:de:9b:88:b7:3c:02:98:dc:99:e2:e5:cb:f1:04

Digest Algorithm

sha256

PE Digest Matches

false

b1:5b:1e:da:c2:28:de:a5:b5:42:1f:d6:9c:43:d8:06:5a:9f:70:35
Signer

Actual PE Digest

b1:5b:1e:da:c2:28:de:a5:b5:42:1f:d6:9c:43:d8:06:5a:9f:70:35

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2b1056d4345ad77e4307f89a6e9181b96f20d7b82d4fec18dbc9be1e0636b0b7.dll
.dll windows:5 windows x86 arch:x86

dae1a3f04a7cd51523ba31141bb95f1e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHGetFolderPathW
Shell_NotifyIconW

user32

CopyImage
SetMenuItemInfoW
GetMenuItemInfoW
DefFrameProcW
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
EnumWindows
ShowOwnedPopups
GetClassInfoExW
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
CharLowerBuffW
PostMessageW
SetWindowLongW
IsZoomed
SetParent
DrawMenuBar
GetClientRect
IsChild
IsIconic
CallNextHookEx
ShowWindow
GetWindowTextW
SetForegroundWindow
GetAsyncKeyState
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
mouse_event
CreateWindowExA
GetClassLongW
SetScrollRange
DrawTextW
PeekMessageA
MessageBeep
SetClassLongW
RemovePropW
AttachThreadInput
GetSubMenu
DestroyIcon
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
LoadStringW
CreateMenu
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
GetSysColorBrush
GetWindowDC
DrawTextExW
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
keybd_event
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
GetCursor
KillTimer
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
CreateWindowExW
GetDCEx
PeekMessageW
MonitorFromWindow
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
SendInput
LoadCursorW
ScrollWindow
GetLastActivePopup
GetSystemMetrics
CharUpperBuffW
SetClipboardData
GetClipboardData
ClientToScreen
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
ToAscii
EnableWindow
GetWindowThreadProcessId
RedrawWindow
EndPaint
MsgWaitForMultipleObjectsEx
FindWindowA
LoadKeyboardLayoutW
ActivateKeyboardLayout
GetParent
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
VkKeyScanW
DestroyMenu
SetWindowsHookExW
EmptyClipboard
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
GetKeyboardState
ScreenToClient
DrawFrameControl
SetCursor
CreateIcon
RemoveMenu
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CloseClipboard
DestroyCursor
PostMessageA
CopyIcon
PostQuitMessage
ShowScrollBar
EnableMenuItem
HideCaret
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowRect
GetWindowLongW
InsertMenuW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetKeyboardLayout
DeleteMenu

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SysFreeString
VariantClear
VariantInit
GetErrorInfo
SysReAllocStringLen
SafeArrayCreate
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
VariantChangeType

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegCreateKeyExW
RegRestoreKeyW

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy
memset

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

GetFileType
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TlsAlloc
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
WriteProcessMemory
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
ReadFile
GetUserDefaultLCID
HeapSize
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetVersion
RaiseException
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
WinExec
GetVersionExW
GetModuleHandleA
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
GetConsoleOutputCP
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
EnumResourceNamesW
IsDBCSLeadByteEx
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

wsock32

gethostbyaddr
WSACleanup
gethostbyname
bind
gethostname
closesocket
WSAGetLastError
connect
inet_addr
getpeername
WSAAsyncSelect
WSAAsyncGetServByName
WSACancelAsyncRequest
send
ntohs
htons
WSAStartup
getservbyname
getsockname
listen
socket
recv
inet_ntoa
ioctlsocket
WSAAsyncGetHostByName

ole32

IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

gdi32

Pie
SetBkMode
CreateCompatibleBitmap
GetEnhMetaFileHeader
RectVisible
AngleArc
SetAbortProc
SetTextColor
StretchBlt
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
PolyBezierTo
CreateICW
CreateDCW
GetStockObject
CreateSolidBrush
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
GetEnhMetaFilePaletteEntries
CreatePenIndirect
CreateFontIndirectW
PolyBezier
EndDoc
GetObjectW
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
SelectPalette
ExcludeClipRect
MaskBlt
SetWindowOrgEx
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
Rectangle
SaveDC
DeleteDC
FrameRgn
BitBlt
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
IntersectClipRect
Polyline
CreateBitmap
SetWinMetaFileBits
CombineRgn
GetStretchBltMode
CreateDIBitmap
SetStretchBltMode
GetDIBits
CreateDIBSection
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
SelectObject
DeleteObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

MpAddDynamicSignatureFile
MpAllocMemory
MpCleanOpen
MpCleanStart
MpClientUtilExportFunctions
MpConfigClose
MpConfigDelValue
MpConfigGetValue
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigIteratorClose
MpConfigIteratorEnum
MpConfigIteratorOpen
MpConfigOpen
MpConfigSetValue
MpConfigUninitialize
MpConveySampleSubmissionResult
MpDynamicSignatureEnumerate
MpDynamicSignatureOpen
MpFreeMemory
MpGetDevMode
MpGetDeviceControlSecurityPolicies
MpGetNpSupportFile
MpGetSampleChunk
MpGetTDTFeatureStatus
MpGetTDTFeatureStatusEx
MpGetTPStateInfo
MpGetTSModeInfo
MpGetTaskSchedulerStrings
MpHandleClose
MpManagerEnable
MpManagerOpen
MpManagerStatusQuery
MpManagerStatusQueryEx
MpManagerVersionQuery
MpNetworkCapture
MpQuarantineRequest
MpQueryEngineConfigDword
MpRemoveDynamicSignatureFile
MpRollbackPlatform
MpSampleQuery
MpSampleSubmit
MpScanControl
MpScanResult
MpScanStartEx
MpServiceLogMessage
MpSetTPState
MpThreatEnumerate
MpThreatOpen
MpUnblockEngine
MpUnblockPlatform
MpUnblockSignatures
MpUpdatePlatform
MpUpdateStart
MpUpdateStartEx
MpUpdateTSModeEx
MpUtilsExportFunctions
MpWDEnable
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2bfe10b56aab056697477d8c4d3311a01cea0f071dd0e891bacf10b8fee84bc1.xlsx
.xls .xlsx windows office2003
2c42f0b638e46ffc233200f45ca9436c78fb424fc409574512774dfd3a0621a6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8e:bc:ea:d5:d2:7d:79:85:97:42:f7:69:8e:0d:94:2b:ea:fe:3a:b5:49:11:76:ee:25:34:bf:89:70:fb:c8:8f
Signer

Actual PE Digest

8e:bc:ea:d5:d2:7d:79:85:97:42:f7:69:8e:0d:94:2b:ea:fe:3a:b5:49:11:76:ee:25:34:bf:89:70:fb:c8:8f

Digest Algorithm

sha256

PE Digest Matches

false

c5:fc:c0:98:12:4a:23:7c:cd:0f:bb:44:69:32:69:cb:51:dc:a8:3b
Signer

Actual PE Digest

c5:fc:c0:98:12:4a:23:7c:cd:0f:bb:44:69:32:69:cb:51:dc:a8:3b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2c685d483172df43fcfb3a23ed0decedbe4087d37248a78d4b475033eebe5ccb.exe
.exe windows:5 windows x86 arch:x86

c1ef3025569bf8fbe745298f15590053

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:28:2b:07:49:66:9b:59:5f:79:49:ff:06:13:4e:92
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

05/09/2009, 00:00

Not After

01/10/2012, 23:59

Subject

CN=Adobe Systems Incorporated,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Universal Client,O=Adobe Systems Incorporated,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:50:97:15:8b:51:37:e0:67:cd:1d:21:aa:ea:20:e8:ef:ea:66:3f
Signer

Actual PE Digest

09:50:97:15:8b:51:37:e0:67:cd:1d:21:aa:ea:20:e8:ef:ea:66:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\Acro_root_apams\Main\code\build\win\results\Release\info\naib.pdb

Imports

kernel32

GetFileSize
GetLocalTime
lstrlenA
GetVersionExW
InitializeCriticalSection
LoadLibraryW
MultiByteToWideChar
GetModuleFileNameW
ReadFile
GetFileAttributesW
GetModuleHandleW
CreateThread
LocalFree
DeleteFileW
CloseHandle
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetUserDefaultUILanguage
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
RtlUnwind
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedDecrement
GetCurrentThreadId
SetLastError
SetThreadLocale
GetTempPathW
lstrlenW
lstrcmpA
lstrcmpW
CreateFileW
GetExitCodeProcess
WideCharToMultiByte
WriteFile
GetProcessHeap
WaitForSingleObject
HeapFree
HeapAlloc
CreateProcessW
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RaiseException
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
GetProcAddress
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement

shell32

SHGetFolderPathW
ShellExecuteW
SHCreateDirectoryExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shlwapi

PathFindFileNameW
PathAppendW
UrlGetPartA
PathRemoveExtensionA
PathAppendA
PathRemoveFileSpecW

msi

ord90

user32

LoadCursorW
TranslateMessage
IsDialogMessageW
RegisterClassExW
CreateWindowExW
DispatchMessageW
GetMessageW
PostQuitMessage
PostMessageW
SetForegroundWindow
GetWindowLongW
GetDlgItem
SetWindowLongW
LoadStringW
ShowWindow
CreateDialogParamW
MessageBoxW
SendMessageW
SetWindowTextW
DefWindowProcW
EndDialog
SetFocus
DialogBoxParamW
DestroyWindow

wininet

InternetCloseHandle
InternetConnectA
InternetReadFile
HttpQueryInfoW
InternetOpenA
HttpSendRequestA
HttpOpenRequestA

crypt32

CertFreeCertificateContext
CertGetNameStringW
CertCreateCertificateContext
CryptGetMessageCertificates
CertFindCertificateInStore
CertCloseStore
CertVerifySubjectCertificateContext
CertDuplicateCertificateContext
CryptVerifyDetachedMessageSignature
CertVerifyCRLRevocation
CryptDecodeObjectEx

cryptnet

CryptRetrieveObjectByUrlW
CryptGetObjectUrl

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2d591c9eb9c192c99f9e76d14bc9e8632c18aaa863808e0d1d39a8950283c6e8.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2f810d8e54c280d498fe2c7e195530d7df09de59ad20f188fe13dd77bf347733.elf
.elf linux x86
2f95a04948ad29f12c5b837c69d578c53fa535a8314c44dc1651affd8a28c733.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

d3:06:02:d8:02:dc:0f:4e:b9:39:88:08:76:4e:d1:98
Certificate

Issuer

CN=Genius Tehnology,OU=Genius Company,O=Creted by Genius Tehnology,L=\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x,ST=IT,C=Italy

Not Before

20/02/2024, 14:54

Not After

08/06/2027, 00:00

Subject

CN=Genius Tehnology,OU=Genius Company,O=Creted by Genius Tehnology,L=\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+yÛ\+yÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+yÛ\+xÛ\+yÛ\+xÛ\+yÛ*xÛ\+yÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ*xÛ\+xÛ\+xÛ\+xÜ\+yÛ*xÛ\+xÛ\+yÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ*xÛ*yÛ\+xÛ*xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+yÛ*yÛ\+xÛ\+yÛ\+xÜ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ*xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+yÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÜ\+yÛ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+yÛ\+xÜ*xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÜ\+xÛ\+xÜ\+xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ\+xÜ\+xÜ\+xÛ\+xÛ*xÛ\+xÛ\+xÛ\+xÛ*xÜ\+xÛ*xÛ\+xÛ\+xÛ*xÛ*xÛ*xÛ*wÛ*xÛ\+xÛ*xÛ\+xÜ*xÜ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÛ*xÛ*xÛ\+xÛ*xÛ\+xÜ*xÛ\+wÛ\+xÛ\+xÛ*xÛ\+x,ST=IT,C=Italy

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5a:5d:b4:9f:7f:7d:ff:f0:6b:37:51:7e:24:e8:22:52:30:4b:44:29:8d:ce:68:f0:08:7f:a0:e1:0d:cc:c1:06
Signer

Actual PE Digest

5a:5d:b4:9f:7f:7d:ff:f0:6b:37:51:7e:24:e8:22:52:30:4b:44:29:8d:ce:68:f0:08:7f:a0:e1:0d:cc:c1:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

usainstructiongtstreet.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
30d2c8eb828cdcc0768a51196c11ac26ec0d5d4408db7b9a1e53d3668d83cf31.exe
.exe windows:5 windows x86 arch:x86

67249dba00354a5d46556d718ee3a4c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
InterlockedDecrement
CreateDirectoryW
GetSystemDefaultLCID
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
31ccd98fb9b4dc2652a0de3fd5f77d530f20540567a83a541cfadba756bced43.elf
.elf linux arm
31e34b6b2d09bfb108768d1502f68fa535815dd74443db4c0a9d8540df1154fa.elf
.elf linux arm
3216df929418f78d82338e1b4db2574c51a600806151e7e594849d624a50b03d.elf
.elf linux mipsbe
326068aa434690c190e1784ac4eef5198e550e41b7189738879ed042ed97e732.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

eXzV.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 708KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
340f4a7db0024413428f3663d06af5d5b430a2dadc8931a8b6c75b650e951f69.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
344bb8ae2d9afbf9f666a844f6e9a7606eaa226a0383b84cf173f0f3725fabff.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
346d471bd9f585ac6a4a6b6e11a12004edffdccf92680d701935a7e653fb2b0d.unknown
.chm
36e1aeaae5d1bffc4668bb646707d1fd9d4755cff6f32546c1abe310cf7293ac.elf
.elf linux x64
36f990f3ff5b7bcdc7eac8910ecd305e03b8e988a0a341f244b16a298e331b80.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b4:25:ec:f7:ad:8b:af:f9:20:46:16:d8:05:38:ea:96:55:f8:a7:c9:cb:9d:a5:ca:fd:75:6e:28:be:b7:6b:fc
Signer

Actual PE Digest

b4:25:ec:f7:ad:8b:af:f9:20:46:16:d8:05:38:ea:96:55:f8:a7:c9:cb:9d:a5:ca:fd:75:6e:28:be:b7:6b:fc

Digest Algorithm

sha256

PE Digest Matches

false

e6:e6:71:f5:51:b6:15:e7:67:31:b9:99:e8:90:85:2e:73:cc:50:47
Signer

Actual PE Digest

e6:e6:71:f5:51:b6:15:e7:67:31:b9:99:e8:90:85:2e:73:cc:50:47

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 693KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
37417a9fe7c534e24386cc20c54ef3c998a0bec3577b1865c17387c5b64c92e2.elf
.elf linux arm
37ab61ae86c08d6a684fff573cbd927b144dfac5006d660cc3cb58676fb15c2c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
382124d3966629b5b5444502aaebdda805321db46d5062097d04188d52e9b2bb.elf
.elf linux sparc
394ea781a97e54b5775c12696a8bd036ecc9fc54bfaf8bd0d783bff70f24f1eb.elf
.elf linux ppc
3a184b5817a934366dd3b103a3e26d8a24cfae4dab86cb10c22ac79bf3d3166e.gz
.gz
PO.chm
.chm
3ab8ff44da4ed2af8c938e7a1340f190c0aef20d857933ce766ba91b6ddf527f.elf
.elf linux ppc
3b4e540b6afd78f74bd9ae305f6b2e41d12d2814ff0a48e39c1e9d5d1b67fb53.elf
.elf linux arm
3c1141fdf73eba7509dcb6ddf63c9622b16496803274e47700d4d4915a2725e2.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ghuixnhe
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

izijffap
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3c39b5592ca48f1e5106f34e67f153f80902d6ce15144d760e630274ff7d9c63.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2f:8c:cc:08:e1:0b:5f:a1:7a:9d:bd:72:7e:5e:fc:66:ab:dc:d6:dc:06:75:99:e3:4c:0d:98:21:6d:dd:39:ff
Signer

Actual PE Digest

2f:8c:cc:08:e1:0b:5f:a1:7a:9d:bd:72:7e:5e:fc:66:ab:dc:d6:dc:06:75:99:e3:4c:0d:98:21:6d:dd:39:ff

Digest Algorithm

sha256

PE Digest Matches

false

4b:0e:d9:5e:9d:4d:ec:37:bb:1f:4e:65:04:63:67:4d:87:cb:fa:df
Signer

Actual PE Digest

4b:0e:d9:5e:9d:4d:ec:37:bb:1f:4e:65:04:63:67:4d:87:cb:fa:df

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 709KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3c6cda53f75c552e6198f0d7bd0881695227e6c2c88c6272eeebe30247d04ead.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:01:94:cd:1e:31:42:20:51:35:d1:c6:36:e4:e9:ba
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/10/2022, 00:00

Not After

15/10/2025, 23:59

Subject

CN=NVIDIA Corporation,OU=1-F,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:39:b8:63:50:04:d1:78:ba:9a:0b:38:53:8a:0d:8f:82:c0:67:62:9c:54:0e:db:a4:f0:a4:ba:0b:08:65:5e
Signer

Actual PE Digest

6e:39:b8:63:50:04:d1:78:ba:9a:0b:38:53:8a:0d:8f:82:c0:67:62:9c:54:0e:db:a4:f0:a4:ba:0b:08:65:5e

Digest Algorithm

sha256

PE Digest Matches

false

6e:39:b8:63:50:04:d1:78:ba:9a:0b:38:53:8a:0d:8f:82:c0:67:62:9c:54:0e:db:a4:f0:a4:ba:0b:08:65:5e
Signer

Actual PE Digest

6e:39:b8:63:50:04:d1:78:ba:9a:0b:38:53:8a:0d:8f:82:c0:67:62:9c:54:0e:db:a4:f0:a4:ba:0b:08:65:5e

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Rolling.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3df3b7abf812cc4840623c526ac35442a5ceb2617cbc508719ad181e111cfeff.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
41612cf82710561b8aaaa63eccb4749f1e462270fe4525f97f19bee196764774.exe
.exe windows:5 windows x86 arch:x86

67249dba00354a5d46556d718ee3a4c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
InterlockedDecrement
CreateDirectoryW
GetSystemDefaultLCID
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
42b076c5ee3c60d65ef357ed908f9ee22ff38e826daa782071e8509780f4fc14.elf
.elf linux
4313f84b367cb781e9aab3199d7fc7282cc7ff36a494e3b80ec918b685425012.vbs
.vbs
4320ef536d6736f88ed5018198c723c9c6d046d6c00ca97fe9b4fbb6482114ac.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

\\192.168.45.191\smbShare\OSEP-Tools-v2\Loaders_Shellcode\D_invoke\exe\obj\x64\Release\exe.pdb

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
432825784a9d7b30a14ee513b59fb849b5c73166b0fd6ff46276c40584cab2dd.elf
.elf linux mipsel
43c4a72f5bca0ce109002fee52d179e5e5c6b24fc88febb7f99d36999062422d.elf
.elf linux
4416b9214d72b07c657a7916e033c4e5487e6049eb263c7a813ae673026a6fea.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cFfW.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 702KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4419d55c1a6cb9ac9be272c04af5b8c21e2ae3a97b183d43dc6d9cf8f5e44b5a.elf
.elf linux arm
449ecf2471ec8a48d115b252928053edc56f2bbf622a88db78274bdf3cc574ac.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 733KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
45b18df80235f8ea55ec98b9b4bdd90cffaa1100b0edce53fc5d459503c84103.elf
.elf linux x86
45b25ef5aa170243f3c1b6fafaee3a5db0bd499fe54c70b1a0494218fcc7afb4.elf
.elf linux sh
463966840812a4719b5c286ba2088645055567a4f91e01aeefcc816a643ca342.elf
.elf linux arm
46863db3a34ec6b915cea25aafd4a9d119f35ae408fb634d42c70fbf0ac79394.elf
.elf linux sh
469490bf14e84b1250916a7a448c30354ccd31d218d3cbb8cb4d7a54c985c7f2.elf
.elf linux mipsel
478bdcdd85ddc7287b5dde32391881591cc77db75412ef5340f5bd3531738245.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 621KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4883a73d9fd65f8c0501a34071cc2bd5a3a28392d8638655c6ca324e6a2f3fda.elf
.elf linux arm
488497f270abec0d0b4c3bb4662dca05989dfcf566b63e5d61b70c61eb0c3b96.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/12/2021, 00:00

Not After

08/01/2025, 23:59

Subject

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/12/2021, 00:00

Not After

08/01/2025, 23:59

Subject

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c0:64:82:32:15:35:6d:13:e3:e7:ea:3d:f0:33:9f:1c:37:b4:a4:a8:88:54:1c:f5:be:50:f3:51:14:eb:78:30
Signer

Actual PE Digest

c0:64:82:32:15:35:6d:13:e3:e7:ea:3d:f0:33:9f:1c:37:b4:a4:a8:88:54:1c:f5:be:50:f3:51:14:eb:78:30

Digest Algorithm

sha256

PE Digest Matches

false

88:f1:68:36:11:0b:45:99:07:1c:eb:3a:d1:d3:6e:6f:0e:42:f4:a4
Signer

Actual PE Digest

88:f1:68:36:11:0b:45:99:07:1c:eb:3a:d1:d3:6e:6f:0e:42:f4:a4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

NhHhuuh.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4886723676067dd4316c63729fb59bd22e7d7520ba10ca066d8a24f45d503e30.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:96:7c:4a:f7:d5:40:be:9e:b9:a5:1d:8e:12:a7:6b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/04/2016, 00:00

Not After

01/04/2017, 23:59

Subject

SERIALNUMBER=116-81-65189,CN=PENTA SECURITY SYSTEMS INC.,O=PENTA SECURITY SYSTEMS INC.,L=Yeongdeungpo-gu,ST=Seoul,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:96:7c:4a:f7:d5:40:be:9e:b9:a5:1d:8e:12:a7:6b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

01/04/2016, 00:00

Not After

01/04/2017, 23:59

Subject

SERIALNUMBER=116-81-65189,CN=PENTA SECURITY SYSTEMS INC.,O=PENTA SECURITY SYSTEMS INC.,L=Yeongdeungpo-gu,ST=Seoul,C=KR,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024b52

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a9:f7:02:7e:f3:90:4a:57:5f:22:9a:2e:32:86:b4:4d:2d:bb:bb:e4:5e:40:9b:db:02:69:02:ec:f4:97:87:55
Signer

Actual PE Digest

a9:f7:02:7e:f3:90:4a:57:5f:22:9a:2e:32:86:b4:4d:2d:bb:bb:e4:5e:40:9b:db:02:69:02:ec:f4:97:87:55

Digest Algorithm

sha256

PE Digest Matches

false

f9:37:17:98:ee:14:54:30:86:3c:77:44:7c:f5:1b:da:6f:e6:3f:98
Signer

Actual PE Digest

f9:37:17:98:ee:14:54:30:86:3c:77:44:7c:f5:1b:da:6f:e6:3f:98

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 327KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
489d7dbcfb918e3246f10029be18b5f2030b726ce4068909da4325c8dec20340.elf
.elf linux mipsel
48bc82d0984afc57dce0c4cc9444769cf9cae618130778ab9d588849410c5b59.elf
.elf linux arm
4902c7904c591b5609804418ed6bd49762e33c617cf38849dafb20b0f8a0454d.zip
.zip
CV Mariana Alvarez.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cTKR.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 773KB - Virtual size: 772KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
492a6e78c52e03d832082a391b48a411c53b6319f569dfe94eabcf9e75de5e1f.zip
.zip
Quotation R2100131410.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

IcgY.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 771KB - Virtual size: 770KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4a388c2fa70cf0be0ec5041d7efa6ff548303f0336914983e0866c62a55f8ce9.r01
.rar
EJ9wbX3RFyX19aq.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4a802bd99bb9503b36b5bca07fdf9482e5ef52d10cfc136dbbc44ae55a79c187.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

21:48:43:d2:3d:39:71:46:bd:f0:88:93:78:ca:8d:f6:1d:94:54:7e:be:fe:fb:c6:d0:c5:b6:7c:98:57:7d:8a
Signer

Actual PE Digest

21:48:43:d2:3d:39:71:46:bd:f0:88:93:78:ca:8d:f6:1d:94:54:7e:be:fe:fb:c6:d0:c5:b6:7c:98:57:7d:8a

Digest Algorithm

sha256

PE Digest Matches

false

5c:30:f0:60:e7:86:aa:33:20:e1:d0:77:d3:f3:ba:92:b3:a9:15:b1
Signer

Actual PE Digest

5c:30:f0:60:e7:86:aa:33:20:e1:d0:77:d3:f3:ba:92:b3:a9:15:b1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 699KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4b7ba4a99e9ce1f3363fb89f18c3b0ec0af1fe4466ae14f8466e2a7cf23eb825.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 696KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4e4f25dfbcd19e008471710bfe22b1bfb88334db328703d5c2a3cdb4b334f122.elf
.elf linux mipsel
4edc1f0904f3ea0305ff2ca311db86ed8abb8b05aadef0599e0015fff0620403.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 932KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4fe4fa8dab6190661ce264db75129553886d56a863312b79e50b227f16099d19.elf
.elf linux arm
4ff2b35479cd45520aa714643c2dcb649e7d73caf9a6ab1c83d73ec439b6121b.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 753KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
510a0d18865045113a75c38f3db8421368255466a3ceef5e5c9b47c8fafe972c.elf
.elf linux sparc
515c38a9a32c7974d5e8d56f766bcacae878a3d11262988edd95be4ec8a45359.exe
.exe windows:4 windows x86 arch:x86

7ed0d71376e55d58ab36dc7d3ffda898

Code Sign

50:1d:5b:7f:ce:e7:24:5e:0d:51:8e:9c:fc:19:1a:ea:df:6d:5f:a3
Certificate

Issuer

CN=Crambly,OU=agrege Nedskrivningstidspunktets Sportsstrmpe\ ,O=Crambly,L=Germigney,ST=Bourgogne-Franche-Comté,C=FR,1.2.840.113549.1.9.1=#0c254f6d6472656a6e696e67737469646572406d656464656c656c73657368656d6d652e576974

Not Before

02/03/2023, 07:53

Not After

01/03/2026, 07:53

Subject

CN=Crambly,OU=agrege Nedskrivningstidspunktets Sportsstrmpe\ ,O=Crambly,L=Germigney,ST=Bourgogne-Franche-Comté,C=FR,1.2.840.113549.1.9.1=#0c254f6d6472656a6e696e67737469646572406d656464656c656c73657368656d6d652e576974

41:1e:86:bb:cc:72:58:98
Certificate

Issuer

CN=Apple Timestamp Certification Authority,OU=Apple Certification Authority,O=Apple Inc.,C=US

Not Before

19/02/2024, 20:25

Not After

01/04/2024, 20:25

Subject

CN=Timestamp Signer MA2,O=Apple Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:4c:57:63:9f:f3:f0:b7
Certificate

Issuer

CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US

Not Before

05/04/2012, 12:02

Not After

05/04/2027, 12:02

Subject

CN=Apple Timestamp Certification Authority,OU=Apple Certification Authority,O=Apple Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02
Certificate

Issuer

CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US

Not Before

25/04/2006, 21:40

Not After

09/02/2035, 21:40

Subject

CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:f2:fe:7d:e7:44:2a:a8:2d:57:d8:8b:bb:9f:b0:ab:92:18:78:65:c2:7b:1f:ff:77:25:90:91:78:cc:2d:96
Signer

Actual PE Digest

b0:f2:fe:7d:e7:44:2a:a8:2d:57:d8:8b:bb:9f:b0:ab:92:18:78:65:c2:7b:1f:ff:77:25:90:91:78:cc:2d:96

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
SetFileAttributesW
ExpandEnvironmentStringsW
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
SetErrorMode
GetCommandLineW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Brddevggens/Dommedagsprdikenerne/Speedbaadene/Bichromatise141.txt
Brddevggens/Dommedagsprdikenerne/Speedbaadene/Normalniveauer.Pro
Klevarernes/Unmentionably/Ruflende/Cassalty.Sti
Korallernes/Titmarsh1.str
Korallernes/autosomally.met
Korallernes/danserindes.und
Korallernes/fremmedgjorte.smr
Korallernes/ravishedly.taf
539f3569eaf4a4a21eb6f9ee3b871334ec8a2628ec3b95bdfc3987adaf440037.elf
.elf linux ppc
54897e7d6f6428d606dc79024bef460023cf8fee90ec6e4a47c6add749d83b0a.elf
.elf linux arm
54cdf582c37ff878e8bcb09fab72aca6dc6292d25b7d62b13ec4e7b4cdfe3cfc.rar
.rar
55086b3134fbc0ffd92ac886abe35ef6304397a2be179a82e8f4902352f68520.elf
.elf linux x86
55e77457c51aeb7d8b18c8ba1d7dbe91f2c84669ab0ee0ecb624b0c7d94de23f.js
57e9cd4097b50b6c174ec06bd21cd8f9f0583f92dd8ec3da4e3c93a9c820bd2a.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
58ad53154bab1862392708b89b01c7851d11093d7a7d69cc2a6256fe6546448b.elf
.elf linux x86
5942ecac81d81dc1ff1dd3cf1572669a02d2873117918e6a09b1573dd48e8d48.elf
.elf linux arm
595c20f94db2ba132681d1b669ddd21a561f50a5afd4df0925fe8fd2d988f3c6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

BluE.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 645KB - Virtual size: 645KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
59c826d8c51c659ebb7ebad1a13d2fab9419bbaa298362276434eef54a7b1bc2.elf
.elf linux x86
5d94973c1721adf02c34669a00c29e5aae5010a71f79ca8ae16994edccec2830.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5e57e501bdaa7239630b2f2c362dc4ee9f7220c234c3fd537beb780799fa575e.elf
.elf linux mipsel
5e8119622389d8ee840a2e9429a31d5fad907bd25c2fff9e81f969a6111af092.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ylKP.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 701KB - Virtual size: 701KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5f170a259ed79735753b3795bf9fa7c4fc1d0924e907161d90f89e097ec54fc3.exe
.exe windows:4 windows x86 arch:x86

c879f934e5ad7bf1015f75ab8102f9d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemPowerStatus
MultiByteToWideChar
CreateThread
CreateDirectoryA
CreateFileA
ReadFile
CloseHandle
WriteFile
CreateToolhelp32Snapshot
Process32First
OpenProcess
GetCurrentProcessId
TerminateProcess
Process32Next
GetCurrentThreadId
SetEvent
GetProcessHeap
HeapAlloc
HeapFree
CreateEventA
GetLastError
WaitForSingleObject
GetOverlappedResult
BuildCommDCBA
SetCommState
SetLastError
Sleep
WinExec
GetCommState
GetCommTimeouts
SetCommTimeouts
SetCommMask
GetSystemTime
GetLogicalDrives
SystemTimeToFileTime
FileTimeToSystemTime
GetDiskFreeSpaceExA
DeleteFileA
SetFilePointer
FindFirstFileA
FindClose
GetFileAttributesA
FindNextFileA
GlobalAlloc
GlobalFree
GetFileSize
GetCurrentProcess
GetSystemTimes
GlobalLock
GlobalUnlock
GlobalReAlloc
GetFileAttributesExA
LoadLibraryA
GetProcAddress
FreeLibrary
ExitThread
SetEndOfFile
SetThreadPriority
CopyFileA
MoveFileExA
GetModuleHandleA
GetTickCount
FindResourceA
SizeofResource
LoadResource
LockResource
CreateProcessA
MoveFileA
GetCommandLineA
GetVolumeInformationA
SetErrorMode
SetUnhandledExceptionFilter
GetStartupInfoA
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
VirtualAlloc
VirtualQuery
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
GetFileType
GetStdHandle
DuplicateHandle
SetHandleCount
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsA
OutputDebugStringA
UnhandledExceptionFilter
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleOutputCP
SetStdHandle
WideCharToMultiByte

user32

MessageBoxA
InvalidateRect
SendMessageA
SetWindowTextA
KillTimer
SetWindowPos
CharLowerA
ShowWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
BringWindowToTop
PostMessageA
SetFocus
SetCursorPos
DestroyWindow
SetTimer
ReleaseCapture
SetWindowRgn
SetCapture
GetCursorPos
BeginPaint
FillRect
DrawTextA
EndPaint
CallWindowProcA
CreateWindowExA
SetWindowLongA
WindowFromPoint
ScreenToClient
PtInRect
IsWindowVisible
GetFocus
ModifyMenuA
DrawMenuBar
CreatePopupMenu
AppendMenuA
SetMenuInfo
TrackPopupMenu
DestroyMenu
GetWindowTextA
CharUpperA
ExitWindowsEx
SetRect
CopyImage
CheckMenuItem
DefWindowProcA
FindWindowA
RegisterClassA
UpdateWindow
GetWindowRect
GetDC
ReleaseDC
GetWindowLongA
RemoveMenu
GetClientRect
SetCursor
IsIconic
CreateMenu
LoadImageA
EnumDisplaySettingsA
GetSystemMetrics
SendNotifyMessageA
UnregisterClassA
SystemParametersInfoA
GetSysColor
SetClassLongA
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
UnregisterHotKey
PostQuitMessage
SetProcessDPIAware
RegisterHotKey
LoadIconA
LoadCursorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetMessageA

gdi32

GetStockObject
CreateRectRgn
SelectObject
SetTextColor
SetBkMode
RoundRect
Polygon
DeleteObject
CreatePen
TextOutA
CreateFontA
CreateCompatibleDC
GetObjectA
CreateDIBSection
BitBlt
ExtCreateRegion
CombineRgn
DeleteDC
GetDIBits
SetDIBits
CreateBitmap
StretchBlt
CreateSolidBrush
CreateRoundRectRgn
MoveToEx
LineTo
SetBkColor
OffsetRgn
Rectangle
Polyline
CreateCompatibleBitmap
ChoosePixelFormat
SetPixelFormat
SwapBuffers
Ellipse
Pie
SetStretchBltMode
CreateFontIndirectA
CreateHatchBrush
SelectClipRgn
CreatePolygonRgn
BeginPath
EndPath
PathToRegion
GetRgnBox
CreateRectRgnIndirect

shell32

ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

opengl32

glColor3ub
glColor4ub
glGenLists
wglUseFontOutlinesA
glDeleteLists
glTranslatef
glPushAttrib
glListBase
glCallLists
glPopAttrib
glColor3f
glEnable
glDisable
glLoadIdentity
wglUseFontBitmapsA
glBlendFunc
glRasterPos2f
glBegin
glColor4f
glVertex2f
glEnd
glLineWidth
glMatrixMode
glPushMatrix
glViewport
glOrtho
glGenTextures
glBindTexture
glTexParameteri
glTexImage2D
glGetError
glRotatef
glScalef
glPolygonMode
glVertex3f
glEnableClientState
glNormalPointer
glVertexPointer
glDrawArrays
glTexGeni
glPopMatrix
glVertex2i
glRotated
glNormal3d
glTexCoord2d
glVertex3d
glTexCoord2f
glClear
glDepthFunc
wglMakeCurrent
wglDeleteContext
wglCreateContext
glShadeModel
glHint
glDeleteTextures
glFogi
glFogf
glLineStipple
glClearColor
glClearDepth
glReadPixels

glu32

gluPerspective
gluBuild2DMipmaps
gluDisk
gluDeleteQuadric
gluNewQuadric
gluQuadricNormals
gluQuadricTexture
gluSphere

winmm

waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader
waveOutReset
mciSendStringA
waveOutWrite
PlaySoundA
waveOutClose

wininet

DeleteUrlCacheEntry
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable
InternetGetConnectedState

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdiplusShutdown
GdipGetImageThumbnail

msimg32

GradientFill

urlmon

URLOpenBlockingStreamA
URLDownloadToFileA

shlwapi

PathStripPathA
PathRemoveFileSpecA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
OleInitialize
CreateStreamOnHGlobal
OleUninitialize

oleaut32

OleLoadPicture

Sections

.text
Size: 557KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 718.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
5f7bcb9b4dc7038610f1a9fedaa513c9ff3762106f435ec80964409662365c98.elf
.elf linux mipsbe
5ffc61aad552fb2349ac6567202a5100f0f5f1404108e285dba218d97764ae3a.elf
.elf linux arm
6048838a96507ca26c12c642663939ccceba50c27fda8af018b6a05ffedf7c24.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

oSzp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 746KB - Virtual size: 746KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
616022de766bd55945033159a2ef9220e9987a03fb88c89e57d9784629b965bd.exe
.exe windows:5 windows x86 arch:x86

67249dba00354a5d46556d718ee3a4c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
InterlockedDecrement
CreateDirectoryW
GetSystemDefaultLCID
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
616d02540edd03664101177f0b00124969dc720a25c4010e2efe6d354a52ad40.rar
.rar
63df257d05c5ae9f6e76314a3a44c2fb7bf1a1ef78ffa687fc0bf35f331639e4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
65eee5c697d399aee72438f67d591a509c41c9590db0ddfc008e73920681b193.elf
.elf linux
65ff2a35d7542764e4e83ef824346341f95a2c22b6135d3d48899d1efbf87d38.elf
.elf linux arm
666300eb97fdaf3ede69f52b1482662cfd2eb6ca8e9d69da54ab420b8bc87d50.elf
.elf linux arm
6674febb46a74c6d0f20b2b92ff5d89f334b02b9ee9cd8011cf388e993b566b6.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
68752a04dfa7a85cee3f8967f7db4090d53ed86ea679e5c7b75ca3ebbaa73ba5.xlsx
.xlsx office2007
68f1a7360790b847d84fd3140aa4018e6ef15a83167cdbd44f957a38c997aa61.elf
.elf linux mipsbe
69ec4f0b51ebe2d0ca6707f3d11241f235c9ea425fb02df52a9e03b9a19c393e.elf
.elf linux arm
6a0b8f403b660202a6d599aa998802af71064fa3cdbbc2377b75885149cf1773.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ilkf.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6a8e67efe93ced793d9a285c68a6c62208d185f72eb39a110defe97138b917a8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ghyK.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
6b7c969bbcd1395769e6c8a03148cad3c2290bffcd4991a7383d397cb7c105c5.exe
.exe windows:5 windows x86 arch:x86

8f1805f3ae545b0e731cb9cff13122c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\yiwogozeweyo likuj\dez\bacotaroyoj-xesecehex-bes.pdb

Imports

kernel32

GetComputerNameA
GetFileSize
GetLocaleInfoA
GetConsoleAliasExesA
GetDriveTypeW
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
AddConsoleAliasW
CreateDirectoryExA
GetModuleHandleW
GetTickCount
GetNumberFormatA
ReadConsoleW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
SetLastError
GetProcAddress
VirtualAlloc
HeapSize
SetComputerNameA
VerLanguageNameW
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextChangeNotification
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
AreFileApisANSI
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
HeapReAlloc
SetStdHandle
RtlUnwind
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CreateFileA
CloseHandle

user32

IsWindowEnabled
CharUpperBuffW

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
6b85cb31821da1c8ed89ef1e6ffe109fde5dbc17d831d5a09b2f780d8e0574c7.xlsx
.xlsx office2007
6cfa5e1884dc7377cc8e3037592aba2ce7623a24838e8b58720695965ebc5231.elf
.elf linux arm
6d01287116ce8bec55a0b4e0407d965f197b758d1a294c26e0483dddaaf5b2e9.elf
.elf linux mipsbe
6f301ce1878dca09522bd2de077019f941742306e25d4978c2f1a765f0e033f9.elf
.elf linux sparc
7081aed08b2381f64a82873c7fd168ae70f05fbd7cff97426541fe385c5ed450.elf
.elf linux arm
70dcd8ca36ef88c90b42a117ee5313ee0256bcb9b67ae7e6aca428e5927a8982.exe
.exe windows:5 windows x86 arch:x86

eb8c844ad14da407481e1c81cd466558

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
WriteConsoleOutputCharacterA
InterlockedDecrement
GetSystemDefaultLCID
GetConsoleAliasesLengthA
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
CreateDirectoryA
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
72458cae5c7d963dbe4b470e00917f4c66fc2082672a945ed7c96353d17a57f9.elf
.elf linux arm
7307275801a4b5c3c6c5039b9417479952cd36dcc365a74fdcb72cad35d0a423.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
73e175be77f4507c8f8dc13d0ab2a15b86e35ff9717a750f71a9dac8d31c3f32.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jrqxjcoz
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hvurtmpq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
73ef851d18b68d94566900fcf92a20726e31c3e4484d13ef291759f85f07819d.elf
.elf linux arm
742eebfa844751ac27dd63859b04cc6d7aa4baf2ef798ef257ac07ac8b167b43.exe
.exe windows:6 windows x64 arch:x64

e5bf376c91a8fd534a955c9a3c1b6445

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\snoop\Desktop\PorClicker\ImGui-Loader-Base-master\x64\Release\ImGui Loader base.pdb

Imports

kernel32

VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
VerifyVersionInfoW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
MultiByteToWideChar
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
InitializeSListHead
WideCharToMultiByte
GlobalFree
GlobalLock
GlobalAlloc
GlobalUnlock
CreateThread
SetUnhandledExceptionFilter
Sleep

user32

GetWindowLongW
SetWindowLongA
SetWindowLongW
LoadCursorA
MonitorFromWindow
GetMonitorInfoA
EnumDisplayMonitors
WindowFromPoint
PeekMessageA
UpdateWindow
DefWindowProcA
BringWindowToTop
IsIconic
SetWindowPos
SetLayeredWindowAttributes
ScreenToClient
GetCursorPos
SetCursor
SetCursorPos
AdjustWindowRectEx
GetClientRect
SetWindowTextW
ReleaseDC
GetDC
SetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
SetFocus
ClientToScreen
GetMessageA
ShowWindow
DestroyWindow
IsChild
CreateWindowExA
TranslateMessage
DispatchMessageA
PostMessageA
GetKeyState
GetAsyncKeyState
mouse_event
EmptyClipboard
GetClipboardData
RegisterClassExA
GetForegroundWindow
SetClipboardData
CloseClipboard
OpenClipboard
GetDesktopWindow
GetWindowRect
GetCursorInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
FindWindowA
UnregisterClassA

gdi32

GetDeviceCaps

shell32

ShellExecuteA

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks

winmm

PlaySoundA

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

d3d9

Direct3DCreate9

vcruntime140

__current_exception
__C_specific_handler
memcmp
memchr
strstr
memset
memmove
memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__std_terminate
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
terminate
_register_onexit_function
_seh_filter_exe
_set_app_type
_initialize_onexit_table
_get_narrow_winmain_command_line
_initterm
_initterm_e
exit
_invalid_parameter_noinfo_noreturn
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
_wassert
_initialize_narrow_environment
_exit

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-math-l1-1-0

sqrtf
acosf
fmodf
log
logf
pow
powf
atan2f
cosf
ceilf
__setusermatherr
sinf

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcmp

api-ms-win-crt-stdio-l1-1-0

_set_fmode
fseek
__stdio_common_vsscanf
__stdio_common_vsprintf
__p__commode
fread
fflush
fclose
_wfopen
ftell
fwrite
__acrt_iob_func

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
75f22523ab64e7eaca89fd03bdc6d32c1594d82d2f6f6a65834cb00cde74885c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\vvnez\Documents\Visual Studio Projects\VidosToASCII\KachkuPosvyashaetsa\obj\Debug\KachkuPosvyashaetsa.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7662ffc45c0b68a2fb693783e7100088307db0b099579aa94c11efdc0eaeea48.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:b1:50:01:bb:f5:92:d4:96:2a:77:97:ea:73:6f:a3
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

29/09/2021, 00:00

Not After

28/09/2024, 23:59

Subject

SERIALNUMBER=407950,CN=Akeo Consulting,O=Akeo Consulting,ST=Donegal,C=IE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024945

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ec:9f:13:16:c0:32:9a:7a:86:79:b3:0b:d2:7b:94:b2:45:6a:df:97:b2:42:98:ea:76:d0:d7:12:31:a0:c8:ed
Signer

Actual PE Digest

ec:9f:13:16:c0:32:9a:7a:86:79:b3:0b:d2:7b:94:b2:45:6a:df:97:b2:42:98:ea:76:d0:d7:12:31:a0:c8:ed

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
76c142ca9d7c521e8df9a0cecd738b4657e107664a16174ec13f12ca275ee240.elf
.elf linux mipsbe
7810d9292dbec53a2613eba52adcebb30304f8443e485924672ca899bd74c582.elf
.elf linux ppc
79f16c7e9e15bdae4963e258d3c2fd5c797fea4350d81e26f64cd19686832f5c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 290KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7aa53125cf8d4af91b789c88671453cc8f580ddf7e2f3d33da484f693e7e07a2.elf
.elf linux
7b78d121a7fff35d2efdbabeac9ace888d0c6e917b27a258058cd4b075ebcb71.exe
.exe windows:5 windows x86 arch:x86

8f1805f3ae545b0e731cb9cff13122c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\nanu.pdb

Imports

kernel32

GetComputerNameA
GetFileSize
GetLocaleInfoA
GetConsoleAliasExesA
GetDriveTypeW
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
AddConsoleAliasW
CreateDirectoryExA
GetModuleHandleW
GetTickCount
GetNumberFormatA
ReadConsoleW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
SetLastError
GetProcAddress
VirtualAlloc
HeapSize
SetComputerNameA
VerLanguageNameW
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextChangeNotification
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
AreFileApisANSI
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
HeapReAlloc
SetStdHandle
RtlUnwind
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CreateFileA
CloseHandle

user32

IsWindowEnabled
CharUpperBuffW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7c3f720c02708542fa45f50521b169f59053ff6a4a202c947b71037826bdfc31.elf
.elf linux arm
7de8bedc1d2107a51363439e1f9c58e0631256b3bb6141545e953d25570e4511.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7e2165bfa732e207a3b268f091f7c1f9b545c7e4d88e621638ba3ade2f2ead83.elf
.elf linux arm
7eda96196aba8ede36cfb15ac508debe75927d0b2997ef9c494d0223fb478dd3.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cxlmxggu
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

twwqrkyv
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7f6c6e054579e9cb04200a5179117b8e17dbdddb0c280e85f7fe9d77a5a90079.exe
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

OUlV.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
80c40f9a2f2bbf92496d9b8d50158885f8cfe845c54680851892287491370d58.exe
.exe windows:6 windows x64 arch:x64

a7e9df442921da03196472b0c909c1fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
_Strcoll
_Strxfrm
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?id@?$collate@D@std@@2V0locale@2@A
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
_Query_perf_frequency
_Query_perf_counter
?always_noconv@codecvt_base@std@@QEBA_NXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?is@?$ctype@D@std@@QEBA_NFD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Xtime_get_ticks
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
_Thrd_sleep
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

api-ms-win-crt-heap-l1-1-0

free
realloc
malloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

terminate
_cexit
_invalid_parameter_noinfo_noreturn
_beginthreadex
abort

vcruntime140

__current_exception_context
__current_exception
_CxxThrowException
__std_exception_destroy
__std_exception_copy
__FrameUnwindFilter
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
strchr
memmove
memcpy

kernel32

Sleep
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WideCharToMultiByte

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

shell32

ShellExecuteW

api-ms-win-crt-stdio-l1-1-0

ungetc
fwrite
fgetc
_get_stream_buffer_pointers
fclose
setvbuf
fsetpos
_fseeki64
fread
fflush
fputc
fgetpos

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

srand

mscoree

_CorExeMain

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8183e40c898160b6e30b204936c5d2f24c1d00b826cd221200c9d2b65a7a46b6.elf
.elf linux x86
8267f3195cca8c7854ec0c4a460f41bb345a89f299a4702358beffda6cec358a.elf
.elf linux arm
82e52ad241e24dd9f70597d5c5cfa8495d2423abe237c0b37491fd967340d708.elf
.elf linux mipsel
832506397be8817683e8dcac4604eaee19f0add472b9332cb667067562487896.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8348a12f9db7da150a1920718df15448bc7fe34dbe4bc8b788f3d269f940fa3c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8418a0391b5cca38e10e71d95d1a02e5e06849d3c5299c3ceb8ac012b2ad7a0f.exe
.exe windows:5 windows x86 arch:x86

eb8c844ad14da407481e1c81cd466558

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
WriteConsoleOutputCharacterA
InterlockedDecrement
GetSystemDefaultLCID
GetConsoleAliasesLengthA
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
CreateDirectoryA
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
85da573dc8db0b1fc419d2a657dc0c5c3f1043b9f326b8392ee24f017d911f3d.elf
.elf linux x86
8857dcca6727200a71717423a8b575b331dcf01c589f27d259cd4c10f259f8d2.bat
.cab
8863922d09cd6f3689dce4962c45e5335642ebcf9ad134bdca4aaadd9be7a374.elf
.elf linux arm
8898413844f25bf36791cdd187400681583f68496c3110df1ffb760e8fd5220d.elf
.elf linux ppc
88a2bc6a71b781818a170e74b81b01e99a6d018d1b095652557fb1afcd1e0d9d.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jrqxjcoz
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hvurtmpq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8940574ca19d087350f6914af877bb4dcdaa32268ac4b35e9de2dc80590d7087.exe
.exe windows:6 windows x86 arch:x86

d093146790f601dbb1f305c708400eb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetSystemInfo
CreateThread
GetLocalTime
GetThreadContext
GetProcAddress
VirtualAllocEx
RemoveDirectoryA
CreateFileA
CreateProcessA
CreateDirectoryA
SetThreadContext
SetEndOfFile
DecodePointer
ReadConsoleW
HeapReAlloc
HeapSize
GetFileAttributesA
GetLastError
GetTempPathA
Sleep
GetModuleHandleA
SetCurrentDirectoryA
ResumeThread
GetComputerNameExW
GetVersionExW
CreateMutexA
VirtualAlloc
WriteFile
VirtualFree
WriteProcessMemory
GetModuleFileNameA
ReadProcessMemory
ReadFile
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
DeleteFileW
LCMapStringW
CompareStringW
MultiByteToWideChar
HeapAlloc
HeapFree
GetCommandLineW
GetCommandLineA
GetStdHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
RaiseException
GetCurrentThreadId
IsProcessorFeaturePresent
QueueUserWorkItem
GetModuleHandleExW
FormatMessageW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
WaitForSingleObjectEx
QueryPerformanceCounter
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetCurrentThread
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
LoadLibraryExW
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
ExitProcess
CreateFileW
WriteConsoleW

user32

GetSystemMetrics
ReleaseDC
GetDC

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteObject
BitBlt

advapi32

RegCloseKey
RegGetValueA
RegQueryValueExA
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameA
LookupAccountNameA
RegSetValueExA
RegOpenKeyExA
GetSidIdentifierAuthority

shell32

SHGetFolderPathA
ShellExecuteA
ord680
SHFileOperationA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

wininet

HttpOpenRequestA
InternetWriteFile
InternetOpenUrlA
InternetOpenW
HttpEndRequestW
HttpAddRequestHeadersA
HttpSendRequestExA
InternetOpenA
InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile

gdiplus

GdipGetImageEncodersSize
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipSaveImageToFile
GdipCreateBitmapFromHBITMAP

ws2_32

closesocket
inet_pton
getaddrinfo
WSAStartup
send
socket
connect
recv
htons
freeaddrinfo

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8a93fc1f94b6919a6776d6d0151d04a352d30a8743d58ff9090d3def3c2aa571.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vrumgnjk
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

besfupvq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8ad2a922e44bb31dd225fb71a49fc9dfe9a9243a562a2ad9a2438f1730be3035.elf
.elf linux mipsbe
8b51c049ccff081f5c28687f9943d8d2bc359dec5c0a1d2ff82c0b76fbaf4761.ps1
.ps1
8b9be55bd762eeb846a0e06f3723ffe45c2f9987239ae62be931902b538f7cae.doc
.rtf .doc
8d0264dcd8fef6faafd4f9dc421681d707ab16b973c418cdfac6e8fa5414dc9b.elf
.elf linux x86
8dcf670df8f445e76567c9c4f0c42533bd2b803a272b30bbd1f990d76669f25a.elf
.elf linux
8dda66a34a941d1bb2c9ab9ab12cab7e891d8b8c6a340697f634960738eb682c.elf
.elf linux arm
8e59e63c053985a8553a063e09afad261e9cd0f4a40fafd333ea0b705c483573.exe
.exe windows:5 windows x86 arch:x86

67249dba00354a5d46556d718ee3a4c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
InterlockedDecrement
CreateDirectoryW
GetSystemDefaultLCID
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
8fd2101e6ed38b5546ed69a0acfe7ecda6f819e421f32939c5a7b56c74b92e2d.elf
.elf linux x86
9033b9abad982d94ad4172788694b6d365c7917cd3a9d5532a7507dc48b2df2a.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

smpehpwp
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uhpaxtwp
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
90a6ba467d076a793e439f162a28eefe4a9e6cc9629641a85f2ae6fef4457586.elf
.elf linux arm
90be291c1a034769826a779dd5deba007837381acae050f143ea8f528f54e177.elf
.elf linux ppc
90ecd9583b1c6a0ee7efb2938b696ce392a824554587b3ea0121eb1fece679cf.elf
.elf linux arm
91b03fbfec8d0fb1c1e6bb9ceb9893f26807c160809bcb8d71f2217960399e30.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
91ff4b06f7998bb1adb5e183e8b3440a5f7fa743190f31f58ddf3fada68e51e4.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

opmN.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 703KB - Virtual size: 702KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
921563ee385a90abbeee3359d823750bea3f208c6f2a9fcaf83afaf59329eee1.elf
.elf linux mipsbe
9216dc8ef5bb0e7c63e7b0ca92552709e322cbddead179e79f32d12f320bc459.exe
.exe windows:6 windows x86 arch:x86

e1ed1b87d365b2ea75670bba09649dc7

Code Sign

33:00:00:02:16:ca:38:9b:93:e0:c7:36:95:00:00:00:00:02:16
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27/03/2019, 19:21

Not After

27/03/2020, 19:21

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:80:92:56:4f:29:82:87:4f:9f:49:86:d8:2b:f8:26:44:2e:01:9d:f7:e7:33:d7:99:cd:d3:de:b0:00:27:8d
Signer

Actual PE Digest

07:80:92:56:4f:29:82:87:4f:9f:49:86:d8:2b:f8:26:44:2e:01:9d:f7:e7:33:d7:99:cd:d3:de:b0:00:27:8d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualFree
GetCurrentProcess
VirtualAlloc
GetModuleHandleA
GetProcAddress
ExitProcess
GetModuleHandleW
BuildCommDCBAndTimeoutsA
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetModuleHandleExW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
LCMapStringW
GetProcessHeap
DecodePointer

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
924d37ab763e5093673e647251deab171e2d03926ba159593e6352373c29de00.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
94eec427eb4580860fa0323f65ba29cdbd4a582307ca8d25678a6938daf85bf0.vbs
.vbs
96dc3568939a1f35a045108b3d417c5512341e592d0639d0c1f0efe21da76162.lnk
.lnk
9775b4bbe23b8eb93727efe0a6d0b160ae5132a10b223f43200499cf0051a18f.exe
.exe windows:6 windows x86 arch:x86

b49357ca9f479242c82cda47ccb11321

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:45

Not After

11/05/2023, 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:80:35:cd:5f:63:f0:7b:4b:3b:13:54:0a:ec:8b:55:5d:27:31:83:5c:1b:44:fe:72:dc:ed:36:95:7a:ce:b3
Signer

Actual PE Digest

4d:80:35:cd:5f:63:f0:7b:4b:3b:13:54:0a:ec:8b:55:5d:27:31:83:5c:1b:44:fe:72:dc:ed:36:95:7a:ce:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\exe\Win32\Release\TcpView.pdb

Imports

kernel32

CreateThread
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetTickCount64
FileTimeToSystemTime
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
GetConsoleCP
lstrcmpiW
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetCPInfo
LCMapStringEx
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetStringTypeW
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
OpenProcess
ExitProcess
VerifyVersionInfoW
lstrcmpW
VirtualQuery
SetPriorityClass
SetThreadPriority
GetCurrentThread
CreateDirectoryW
VerSetConditionMask
GetNumberFormatEx
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
TrySubmitThreadpoolCallback
VirtualAlloc
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetThreadId
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
TerminateProcess
EnterCriticalSection
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
WritePrivateProfileStringW
GetPrivateProfileStringW
WriteConsoleW
GetPrivateProfileIntW
GetFileAttributesW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
TlsFree
SetLastError

user32

RemoveMenu
AppendMenuW
GetSubMenu
CreatePopupMenu
LoadMenuW
LoadAcceleratorsW
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
DrawEdge
GetMenuInfo
LoadStringA
LoadIconW
SetRectEmpty
MonitorFromPoint
MessageBoxW
LockWindowUpdate
GetMenuItemInfoW
TrackPopupMenuEx
ModifyMenuW
GetMenuItemCount
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
DialogBoxParamW
SetMenuInfo
SetMenuDefaultItem
MessageBeep
GetCursorPos
RegisterWindowMessageW
WindowFromPoint
GetWindowThreadProcessId
SendMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
SetCursor
CheckMenuRadioItem
EnableWindow
SetScrollInfo
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
LoadStringW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
GetSysColorBrush
InflateRect
LoadCursorW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
GetMenuItemID
DestroyIcon
DrawIconEx
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
GetWindowTextW
GetWindowTextLengthW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
GetSystemMetrics
IsWindowEnabled
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetParent
SetWindowLongW
GetWindowLongW
GetClientRect

gdi32

ExcludeClipRect
CreatePatternBrush
PatBlt
SetBrushOrgEx
CreateBitmap
CreateDIBSection
GetCurrentObject
Polyline
TextOutW
MoveToEx
SetTextAlign
Rectangle
LineTo
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateSolidBrush
GetObjectW
SetTextColor
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetBkColor
ExtTextOutW
SetBkMode
CreateFontIndirectW

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

advapi32

ControlTraceW
RegCreateKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegGetValueW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
ProcessTrace
OpenTraceW
RegCloseKey
StartTraceW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
ExtractIconExW
ExtractIconW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
InitCommonControlsEx
ImageList_Draw

uxtheme

SetWindowTheme
IsThemeActive
IsAppThemed

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

iphlpapi

GetOwnerModuleFromTcpEntry
GetExtendedUdpTable
GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromUdp6Entry
SetTcpEntry
GetExtendedTcpTable

ws2_32

getservbyport
gethostname
socket
send
WSAGetLastError
htons
connect
closesocket
ntohs
getaddrinfo
freeaddrinfo
GetNameInfoW
WSAStartup
recv

tdh

TdhGetPropertySize
TdhGetEventInformation

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
978fe03e095affb7381de4670ffc02fa363129c9e556386d9472346e47cdec3e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:fd:49:10:fb:1b:4b:6b:bd:45:d2:e9:e6:8f:fd:c3:fe:e9:1c:57:cd:5f:b0:b8:8e:b5:ae:84:b7:c1:5a:c6
Signer

Actual PE Digest

4a:fd:49:10:fb:1b:4b:6b:bd:45:d2:e9:e6:8f:fd:c3:fe:e9:1c:57:cd:5f:b0:b8:8e:b5:ae:84:b7:c1:5a:c6

Digest Algorithm

sha256

PE Digest Matches

false

7f:19:ce:b1:ba:4a:28:29:20:bc:83:af:79:53:a3:91:26:95:cf:a4
Signer

Actual PE Digest

7f:19:ce:b1:ba:4a:28:29:20:bc:83:af:79:53:a3:91:26:95:cf:a4

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
98c1d99430f13fc6d0aecdc671352a67d9bdd3045621beb5b8ce2595b7e261fb.elf
.elf linux arm
98e8e0db973bc25a314918fb3065778f16821978fd9dbbf067ead453b4ad8b00.elf
.elf linux arm
9911129661bce9c536c1232b12b2aa19501d9dfae099c146d25308c7bb6839ac.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nlyzwaah
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

lkbejoib
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9a3e5baf097ea6a7c888004c347dbbb8192a5c904545711080fa392c6d9bc737.elf
.elf linux arm
9a6f5a1bda6fe4c8c596e025cd42e04911e01be388b3bda780279f92c0ef4f23.exe
.exe windows:5 windows x86 arch:x86

8f1805f3ae545b0e731cb9cff13122c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bidahacofubiz\tosihot.pdb

Imports

kernel32

GetComputerNameA
GetFileSize
GetLocaleInfoA
GetConsoleAliasExesA
GetDriveTypeW
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
AddConsoleAliasW
CreateDirectoryExA
GetModuleHandleW
GetTickCount
GetNumberFormatA
ReadConsoleW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
SetLastError
GetProcAddress
VirtualAlloc
HeapSize
SetComputerNameA
VerLanguageNameW
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextChangeNotification
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
AreFileApisANSI
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
HeapReAlloc
SetStdHandle
RtlUnwind
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CreateFileA
CloseHandle

user32

IsWindowEnabled
CharUpperBuffW

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9a9fca86ace03e85ad701745b721c753d4f7e7d602d3c22155bfcb895a15b871.elf
.elf linux arm
9af2a7d6a9fa291edae02f24dd0213900ab45d266f57a7de431479c38793a57b.elf
.elf linux arm
9b5d43208622a92db4dddf29bbac0d0a468e0e78565da10363ec7b3654c98a79.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:dc:31:ab:a2:53:bc:ce:7c:61:a4:1e:fc:ce:e9:ba:2d:74:cb:7f:b7:69:40:1d:14:0b:46:ee:06:06:13:ed
Signer

Actual PE Digest

48:dc:31:ab:a2:53:bc:ce:7c:61:a4:1e:fc:ce:e9:ba:2d:74:cb:7f:b7:69:40:1d:14:0b:46:ee:06:06:13:ed

Digest Algorithm

sha256

PE Digest Matches

false

22:1f:21:90:d2:13:35:ae:ee:42:55:b3:87:a7:68:ca:08:dc:a8:8e
Signer

Actual PE Digest

22:1f:21:90:d2:13:35:ae:ee:42:55:b3:87:a7:68:ca:08:dc:a8:8e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 738KB - Virtual size: 737KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9bf4636e2be3154a2c956982b1e547b7206b73bce86a42ce6573404c1773ce40.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9c051c1f0938d57caab88ddf7c68456838889f84907436aa6dbf50b1e35ea6ab.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lPJw.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 647KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9c20710607760934fbc59a5b6e60ff8ba2441b6f5ab2de182bca1e18209e9150.exe
.exe windows:5 windows x86 arch:x86

8f1805f3ae545b0e731cb9cff13122c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\tadetigesi_tuzuvum\jakaje75 batefohakododu38\domeha.pdb

Imports

kernel32

GetComputerNameA
GetFileSize
GetLocaleInfoA
GetConsoleAliasExesA
GetDriveTypeW
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
AddConsoleAliasW
CreateDirectoryExA
GetModuleHandleW
GetTickCount
GetNumberFormatA
ReadConsoleW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
SetLastError
GetProcAddress
VirtualAlloc
HeapSize
SetComputerNameA
VerLanguageNameW
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextChangeNotification
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
AreFileApisANSI
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
HeapReAlloc
SetStdHandle
RtlUnwind
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CreateFileA
CloseHandle

user32

IsWindowEnabled
CharUpperBuffW

Sections

.text
Size: 277KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9cf2f0dd81ebd23d87f5ab55cf9980f1edd3b605c61032460085668685bfdb18.elf
.elf linux arm
9d521333a79d744ede01a133eded8bf562e739bc93af8695acf2342d96f80d99.dll
.dll windows:5 windows x86 arch:x86

6f8e15e476c783b4975094c644e04e09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mpr

WNetEnumResourceW

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

ws2_32

WSAIoctl

shell32

Shell_NotifyIconW

user32

CopyImage

version

GetFileVersionInfoSizeW

oleaut32

SafeArrayPutElement

advapi32

RegSetValueExW

netapi32

NetWkstaGetInfo

kernel32

GetVersion
GetVersionExW

wsock32

gethostbyaddr

ole32

CreateBindCtx

gdi32

Pie

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
rwhwxwuopoyf

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 36KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oclnzfe
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.oclnzfe
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oclnzfe
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 519KB - Virtual size: 518KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9e31a71a7c453bfce6b1ddf343b056cfbfc89ae83c5c5529d90949161ab1e9fa.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 658KB - Virtual size: 657KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9ed76d0cdb1f2b686adb7739764e2bdde84c7497b753cdd92ebefd5efea9b378.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gcaovohn
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gxqdirrb
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9f121f9e36a53eb08ff86c94cf9678245d0c1d56670118d44351bea52e74aec7.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jqngduam
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kbulycau
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9f708fc26f51a62c4255027c9e07cdc9c885c0453da450735795153ae33f0366.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 499KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a03e517dd3772d7f304c77676c7cb50e5dbf146d67a4812eb2bf7ec9a9641520.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a0c35404de8e296472b68d8d640c1b172055cd7837909907ac45c4ed05c88a43.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a1202666a62552fbf51b0d663dc805924493ff890dbda7334ebea8e5eca72b22.elf
.elf linux arm
a1383e7c1792265d27f29314f059c9d7e04ca8621177f9e6263d7c5b7238b292.tar
.rar
a25788e0fb0fd993fa396565fc7c8013dd70651443df2f7dc77c56ad6f07bdc8.exe
.exe windows:6 windows x64 arch:x64

c595f1660e1a3c84f4d9b0761d23cd7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

_hUhIMdKDEeiNNfqf

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 618KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 650KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a3259c28c735b4fc77af61b4d5e2331bfb2ca8e6fc9be6fea650f01c5ac54eb8.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qmylarsc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

hpulawbf
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a32812ea87167fe0a9275823f6c873984de4dc7ece43895f02a175826aeecdce.xlsx
.xls .pdf windows office2003 polyglot
a43e9ac03c240047c8a01173a8f0f50bbc27994eca0e38e2681145f814055db3.elf
.elf linux x86
a510274771924b5532277575790faef750bbbb8cccd6cd773bdb7b1572150647.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Exports

Exports

naxiaesmPdvPpCom

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a55628b337014f62bdf0c4de46c63cdc03498d9da2c673218864412605d2c890.elf
.elf linux
a6360cf07cce2f6d339ac7db526fdbd78c3c4f50bdeacd080aac981f502dbd17.elf
.elf linux arm
a647913c3915c9a849bee272e91b5dbde205999505b5314661c2641a5e7c51a9.elf
.elf linux ppc
a73d853722187c24804ed6c63419904345573d844c10758dd7bb5048e6651835.elf
.elf linux arm
a767c0c30faba825d97128a282fce59e2288bee3b53eccf656432c04e9cfdf9c.elf
.elf linux arm
a79fbf1f6682f02689ef3400ff89f2c960b595b7498af36fb1a418fa0e7e0549.exe
.exe windows:4 windows x64 arch:x64

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a7af97c998a9aedc561b64a17d3b9582f7708c0ee02c338458038112d5333438.exe
.exe windows:6 windows x86 arch:x86

156fb482678b8d0717264eef65d4d3c1

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:8b:85:78:e4:21:83:fd:1f:84:cf:04
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

16/06/2023, 06:32

Not After

21/07/2025, 13:59

Subject

SERIALNUMBER=1086168004669,CN=ROSTPAY LLC,O=ROSTPAY LLC,STREET=Dolomanovsky lane\, 70D apt.1(10th floor),L=Rostov-on-Don,ST=Rostov Oblast,C=RU,1.2.840.113549.1.9.1=#0c12737570706f727440726f73747061792e7275,1.3.6.1.4.1.311.60.2.1.2=#130d526f73746f76204f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:6f:e9:c3:2f:46:f2:d4:3e:e9:85:bc:d5:76:54:3f:13:da:a4:77:63:12:af:eb:2b:e3:3c:c9:5b:5b:e4:51
Signer

Actual PE Digest

a1:6f:e9:c3:2f:46:f2:d4:3e:e9:85:bc:d5:76:54:3f:13:da:a4:77:63:12:af:eb:2b:e3:3c:c9:5b:5b:e4:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bcrypt

BCryptCreateHash
BCryptFinishHash
BCryptEncrypt
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptDestroyHash
BCryptGenRandom
BCryptDestroyKey
BCryptDeriveKeyPBKDF2
BCryptSetProperty
BCryptGetProperty
BCryptGenerateSymmetricKey

winhttp

WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpSendRequest
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen

kernel32

WaitForSingleObjectEx
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
SetEndOfFile
GetFullPathNameW
FindFirstFileExW
CreateDirectoryW
GetCurrentDirectoryW
FormatMessageA
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
GetUserDefaultUILanguage
EncodePointer
DecodePointer
CompareStringEx
LCMapStringEx
SetThreadLocale
IsBadStringPtrA
IsBadReadPtr
QueryPerformanceFrequency
QueryPerformanceCounter
GetLogicalDriveStringsW
GetDriveTypeW
FindNextFileW
CreateThread
WaitForMultipleObjects
CopyFileW
CreateEventW
SetEvent
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
GetNativeSystemInfo
GetVersionExW
IsDebuggerPresent
GetEnvironmentVariableW
OutputDebugStringW
GetTempFileNameW
GetLongPathNameW
FindFirstFileW
FindClose
GetCurrentProcessId
GetTempPathW
GetCommandLineW
RtlUnwind
LoadLibraryExW
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentThread
Sleep
TryEnterCriticalSection
RaiseException
GetSystemTimeAsFileTime
CreateMutexW
GetThreadLocale
GetLocaleInfoW
GetACP
EnumResourceNamesW
FormatMessageW
SetErrorMode
SetCurrentDirectoryW
GlobalFree
GlobalHandle
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
FreeLibrary
GetCurrentThreadId
ExitProcess
SetLastError
MulDiv
ReadConsoleOutputCharacterA
SetConsoleCursorPosition
InitializeSRWLock
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
WriteConsoleW
WriteConsoleA
AttachConsole
FreeConsole
GetStdHandle
GetModuleFileNameW
WideCharToMultiByte
SetFilePointerEx
ReadFile
GetFileTime
GetFileSizeEx
LocalFree
GetTickCount
WriteFile
GetFileType
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
OpenProcess
TerminateProcess
GetProcAddress
GetModuleHandleW
IsWow64Process
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetLastError
CloseHandle
FindResourceW
SizeofResource
LockResource
LoadResource
ExpandEnvironmentStringsW
FreeLibraryAndExitThread
GetTimeZoneInformation
SetStdHandle
FlushFileBuffers
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
HeapFree
HeapReAlloc
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCommandLineA
GetProcessHeap
IsProcessorFeaturePresent
HeapSize

user32

CreateAcceleratorTableW
DestroyCursor
SetMenuItemInfoW
InsertMenuItemW
SetMenuInfo
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetSubMenu
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
ValidateRect
PostThreadMessageW
GetMessageW
GetClassNameW
MessageBeep
GetWindowTextW
SetActiveWindow
HideCaret
GetWindowTextLengthW
DestroyAcceleratorTable
IsMenu
GetComboBoxInfo
DrawIconEx
SetRectEmpty
SetRect
DrawStateW
DestroyIcon
DrawFocusRect
DrawTextW
CreateIconIndirect
GetWindowDC
BeginPaint
EndPaint
UnionRect
GetDesktopWindow
ChildWindowFromPoint
DrawEdge
DrawFrameControl
CheckMenuItem
GetMenuItemID
CheckMenuRadioItem
RegisterClipboardFormatW
GetClipboardFormatNameW
wsprintfW
ChangeDisplaySettingsExW
EnumDisplaySettingsW
MonitorFromPoint
EnumDisplayMonitors
TranslateAcceleratorW
GetDoubleClickTime
GetCaretBlinkTime
ValidateRgn
keybd_event
IsRectEmpty
GetIconInfo
SetTimer
LoadIconW
LoadBitmapW
FindWindowExW
SetMenu
PostMessageW
RegisterWindowMessageW
GetMonitorInfoW
MonitorFromWindow
GetSysColorBrush
CopyRect
SetWindowRgn
GetDlgItem
CreateDialogParamW
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
IsDialogMessageW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
GetParent
PtInRect
InflateRect
FillRect
GetSysColor
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetWindowRect
GetClientRect
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
IsClipboardFormatAvailable
AdjustWindowRectEx
ShowCursor
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
DdeClientTransaction
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeGetLastError
DdeCreateStringHandleW
DdeQueryStringW
DdeFreeStringHandle
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
AnimateWindow
IsWindow
CallWindowProcW
PostQuitMessage
MsgWaitForMultipleObjects
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
PeekMessageW
DispatchMessageW
TranslateMessage
ReleaseDC
GetDC
SetWindowLongW
GetWindowLongW
SetWindowTextW
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
GetDialogBaseUnits
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
KillTimer
LoadImageW
IsIconic
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindowEx
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
CreateWindowExW
DefWindowProcW
SendMessageW
LoadCursorW
GetProcessDefaultLayout
MessageBoxW
UnregisterClassW
RegisterClassW
GetKeyState
OffsetRect

gdi32

SetPolyFillMode
StretchBlt
StretchDIBits
SetROP2
SetStretchBltMode
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
ExtTextOutW
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
GetBkColor
LineTo
MoveToEx
GetTextExtentPoint32W
CombineRgn
EqualRgn
GetRgnBox
PtInRegion
RectInRegion
CreatePalette
GetNearestPaletteIndex
SetPixel
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentExPointW
CreateICW
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
CreateDCW
GetSystemPaletteEntries
SetViewportOrgEx
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
EnumFontFamiliesExW
SetAbortProc
StartDocW
EndDoc
StartPage
EndPage
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
ExtSelectClipRgn
RoundRect
SelectClipRgn
Rectangle
PolyPolygon
Pie
MaskBlt
GetPixel
GetObjectType
GetClipBox
ExtFloodFill
Ellipse
Arc
ExtCreatePen
CreatePen
CreateFontIndirectW
DeleteObject
GetDeviceCaps
GetOutlineTextMetricsW
SelectObject
GetTextMetricsW
CreateRectRgn
ExcludeClipRect
RealizePalette
SetBrushOrgEx
SelectPalette
GdiFlush
ExtCreateRegion
GetRegionData
OffsetRgn
GetObjectW
BitBlt
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
SetBkColor
SetBkMode
SetTextColor
CreateSolidBrush
GetGraphicsMode
GetViewportExtEx
GetWindowExtEx
CreateHatchBrush
GetPaletteEntries
GetStockObject
CreatePatternBrush

comdlg32

GetOpenFileNameW
PageSetupDlgW
PrintDlgW
CommDlgExtendedError
ChooseFontW
GetSaveFileNameW

winspool.drv

GetPrinterW
DocumentPropertiesW
ClosePrinter
OpenPrinterW

shell32

SHGetFolderPathW
CommandLineToArgvW
ord6
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
ExtractIconExW
ExtractIconW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteExW
ShellExecuteW

shlwapi

SHAutoComplete
PathMatchSpecW
AssocQueryStringW

comctl32

ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_ReplaceIcon
ImageList_Copy
ImageList_GetImageInfo
ImageList_GetIconSize
ImageList_Remove
ImageList_Replace
ImageList_Draw
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
ord16
ord17

ole32

CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
OleInitialize
RevokeDragDrop
OleSetContainedObject
CoUninitialize
OleRun
OleLockRunning
CoLockObjectExternal
RegisterDragDrop
ReleaseStgMedium
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard
OleUninitialize

oleaut32

SysFreeString
SafeArrayCreate
SafeArrayDestroy
SafeArrayPtrOfIndex
VariantInit
SysStringLen
VariantClear
SafeArrayUnlock
SafeArrayLock
VarBstrFromCy
SafeArrayGetVartype
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString

rpcrt4

UuidToStringW
RpcStringFreeW

advapi32

GetUserNameW
RegEnumValueW
RegEnumKeyW
RegDeleteKeyW
GetSecurityInfo
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

oleacc

LresultFromObject

uxtheme

GetThemeMargins
GetCurrentThemeName
GetThemeBackgroundExtent
IsThemePartDefined
SetWindowTheme
GetThemeSysFont
GetThemeSysColor
GetThemeInt
GetThemePartSize
GetThemeFont
IsAppThemed
IsThemeActive
CloseThemeData
DrawThemeParentBackground
GetThemeColor
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundContentRect
DrawThemeBackground
OpenThemeData

msimg32

AlphaBlend
GradientFill

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a7d48d56800f68f5254b7a97d7c0f2392845279043b272dfb15f5e9870c6dc03.elf
.elf linux arm
a7d7918287e20b0dba642c291b6e7efc6e73222cf5ed02254926b898c9107d5f.exe
.sys windows:10 windows x64 arch:x64

a70a3819f8d617b6088df0625740b273

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Jojo0604\Desktop\kernel\x64\Release\kernel.pdb

Imports

ntoskrnl.exe

IoGetCurrentProcess
ObfDereferenceObject
KeAttachProcess
KeDetachProcess
PsLookupProcessByProcessId
ZwAllocateVirtualMemory
ZwFreeVirtualMemory
MmCopyVirtualMemory
PsGetProcessSectionBaseAddress
ZwProtectVirtualMemory
MmHighestUserAddress
DbgPrintEx
ExAllocatePool
ExFreePoolWithTag
IofCompleteRequest
ZwClose
ZwOpenKey
ZwQueryValueKey
RtlRandomEx
ObReferenceObjectByName
IoDriverObjectType
RtlInitUnicodeString
RtlCompareUnicodeString
RtlGetVersion
MmUnmapIoSpace
MmMapIoSpaceEx
ZwSetValueKey
MmCopyMemory
PsGetProcessPeb

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 61B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
a867246ca9e6959a27249acaab06e9b0755f3a8249735a91e92c93a08e61c29c.exe
.exe windows:6 windows x86 arch:x86

d716233fa9e0a1b9e5f58fbed8dcbfa9

Code Sign

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9
Certificate

Issuer

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

Not Before

23/11/2023, 09:28

Not After

24/11/2033, 09:28

Subject

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:b2:3f:1c:79:52:eb:de:f3:a6:41:e9:fd:25:56:60:6b:f4:66:58:64:c9:55:21:b8:a4:42:46:42:68:a5:5d
Signer

Actual PE Digest

69:b2:3f:1c:79:52:eb:de:f3:a6:41:e9:fd:25:56:60:6b:f4:66:58:64:c9:55:21:b8:a4:42:46:42:68:a5:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfA

gdi32

CreateCompatibleBitmap

advapi32

CredEnumerateA

shell32

ShellExecuteA

ole32

CoInitializeEx

ws2_32

WSAStartup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdiplusStartup

setupapi

SetupDiEnumDeviceInterfaces

ntdll

RtlUnicodeStringToAnsiString

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.^_][&u�
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.^_][&u�
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.^_][&u�
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpyÜ+
Size: - Virtual size: 980KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpyÜ+
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpyÜ+
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 130KB - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
aa1169180af01000df2cdecdd024ef7d5e012c36d38efcdde52f8f02026352da.elf
.elf linux mipsbe
aa11e9d5b84487e28b0e003406b3a8d3d595ed9a9f1234a567548fa57aa06ce1.exe
.dll windows:6 windows x64 arch:x64

1d3ae125c9fa70b475946ee6ae658c12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetModuleHandleW
VirtualQuery
DisableThreadLibraryCalls
GetCurrentThread
CloseHandle
ExitProcess
SetEndOfFile
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetProcAddress
IsValidCodePage
HeapReAlloc
ReadConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
QueryPerformanceFrequency
GlobalUnlock
FlsAlloc
HeapAlloc
HeapFree
GetConsoleMode
WideCharToMultiByte
GlobalLock
GlobalAlloc
GlobalFree
GetACP
MultiByteToWideChar
GetConsoleOutputCP
WriteFile
FlushFileBuffers
GetFileType
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
Sleep
InitOnceComplete
InitOnceBeginInitialize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetSystemTimeAsFileTime
WakeAllConditionVariable
SleepConditionVariableSRW
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ReadFile
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
RtlUnwind

user32

CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
OpenClipboard
CallWindowProcW
SetWindowLongPtrW
GetAsyncKeyState
SetWindowLongW
MessageBoxA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ace9e8a629f6ba8882afc43198dc9f7e6bf3b723140c2ed28ad36cf2f5786c93.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Documents\Vault 1\Sources\OuterDLL\obj\Debug\System.IO.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ad1bf6351e725b287a487eeeb93215733496f3850e4fe87ad3c2896c65576cb4.elf
.elf linux arm
adbe65c8b7499ffb421e092b9842fd7fc4195054ed184fde05a947748c9e7c2c.doc
.rtf .doc
ae737e58b8b0194fcbbf6d697368acb3bbd3dd7a91ea0add1da9efd4ddc65977.xlsx
.xlam .xlsx office2007

ThisWorkbook

Masking

Obfuscate

Sheet4

SharedCode

Sheet5

SampleData

shared_clean

frmCustomClean

frmOptions

CleanCombine
b16c9c6b0d2c5e04fd3d3bcfb9f9a8712502b99a1fea9edf9a2ff1dd1cc8ed41.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 642KB - Virtual size: 642KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b177a2a767059163922ef4e7fbe904bd2015e5e00052ef76eb5854f0179b17d3.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/12/2021, 00:00

Not After

08/01/2025, 23:59

Subject

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:bf:15:2d:ea:f0:b9:81:a8:a9:38:d5:3f:76:9d:b8
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/12/2021, 00:00

Not After

08/01/2025, 23:59

Subject

CN=philandro Software GmbH,O=philandro Software GmbH,L=Stuttgart,ST=Baden-Württemberg,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:53:36:33:d5:96:cf:e1:1b:00:5b:b4:cd:8d:a7:7a:bd:7a:11:fc:38:61:6c:93:e1:cd:24:8d:88:cd:77:18
Signer

Actual PE Digest

32:53:36:33:d5:96:cf:e1:1b:00:5b:b4:cd:8d:a7:7a:bd:7a:11:fc:38:61:6c:93:e1:cd:24:8d:88:cd:77:18

Digest Algorithm

sha256

PE Digest Matches

false

9e:e5:5c:79:10:59:3b:74:0d:e4:bb:fe:d4:9e:54:88:69:59:68:0e
Signer

Actual PE Digest

9e:e5:5c:79:10:59:3b:74:0d:e4:bb:fe:d4:9e:54:88:69:59:68:0e

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MNJUIN987.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 354B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b17ff464ca31bd51f967f1dbf79737466fe3165f251c7e19a48a07eb03b3a1eb.elf
.elf linux x86
b25e0f52dc61ee0a114de10fd27d6783c6910b8f34616f9ea9ef04fd6649bb3c.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aELl.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b38cd79476d02cd0203566b46589befe82d8f88b85a4aaf361007aaf5aeffef6.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b3bbdddaf36399bc81f20b5740fd663ba9d085b73d97d8410acd52d6af273748.elf
.elf linux sparc
b425d419b3c6bafe0bf7d6fbd92832942f1f77eed32625715a551550b5d02dda.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
b475bbe8df1e693355babceffa61f6411f8eacc029fa3b0df1e53dba350d2e62.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jwzurfak
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uueegrrg
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b4c0af25d74cc62a4cdeeac0a7b19c6f2944fb9596e46908410b90bf540fa1a6.exe
.exe windows:5 windows x86 arch:x86

eb8c844ad14da407481e1c81cd466558

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
WriteConsoleOutputCharacterA
InterlockedDecrement
GetSystemDefaultLCID
GetConsoleAliasesLengthA
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
CreateDirectoryA
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b50becdb79b109e85caa4f588343fdd7e96152f4e23f40ad213a0336118bc87b.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

awogigmw
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

nkfwixkm
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b5ab87692109c072cc277246e957ab32cfce6973f9f06c609ba51b53114cce51.apk
.apk android

com.kawendrazpax

com.lololo.MainActivity

Activities

com.lololo.MainActivity

android.intent.action.MAIN

Permissions

android.permission.SYSTEM_ALERT_WINDOW
android.permission.RECEIVE_BOOT_COMPLETED
android.permission.SET_WALLPAPER

Receivers

com.lololo.BootReceiver

android.intent.action.BOOT_COMPLETED

Services
b67c4d34cbbf5b0e1c723caf9f57f5cf16926bbb42358f6456dd6aa60472f70c.ace
.ace
b6cd1f6205a17905609ce2e082a3d4552af2023c434d3f05df371adb2c5987e4.elf
.elf linux mipsbe
b82adeb64feb86d3db0d37c4349b349b41ddf16b865ed980a115a9a2952f5b7f.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b8abb9661b5320f40059055bcc8f5d22259ea3ec4f8b4d0eb91523418489bcf3.elf
.elf linux arm
b919be4df2b321304c804b9af68e6c5da6c03a821381c30cfc2d9d0fb042e0d1.exe
.exe windows:6 windows x86 arch:x86

f494e9bb2753c3b395b9806eb5f3c320

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CallWindowProcA
GetDlgItemTextA
wsprintfA
MessageBoxA
LoadCursorA
GetActiveWindow
CheckDlgButton
SetWindowLongA
GetClassInfoA

kernel32

GetStdHandle
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
VirtualProtect
VirtualAlloc
LoadLibraryA
GetProcAddress
lstrlenW
CreateThread
Sleep
WaitForSingleObject
FreeConsole
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
FlushFileBuffers
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
DecodePointer
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.EDyw2
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

main
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ
b9b4673ff9380064701fa96554ee5d36f701e036b8f76c5585f6767854889105.elf
.elf linux ppc
babcc9014b04c955a174b143bd9165f0e2c6cd77e26f5ab082986fc0313b2312.elf
.elf linux x64
bbc92bd6cc74a9d31400a6d2421760e9e86e6612513c964652327c9fecc2f357.elf
.elf linux arm
bc5eea66e42ed9ccc98b9692c4b5e5c198b1bed42052f696c2161789a4fdba25.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 752KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c3540a76dd237e9df12b0aef03a65b95dbcc67ed59e4720cb2c9ae065c2564ae.exe
.exe windows:6 windows x64 arch:x64

c595f1660e1a3c84f4d9b0761d23cd7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
AddVectoredContinueHandler
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateSemaphoreA
CreateThread
CreateWaitableTimerExW
DeleteAtom
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FindAtomA
FormatMessageA
FreeEnvironmentStringsW
GetAtomNameA
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetErrorMode
GetHandleInformation
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStartupInfoA
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
RaiseFailFastException
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetLastError
SetProcessAffinityMask
SetProcessPriorityBoost
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WerGetFlags
WerSetFlags
WideCharToMultiByte
WriteConsoleW
WriteFile
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthread
_beginthreadex
_cexit
_commode
_endthreadex
_errno
_fmode
_initterm
_lock
_memccpy
_onexit
_setjmp
_strdup
_ultoa
_unlock
abort
calloc
exit
fprintf
fputc
free
fwrite
localeconv
longjmp
malloc
memcpy
memmove
memset
printf
realloc
signal
strerror
strlen
strncmp
vfprintf
wcslen

Exports

Exports

_hUhIMdKDEeiNNfqf

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8.2MB - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 618KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 650KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c36d9a5680ece3f4ceb44ed997961422d13e6b7eba7ea1d678a0efc561934194.exe
.exe windows:5 windows x86 arch:x86

67249dba00354a5d46556d718ee3a4c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
InterlockedDecrement
CreateDirectoryW
GetSystemDefaultLCID
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c53c627eddfb4635d0437c6fffa45d006077828b3d6f5bac0278210993a2bd42.exe
.exe windows:5 windows x64 arch:x64

1af6c885af093afc55142c2f1761dbe8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

CreateWindowExW
MessageBoxW
MessageBoxA
SystemParametersInfoW
DestroyIcon
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect
InvalidateRect
ReleaseDC
GetDC
DrawTextW
GetDialogBaseUnits
EndDialog
DialogBoxIndirectParamW
MoveWindow
SendMessageW

comctl32

ord380

kernel32

IsValidCodePage
GetStringTypeW
GetFileAttributesExW
HeapReAlloc
FlushFileBuffers
GetCurrentDirectoryW
GetACP
GetOEMCP
GetModuleHandleW
MulDiv
GetLastError
SetDllDirectoryW
GetModuleFileNameW
CreateSymbolicLinkW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
GetCPInfo
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetEndOfFile
SetEnvironmentVariableW
RtlUnwindEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

advapi32

OpenProcessToken
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW

gdi32

SelectObject
DeleteObject
CreateFontIndirectW

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c5eb4b11939c2f9f2a3500a1d21bd78b2b833e7df6f649277bf9a7fe2b3e702d.elf
.elf linux
c5ecd6e577a5d23ff40d46ff91bb23f44739a6643944da257e6b89da6822dbf2.unknown
c5fc537060561b1860ac757f31b3dc86f22efab2c5186569f997ecd83fedf697.exe
.dll windows:6 windows x64 arch:x64

3eb70f83441fc8632e81bd6eb89f424d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Mktmp\StealerDLL\x64\Release\STEALERDLL.pdb

Imports

crypt32

CryptUnprotectData

kernel32

GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetHandleInformation
FindFirstFileA
Wow64DisableWow64FsRedirection
K32GetModuleFileNameExW
FindNextFileA
CreatePipe
PeekNamedPipe
lstrlenA
FindClose
GetCurrentDirectoryA
lstrcatA
OpenProcess
SetCurrentDirectoryA
CreateToolhelp32Snapshot
ProcessIdToSessionId
CopyFileA
Wow64RevertWow64FsRedirection
Process32NextW
Process32FirstW
CreateThread
CreateProcessA
CreateDirectoryA
WriteConsoleW
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
EnterCriticalSection
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
SetFilePointer
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetStdHandle
GetCurrentDirectoryW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InitializeSListHead
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleFileNameW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetStdHandle

advapi32

GetSidSubAuthorityCount
RegEnumValueW
RegEnumKeyA
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyA
RegQueryValueExA
GetSidIdentifierAuthority
GetSidSubAuthority
GetUserNameA
RegEnumKeyExW
LookupAccountNameA
RegOpenKeyExA

shell32

SHGetFolderPathA
SHFileOperationA

wininet

HttpOpenRequestA
InternetWriteFile
InternetReadFile
InternetConnectA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
HttpAddRequestHeadersA
HttpSendRequestExW
HttpEndRequestA
InternetOpenW

bcrypt

BCryptOpenAlgorithmProvider
BCryptSetProperty
BCryptGenerateSymmetricKey
BCryptDecrypt

Exports

Exports

Main
Save

Sections

.text
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c6b066e441a2740f87cfa1e2a8da69a5dc7814411088d3f69c4d9fe9d2bf2ce4.exe
.exe windows:5 windows x86 arch:x86

8f1805f3ae545b0e731cb9cff13122c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\pawuk\bimafelexa\9\norecuyemi50\zohejusig.pdb

Imports

kernel32

GetComputerNameA
GetFileSize
GetLocaleInfoA
GetConsoleAliasExesA
GetDriveTypeW
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
AddConsoleAliasW
CreateDirectoryExA
GetModuleHandleW
GetTickCount
GetNumberFormatA
ReadConsoleW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
SetLastError
GetProcAddress
VirtualAlloc
HeapSize
SetComputerNameA
VerLanguageNameW
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextChangeNotification
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
AreFileApisANSI
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
HeapReAlloc
SetStdHandle
RtlUnwind
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CreateFileA
CloseHandle

user32

IsWindowEnabled
CharUpperBuffW

Sections

.text
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c70f9b94806694a6376ff44967ea1fcadb966d436e49cc04c32aa9b828360acd.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 841KB - Virtual size: 841KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c755138ad63de80e55ad0c99049151cb918ed6d2346335b5ee39beb0326388e8.elf
.elf linux mipsel
c846901a49c2366de9e754a6ca741a8dcaf5ce6a927dc2b32fff40ae321b06ff.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qxnhunbx
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aamiazsq
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
c8a9f3b12d51e82c1ab43029692101fe781588293f4d5d7f3b8db3de3459f165.elf
.elf linux arm
c8cbfff1ed87fed6640c19321e3a2830b15b5128c9f36b8f4eb7462564571f31.elf
.elf linux x86
c8ff44d83e4e95fe4b651a3b2c12aea8e3082688615fdf865f0a01de484910d0.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ekwhlpev
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dgdbtsiq
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ca3360876db9e17e370834dfd15fe90158eeeb1f7f1a393521fe87b9260d7a8a.elf
.elf linux x86
cb73e07858153e932d99a255cb5e86828dcc15d30f3cb75d18660bff5a319b6d.vbs
.vbs
cc3501048481f0cb1b33fe20a7ac827fb42d6f4365c04d83463f2e1eddd04e18.elf
.elf linux arm
cc7d30067401f6969ead8a72184ba73a47be7faf7be5464464315ec9cecd5932.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Windows\Containers\Projects\Project322024\obj\Debug\Project322024.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cc99fe70f47eddcfae497ecd54353a8d444bcbbdffb9d5fa7122a94c783decd4.img
.iso
cd028814c71e945fca0583d534ae014460d9225ead5a998f8fb84c4b31955dca.elf
.elf linux mipsbe
cead66747d9b5e8fdc9600e665c9d44d099a6600cd27df25bc9a2de15884f1f3.elf
.elf linux arm
cef570542198bfab9319da2c3068da34484f72d77e5437f3f0592d26b26aaf69.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cf417e0fb68f16d3f403257000cc7af0916adf12eed35db03139c9c468b1203e.elf
.elf linux mipsel
cfc3263e2f161d833b591666dee425b2e8b62d708c39b362b500512441119ca9.elf
.elf linux arm
cfc804c7fea469061d40fa067369c0f422ef9ddc4444880ab6e532a815755f67.exe
.exe windows:4 windows x64 arch:x64

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d0ccfefffd4ef338a7f0544462a2d3c572e90ce211df0aee17d3ffb04c39d62a.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0f:02:49:2a:cf:fb:d0:a0:07:cc:79:4f:74:b2:4c:af:1a:94:a3:3f:e7:71:7b:0a:c5:c6:0a:a3:83:fe:ad:63
Signer

Actual PE Digest

0f:02:49:2a:cf:fb:d0:a0:07:cc:79:4f:74:b2:4c:af:1a:94:a3:3f:e7:71:7b:0a:c5:c6:0a:a3:83:fe:ad:63

Digest Algorithm

sha256

PE Digest Matches

false

f3:16:d7:b6:0c:54:e5:2a:ca:f4:d1:6a:90:45:32:66:9b:c7:02:de
Signer

Actual PE Digest

f3:16:d7:b6:0c:54:e5:2a:ca:f4:d1:6a:90:45:32:66:9b:c7:02:de

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d1e6e268a5755d36955ebd5674ff9c0e7d0bc2d6745a84fd6106863c870e4f07.elf
.elf linux x86
d2a5ee5a8ed5150ea84c6375e0715554dd62c3d8311cb8adec500643815584cf.elf
.elf linux mipsel
d2e2cac459c2c1d9f3fcd646c93b149ab0cbf44a7a0261708d46cf18e02e5029.elf
.elf linux mipsel
d3e3dc900b4bfbec43e635f49fd55913e11e748f677b4e4035fdf774a1ed6fb6.exe
.exe windows:5 windows x86 arch:x86

eb97e4fc5518ac300a92a11673825e0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
socket
inet_ntoa
setsockopt
ntohs
recvfrom
ioctlsocket
htons
WSAStartup
__WSAFDIsSet
select
accept
listen
bind
closesocket
WSAGetLastError
recv
sendto
send
inet_addr
gethostbyname
gethostname
connect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetUseConnectionW
WNetCancelConnection2W
WNetGetConnectionW
WNetAddConnection2W

wininet

InternetQueryDataAvailable
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
HttpOpenRequestW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetConnectW

psapi

GetProcessMemoryInfo

iphlpapi

IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho

userenv

DestroyEnvironmentBlock
UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
SetCurrentDirectoryW
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
FindResourceW
LoadResource
LockResource
SizeofResource
EnumResourceNamesW
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
GetLocalTime
CompareStringW
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
LoadLibraryW
VirtualAlloc
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
CloseHandle
GetFullPathNameW
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
GetSystemTimeAsFileTime
ResumeThread
GetCommandLineW
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadConsoleW
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
FindClose
SetEnvironmentVariableA

user32

AdjustWindowRectEx
CopyImage
SetWindowPos
GetCursorInfo
RegisterHotKey
ClientToScreen
GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
MonitorFromPoint
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
CreateIconFromResourceEx
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
SetRect
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
MonitorFromRect
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
UnregisterHotKey
CheckMenuRadioItem
CharLowerBuffW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
LoadImageW
GetClassNameW

gdi32

StrokePath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
GetDeviceCaps
EndPath
SetPixel
CloseFigure
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
GetDIBits
LineTo
AngleArc
MoveToEx
Ellipse
DeleteDC
GetPixel
CreateDCW
GetStockObject
GetTextFaceW
CreateFontW
SetTextColor
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
StrokeAndFillPath

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
RegCreateKeyExW
FreeSid
GetTokenInformation
GetSecurityDescriptorDacl
GetAclInformation
AddAce
SetSecurityDescriptorDacl
GetUserNameW
InitiateSystemShutdownExW

shell32

DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW
DragFinish

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoSetProxyBlanket
CoCreateInstanceEx
CoInitializeSecurity

oleaut32

LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
RegisterTypeLi
CreateStdDispatch
DispCallFunc
VariantChangeType
SysStringLen
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
VariantCopy
VariantClear
OleLoadPicture
QueryPathOfRegTypeLi
RegisterTypeLibForUser
UnRegisterTypeLibForUser
UnRegisterTypeLi
CreateDispTypeInfo
SysAllocString
VariantInit

Sections

.text
Size: 568KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 523KB - Virtual size: 522KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d49072a6852ca5136c43e6ff5ad83ae81ee47ca295698f2827187451c7241ee1.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 544KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d4dd0ad08042d331b371efc97ee1e489fcb10020eb5612ba6a351bb1893a35cc.exe
.exe windows:6 windows x86 arch:x86

d716233fa9e0a1b9e5f58fbed8dcbfa9

Code Sign

4e:04:2c:42:f9:de:68:8e:4a:6f:c2:f8:41:40:d4:f9
Certificate

Issuer

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

Not Before

23/11/2023, 09:28

Not After

24/11/2033, 09:28

Subject

CN=Logitech H153 Wired Headset Black 2.0 overhead 20 Hz - 20000 Hz 22Ω corded cable - 1.8 m

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3c:ab:d0:ed:9c:47:c3:a6:65:bb:f5:00:75:ac:f5:de:1c:8c:95:c0:a4:48:3f:41:ec:aa:c6:6c:76:4b:d8:4b
Signer

Actual PE Digest

3c:ab:d0:ed:9c:47:c3:a6:65:bb:f5:00:75:ac:f5:de:1c:8c:95:c0:a4:48:3f:41:ec:aa:c6:6c:76:4b:d8:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

wsprintfA

gdi32

CreateCompatibleBitmap

advapi32

CredEnumerateA

shell32

ShellExecuteA

ole32

CoInitializeEx

ws2_32

WSAStartup

crypt32

CryptUnprotectData

shlwapi

PathFindExtensionA

gdiplus

GdiplusStartup

setupapi

SetupDiEnumDeviceInterfaces

ntdll

RtlUnicodeStringToAnsiString

Sections

.text
Size: - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.^_][&u�
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.^_][&u�
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.^_][&u�
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpyÜ+
Size: - Virtual size: 981KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmpyÜ+
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmpyÜ+
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 118KB - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d4e050a3ded1ec2d38cba954b4868dc6cc7352241b3fefc56b1324c1094aaea5.elf
.elf linux arm
d5f1978fa4b148f8c2821f07c020a2280eca49a9342b5c9ebdcaa312a2fe714c.elf
.elf linux x86
d607b4eddf572f2fec9793349518180df59d795f58fce6223e8183ebf45b7e6c.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pzeyogll
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pnbtckul
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
d60df902cea410c6cecc6c0852b1ee001cd89e298b2376288dde406e0ea2c59a.msi
.msi
d704d764ca95766ac1f06d62947581a26f442130bcce4901bddecb8b31ed27af.elf
.elf linux sh
d874c5f6b10e26cfd96af59be1a40b173d0614770703a36fb84dd855900fd78c.exe
.exe windows:5 windows x86 arch:x86

67249dba00354a5d46556d718ee3a4c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetComputerNameA
LocalUnlock
GetConsoleAliasesLengthW
WriteConsoleOutputCharacterA
InterlockedDecrement
CreateDirectoryW
GetSystemDefaultLCID
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
GetProcAddress
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
SetFileAttributesW
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

ole32

CreateDataAdviseHolder

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
d98ee64e600ff32f7beadf7900b994cee769420418ec1a360d3188d5f57f76da.apk
.apk android arch:arm64 arch:arm

com.simplemobiletools.launcherpscyrttleb

com.simplemobiletools.launcher.activities.MainActivity

Activities

com.simplemobiletools.launcher.activities.MainActivity

android.content.pm.action.CONFIRM_PIN_SHORTCUT
android.intent.action.MAIN

com.simplemobiletools.launcher.activities.SettingsActivity

android.intent.action.APPLICATION_PREFERENCES

Permissions

android.permission.INTERNET
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_SMS
android.permission.QUERY_ALL_PACKAGES
android.permission.BIND_APPWIDGET
android.permission.REQUEST_DELETE_PACKAGES
android.permission.EXPAND_STATUS_BAR

Receivers

com.simplemobiletools.launcher.apper.MyReceiver

android.provider.Telephony.SMS_DELIVER
android.provider.Telephony.SMS_RECEIVED

com.simplemobiletools.commons.receivers.SharedThemeReceiver

com.simplemobiletools.commons.SHARED_THEME_ACTIVATED
com.simplemobiletools.commons.SHARED_THEME_UPDATED

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

Services
d9e11bf6dbbb2e9e75574f370b57e32efd4be3b1ba193b934933515aed9b933e.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 697KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
d9e99e4c9ba2521a851e8a889b78848980e71ecd81ab1a6326132ab3f2601147.elf
.elf linux sh
d9e9ad2e1129ea6aa884668a13f6e3b73b7cedaa7fec69a38c4e683bea546879.exe
.exe windows:5 windows x86 arch:x86

8f1805f3ae545b0e731cb9cff13122c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\rise_lix.pdb

Imports

kernel32

GetComputerNameA
GetFileSize
GetLocaleInfoA
GetConsoleAliasExesA
GetDriveTypeW
MapUserPhysicalPages
InterlockedIncrement
GetConsoleAliasA
InterlockedDecrement
AddConsoleAliasW
CreateDirectoryExA
GetModuleHandleW
GetTickCount
GetNumberFormatA
ReadConsoleW
GlobalAlloc
GetVolumeInformationA
GlobalFindAtomA
LoadLibraryW
AssignProcessToJobObject
GetConsoleAliasExesLengthW
SetLastError
GetProcAddress
VirtualAlloc
HeapSize
SetComputerNameA
VerLanguageNameW
LoadLibraryA
RemoveDirectoryW
QueryDosDeviceW
FindNextChangeNotification
GetConsoleTitleW
VirtualProtect
GetFileAttributesExW
GetCurrentProcessId
AreFileApisANSI
Sleep
ExitProcess
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
WriteFile
GetModuleFileNameA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
HeapAlloc
HeapReAlloc
SetStdHandle
RtlUnwind
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CreateFileA
CloseHandle

user32

IsWindowEnabled
CharUpperBuffW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
daa985b744316e4feae1ced35df533c769c06804e1c8d42f18295c8e489c116d.zip
.zip
dae4facd24ebff0352f1c58ed73a8f060cb86b5c9895bce9e78a273f7ac627a5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

hmGs.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 699KB - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dc35bb3e599d118d48f019a8abf13ad6ad56920ec366406a841b2aac785324df.exe
.exe windows:6 windows x86 arch:x86

e569e6f445d32ba23766ad67d1e3787f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dc798cedc27aaa2f8749b5daddeace77fe21489f5a3372dc08488a7e2c76dcaf.elf
.elf linux sh
dd820630f687316d7b7698f1d4f7372cbb130bc03eef3d2bd56db984c5ada75e.doc
.rtf .doc
de3f3f31f5c4ff182053ddbaf6ee15ec023b613340331262e9e2ac81bfc18286.xlsx
.xlam .xlsx office2007
dfef81de68b9aaf054df713c596c3902f3f92156d7cf041f903188b32a35e4a9.exe
.exe windows:5 windows x86 arch:x86

00be6e6c4f9e287672c8301b72bdabf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e0324f9407031cdea025049097bf0d30a80f02eeb6e04a5d1d4a21eb8d703bc3.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zspkhdwt
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

enueklum
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e046c5e3f0ead64c214eaa411189b0001bdc5431f3a942d0e6fff1ba87fadb9f.exe
.exe windows:4 windows x86 arch:x86

Code Sign

48:87:a6:9a:a4:6c:87:4e:b4:7d:12:ad:b0:79:c5:95
Certificate

Issuer

CN=MSI PRO B760-P WIFI DDR4,OU=\ Intel Gen Core Pentium,O=\ Intel,L=²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†,ST=\ Realtek ALC897,C=6E Bluetooth

Not Before

21/01/2024, 13:40

Not After

26/06/2025, 00:00

Subject

CN=MSI PRO B760-P WIFI DDR4,OU=\ Intel Gen Core Pentium,O=\ Intel,L=²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†²W™P”‚÷ñ€†,ST=\ Realtek ALC897,C=6E Bluetooth

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bb:ba:56:cd:5a:b8:98:7d:d0:41:8a:48:40:b1:1d:4a:5b:76:8b:25:a6:9e:81:6f:36:1e:32:56:e3:01:44:53
Signer

Actual PE Digest

bb:ba:56:cd:5a:b8:98:7d:d0:41:8a:48:40:b1:1d:4a:5b:76:8b:25:a6:9e:81:6f:36:1e:32:56:e3:01:44:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 1.8MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
e226857f5c5f9a274825a537fe84a8d636b5d920368f20206089a99b56d7de7f.elf
.elf linux sparc
e268df66fb92ff6e5b2719279c5bee5383d56a4b97add2c7dc0ede45d2aec175.exe
.exe windows:4 windows x64 arch:x64

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e4499912964280ec3adc3131a12d5415a577bcd29d7259a38e928ba87ad6c03a.vbs
.vbs
e4dafea0263823affefe445b40ea002c5f63b785cb3b18270b045b86b22ba682.elf
.elf linux mipsel
e500b83db91a16021dc5f38a5cfacd4262a43c34bba5fa7211409e0ace06c85a.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 371KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 655KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e586bf17566b9188b9274097ddf059cf20569b87754f38e460c2fd884ae88a15.exe
.exe windows:4 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 1.8MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xspsmdya
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wwwpkrhm
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e5b92c64269cc60d8db665c2a71cf0b7c917bb0585d833324f6e8c3a1d22025a.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 509KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e6152cc4702000546accc8d72aed7cb2a17381fbfed6b2dae32a336e15440549.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sepucftx
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

jcshivfx
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
e7757fdf8b8e6b584cab959c54383e10065ba2aceb5dd653dd0566d4cbce1ec8.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 694KB - Virtual size: 693KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e8028be583b1ea12a054ac8ae37abb2356e37f7c0aeff0ee40c17c9ac219973f.exe
.exe windows:4 windows x86 arch:x86

7ed0d71376e55d58ab36dc7d3ffda898

Code Sign

37:f9:03:f9:0a:6e:8f:85:ea:fb:b4:43:bb:a1:83:6f:7e:f6:b6:8d
Certificate

Issuer

CN=Skotjsske,OU=Parviflorous Reviewal patcheries\ ,O=Skotjsske,L=Banvillars,ST=Bourgogne-Franche-Comté,C=FR,1.2.840.113549.1.9.1=#0c2450726f64756b746576616c756572696e67656e7340646573706f696c6d656e742e536b72

Not Before

17/06/2023, 03:15

Not After

16/06/2026, 03:15

Subject

CN=Skotjsske,OU=Parviflorous Reviewal patcheries\ ,O=Skotjsske,L=Banvillars,ST=Bourgogne-Franche-Comté,C=FR,1.2.840.113549.1.9.1=#0c2450726f64756b746576616c756572696e67656e7340646573706f696c6d656e742e536b72

0d:d9:7b:f2:ec:1c:13:c8
Certificate

Issuer

CN=Apple Timestamp Certification Authority,OU=Apple Certification Authority,O=Apple Inc.,C=US

Not Before

19/02/2024, 20:25

Not After

01/04/2024, 20:25

Subject

CN=Timestamp Signer MA1,O=Apple Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:4c:57:63:9f:f3:f0:b7
Certificate

Issuer

CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US

Not Before

05/04/2012, 12:02

Not After

05/04/2027, 12:02

Subject

CN=Apple Timestamp Certification Authority,OU=Apple Certification Authority,O=Apple Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02
Certificate

Issuer

CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US

Not Before

25/04/2006, 21:40

Not After

09/02/2035, 21:40

Subject

CN=Apple Root CA,OU=Apple Certification Authority,O=Apple Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:be:65:8d:f4:c8:4f:f6:55:f9:86:77:6f:dc:2c:4e:5a:ef:60:4f:ca:f1:b1:6c:5d:06:d5:49:02:e3:d1:11
Signer

Actual PE Digest

a2:be:65:8d:f4:c8:4f:f6:55:f9:86:77:6f:dc:2c:4e:5a:ef:60:4f:ca:f1:b1:6c:5d:06:d5:49:02:e3:d1:11

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathW
SetFileTime
CloseHandle
GetShortPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
GetFullPathNameW
CreateDirectoryW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
SetFileAttributesW
ExpandEnvironmentStringsW
LoadLibraryW
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
CreateProcessW
RemoveDirectoryW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcpyA
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleHandleW
lstrcmpiW
lstrcmpW
WaitForSingleObject
GlobalFree
GlobalAlloc
LoadLibraryExW
GetExitCodeProcess
FreeLibrary
WritePrivateProfileStringW
SetErrorMode
GetCommandLineW
GetPrivateProfileStringW
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
MulDiv
MultiByteToWideChar
WriteFile
lstrlenA
WideCharToMultiByte

user32

EndDialog
ScreenToClient
GetWindowRect
RegisterClassW
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
wsprintfW
CreateWindowExW
SystemParametersInfoW
AppendMenuW
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
GetDC
SetWindowLongW
LoadImageW
SendMessageTimeoutW
FindWindowExW
EmptyClipboard
OpenClipboard
TrackPopupMenu
EndPaint
ShowWindow
GetDlgItem
IsWindow
SetForegroundWindow

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e8ba4a43b8c03e1ea3ab83bed7c1c415cd17a289293a1e0e351da3ba85683eab.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 640KB - Virtual size: 639KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eac1ffc2d94146ca2f9ae011468a19552430c78fc5c306dcf2d98edaf5273ead.elf
.elf linux sh
ec291f72135b5826eae935f229e4c1bc2bc14d3671c9001452be407fc130ca3b.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 572KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dyerhbdo
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rlchrsjg
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ec36ebae6ef6f254f20c4a444c17db05be30a0acbbaf33f5f568608a38452d7c.exe
.exe windows:6 windows x86 arch:x86

e7027585a1e3cec2bbf81c4b0fdf2b04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetUserNameW
RegCloseKey
RegConnectRegistryW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegReplaceKeyW
RegRestoreKeyW
RegSaveKeyW
RegSetValueExW
RegUnLoadKeyW

kernel32

CloseHandle
CompareStringW
CreateEventW
CreateFileA
CreateFileW
CreateMutexA
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoW
EnumResourceNamesW
EnumSystemLocalesW
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
FreeResource
GetACP
GetCPInfo
GetCPInfoExW
GetCommandLineW
GetComputerNameW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetDiskFreeSpaceW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultUILanguage
GetSystemInfo
GetSystemTimeAsFileTime
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultUILanguage
GetVersion
GetVersionExA
GetVersionExW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFree
LockResource
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryW
ResetEvent
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetErrorMode
SetEvent
SetFilePointer
SetHandleCount
SetLastError
SetThreadLocale
SetThreadPriority
SizeofResource
Sleep
SuspendThread
SwitchToThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnhandledExceptionFilter
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualQuery
VirtualQueryEx
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
lstrcmpW
lstrlenW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

winspool.drv

ClosePrinter
DocumentPropertiesW
EnumPrintersW
ord203
OpenPrinterW

comctl32

FlatSB_GetScrollInfo
FlatSB_GetScrollPos
FlatSB_SetScrollInfo
FlatSB_SetScrollPos
FlatSB_SetScrollProp
ImageList_Add
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_Draw
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetBkColor
ImageList_GetDragImage
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_LoadImageW
ImageList_Read
ImageList_Remove
ImageList_Replace
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_SetIconSize
ImageList_SetImageCount
ImageList_SetOverlayImage
ImageList_Write
ord17
InitializeFlatSB
_TrackMouseEvent

comdlg32

FindTextW

gdi32

AbortDoc
AngleArc
Arc
ArcTo
BitBlt
Chord
CombineRgn
CopyEnhMetaFileW
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
CreateDIBSection
CreateDIBitmap
CreateFontIndirectW
CreateHalftonePalette
CreateICW
CreatePalette
CreatePenIndirect
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteEnhMetaFile
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesExW
EnumFontsW
ExcludeClipRect
ExtFloodFill
ExtTextOutW
FrameRgn
GdiFlush
GetBitmapBits
GetBrushOrgEx
GetClipBox
GetCurrentPositionEx
GetDIBColorTable
GetDIBits
GetDeviceCaps
GetEnhMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
GetObjectW
GetPaletteEntries
GetPixel
GetRgnBox
GetStockObject
GetStretchBltMode
GetSystemPaletteEntries
GetTextExtentPoint32W
GetTextExtentPointW
GetTextMetricsW
GetWinMetaFileBits
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
MoveToEx
PatBlt
Pie
PlayEnhMetaFile
PolyBezier
PolyBezierTo
Polygon
Polyline
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetAbortProc
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBColorTable
SetDIBits
SetEnhMetaFileBits
SetMapMode
SetPixel
SetROP2
SetRectRgn
SetStretchBltMode
SetTextColor
SetViewportOrgEx
SetWinMetaFileBits
SetWindowOrgEx
StartDocW
StartPage
StretchBlt
StretchDIBits
UnrealizeObject

shell32

SHAppBarMessage
ShellExecuteW
Shell_NotifyIconW

user32

ActivateKeyboardLayout
AdjustWindowRectEx
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcW
CharLowerBuffW
CharLowerW
CharNextW
CharUpperBuffW
CharUpperW
CheckMenuItem
ChildWindowFromPoint
ClientToScreen
CloseClipboard
CopyIcon
CopyImage
CreateAcceleratorTableW
CreateIcon
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteMenu
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawTextExW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndMenu
EndPaint
EnumChildWindows
EnumDisplayMonitors
EnumThreadWindows
EnumWindows
FillRect
FindWindowExW
FindWindowW
FrameRect
GetActiveWindow
GetCapture
GetClassInfoW
GetClassLongW
GetClassNameW
GetClientRect
GetClipboardData
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDlgCtrlID
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameW
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoW
GetMenuState
GetMenuStringW
GetMessageExtraInfo
GetMessagePos
GetMonitorInfoW
GetParent
GetPropW
GetScrollBarInfo
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTopWindow
GetUpdateRect
GetWindow
GetWindowDC
GetWindowLongW
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InsertMenuItemW
InsertMenuW
InvalidateRect
IsChild
IsDialogMessageA
IsDialogMessageW
IsIconic
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
LoadKeyboardLayoutW
LoadStringW
LockWindowUpdate
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OpenClipboard
PeekMessageA
PeekMessageW
PostMessageW
PostQuitMessage
RedrawWindow
RegisterClassW
RegisterClipboardFormatW
RegisterWindowMessageW
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropW
ScreenToClient
ScrollWindow
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClassLongW
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoW
SetParent
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextW
SetWindowsHookExW
ShowCaret
ShowOwnedPopups
ShowScrollBar
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMDISysAccel
TranslateMessage
UnhookWindowsHookEx
UnregisterClassW
UpdateWindow
ValidateRect
WaitMessage
WindowFromPoint
wsprintfA

ole32

CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
IsEqualGUID
OleInitialize
OleUninitialize

oleaut32

GetErrorInfo
SafeArrayCreate
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

Exports

Exports

@$xp$6TForm2
@@Unit2@Finalize
@@Unit2@Initialize
_Form2
___CPPdebugHook
___setRaiseListFuncAddr
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didata
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 283KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ed2702b7d4d47f611d466d5dfc33225490060873797b0c2174d122d30ec24613.elf
.elf linux arm
ef1a8feda056bc9856f40650de74ad34db26af38c048bab44e71a4a2c898dc13.elf
.elf linux arm
ef8648a4e11f17606230b349943910c02f3a26faab05f00f779c6802f03eca97.exe
.exe windows:5 windows x86 arch:x86

c4540f421523fe2dc591e50be5ad7d0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

DuplicateHandle
CreateThread
WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
IsDebuggerPresent
CopyFileExW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
GetCurrentThread
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
CreatePipe
InterlockedExchange
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
GetCurrentDirectoryW
lstrcmpiW
DecodePointer
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
CloseHandle
GetFullPathNameW
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetCurrentDirectoryW
FindNextFileW
WriteConsoleW

user32

GetKeyboardLayoutNameW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
IsCharUpperW
GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
SetMenuDefaultItem
InsertMenuItemW
IsMenu
ClientToScreen
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
SystemParametersInfoW
LockWindowUpdate
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowLongW
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
GetWindowRect
SetUserObjectSecurity
CloseDesktop
CloseWindowStation
OpenDesktopW
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
BlockInput
TrackPopupMenuEx
GetMessageW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
DispatchMessageW
keybd_event
TranslateMessage
ScreenToClient

gdi32

EndPath
DeleteObject
GetTextExtentPoint32W
ExtCreatePen
StrokeAndFillPath
GetDeviceCaps
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
CreateCompatibleBitmap
CreateCompatibleDC
PolyDraw
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
SelectObject
StretchBlt
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StrokePath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegCreateKeyExW
GetSecurityDescriptorDacl
GetAclInformation
GetUserNameW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
SysReAllocString
SysFreeString
VariantChangeType
SafeArrayDestroyData
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayAllocData
SafeArrayAllocDescriptorEx
SafeArrayCreateVector
SysStringLen
QueryPathOfRegTypeLi
SysAllocString
VariantInit
VariantClear
DispCallFunc
VariantTimeToSystemTime
VarR8FromDec
SafeArrayGetVartype
SafeArrayDestroyDescriptor
VariantCopy
OleLoadPicture

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f0bdd1cbfdf5abdf1752a6002a66122e3f5cf70349ea263f2b41b2c73bf20dee.elf
.elf linux x86
f26cd360e1ef22cfe4124db2d0e6ea83a90efeaa0f9a719d134e61003c3091c6.elf
.elf linux sh
f26dc7069c57ff58f49105f7b6df0e9e467bde973a9eac5f5abc75511f83a825.vbs
.vbs
f297ff70bf504f4de6493af8ee41f6db917d6c849436c88caaaeda0bc779d599.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f37c210ff454a560c8b08d8fc2cf0406dade9d55c31f0d69f14a4d0e53f4d7a2.elf
.elf linux arm
f571ec60e80f59ca67e085d6578306da2af3de4e3c9b48714dc20ade153fed35.exe
.exe windows:5 windows x86 arch:x86

6d6606d86ca686348329796ae4c15941

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleOutputCharacterA
InterlockedDecrement
GetSystemDefaultLCID
GetConsoleAliasesLengthA
TzSpecificLocalTimeToSystemTime
GetProcessTimes
LoadLibraryW
GetLocaleInfoW
FatalAppExitW
SetConsoleCP
HeapDestroy
ReplaceFileA
FlushFileBuffers
CreateDirectoryA
GetConsoleAliasesW
ChangeTimerQueueTimer
SetLastError
LocalUnlock
CreateNamedPipeA
SetStdHandle
PrepareTape
ResetEvent
LoadLibraryA
LocalAlloc
AddAtomA
DebugSetProcessKillOnExit
lstrcatW
VirtualProtect
GetCurrentDirectoryA
EnumDateFormatsW
FileTimeToLocalFileTime
GetVolumeInformationW
WriteConsoleW
CloseHandle
SetFilePointer
GetProcAddress
GetComputerNameA
GetConsoleMode
GetConsoleCP
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
HeapCreate
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapFree
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
CreateFileW

user32

GetForegroundWindow
GetClassLongA

advapi32

OpenThreadToken

ole32

CreateDataAdviseHolder

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
f5adbe090b5da815ac42c166f4db33c1198725d793050541fc8897eca49c7df9.elf
.elf linux sh
f8bb462f68c3ca4ad9d009cb1a4803bd8fdafc37b558a9ca2e0da5a5c3f86a3c.apk
.apk android arch:arm64 arch:arm

com.simplemobiletools.launcherdvbwezauxk

com.simplemobiletools.launcher.activities.MainActivity

Activities

com.simplemobiletools.launcher.activities.MainActivity

android.content.pm.action.CONFIRM_PIN_SHORTCUT
android.intent.action.MAIN

com.simplemobiletools.launcher.activities.SettingsActivity

android.intent.action.APPLICATION_PREFERENCES

Permissions

android.permission.INTERNET
android.permission.FOREGROUND_SERVICE
android.permission.RECEIVE_SMS
android.permission.QUERY_ALL_PACKAGES
android.permission.BIND_APPWIDGET
android.permission.REQUEST_DELETE_PACKAGES
android.permission.EXPAND_STATUS_BAR

Receivers

com.simplemobiletools.launcher.apper.MyReceiver

android.provider.Telephony.SMS_DELIVER
android.provider.Telephony.SMS_RECEIVED

com.simplemobiletools.commons.receivers.SharedThemeReceiver

com.simplemobiletools.commons.SHARED_THEME_ACTIVATED
com.simplemobiletools.commons.SHARED_THEME_UPDATED

androidx.profileinstaller.ProfileInstallReceiver

androidx.profileinstaller.action.INSTALL_PROFILE
androidx.profileinstaller.action.SKIP_FILE
androidx.profileinstaller.action.SAVE_PROFILE
androidx.profileinstaller.action.BENCHMARK_OPERATION

Services
f953f4ede7a4cf9640cef3c513c62e9c592dfff4a9e4fd2549d3507a7def18b8.exe
.exe windows:1 windows x86 arch:x86

44d1d3622a1f568fe5a4988612a1b8da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
LoadLibraryA

user32

MessageBoxA

Sections

Feokt.
Size: 10KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
fa72ce2ca8b2c02af5ed2b6c6b7d5ebef09db6853681dd0681e42886fde0a8a5.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\SharpHound\SharpHound\obj\Release\net462\SharpHound.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fab70e91670f8a5c0d6740f05592ea1fd44776d3fce3be0a200c9ce81f1eb3d5.exe
.exe windows:4 windows x64 arch:x64

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fd15524b1b94b345da0dd07b7731a61f773ed011d2f72b23b39d3812200bd9f6.unknown
.hta .js polyglot
fdbb23c8c4bcdb73f533d9178ba2a9e9912d6cc422782872e3666f76d496b51b.elf
.elf linux
fe5ea9d0dafc88a857f1033aa84a520ea0efe693a53b6b8d61033b4ccf7d6cf0.zip
.zip
fff4461b7d20db61afdb0ee67bf47fce6f1b423e6b25b9419d9f241a49df37ae.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4c:aa:f9:ca:db:63:6f:e0:1f:f7:4e:d8:5b:03:86:9d
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

19/01/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:11:18:cb:ba:dc:95:da:37:52:c4:6e:47:a2:74:38
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/11/2018, 00:00

Not After

08/11/2021, 23:59

Subject

CN=Simon Tatham,O=Simon Tatham,L=Cambridge,ST=Cambridgeshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

dc:46:d1:6e:e5:e0:72:3c:15:8e:b6:4e:61:a6:03:29:ca:28:23:fc:f3:ea:0e:7e:d2:17:f4:45:1d:04:1e:d5
Signer

Actual PE Digest

dc:46:d1:6e:e5:e0:72:3c:15:8e:b6:4e:61:a6:03:29:ca:28:23:fc:f3:ea:0e:7e:d2:17:f4:45:1d:04:1e:d5

Digest Algorithm

sha256

PE Digest Matches

false

e8:ed:ff:c5:ad:98:24:c7:b3:d0:f9:27:c4:2f:6f:43:db:25:dc:fe
Signer

Actual PE Digest

e8:ed:ff:c5:ad:98:24:c7:b3:d0:f9:27:c4:2f:6f:43:db:25:dc:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 707KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

Errors

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Files

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 727KB - Virtual size: 726KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 708KB - Virtual size: 707KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

04b4eec1b14791bf23f31173f27a5df0

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

version

winmm

comctl32

mpr

wininet

psapi

userenv

kernel32

user32

gdi32

comdlg32

.text
Size: 727KB - Virtual size: 726KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 708KB - Virtual size: 707KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 229KB - Virtual size: 228KB

.imports
Size: 512B - Virtual size: 4KB

.rsrc
Size: 450KB - Virtual size: 450KB

.themida
Size: - Virtual size: 3.3MB

.boot
Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 242KB - Virtual size: 241KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 26KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 11KB - Virtual size: 4.0MB

.rsrc
Size: 10KB - Virtual size: 9KB