C:\Project\D3xx\trunk\D3XX\d2xxdll\x64\Release\FTD3XX.pdb
Overview
overview
7Static
static
3AIMX_DMA (1).rar
windows7-x64
7AIMX_DMA (1).rar
windows10-2004-x64
7AIMX DMA1/FTD3XX.dll
windows7-x64
1AIMX DMA1/FTD3XX.dll
windows10-2004-x64
1AIMX DMA1/aimx.exe
windows7-x64
1AIMX DMA1/aimx.exe
windows10-2004-x64
1AIMX DMA1/dbghelp.dll
windows7-x64
1AIMX DMA1/dbghelp.dll
windows10-2004-x64
1AIMX DMA1/info.db
windows7-x64
3AIMX DMA1/info.db
windows10-2004-x64
3AIMX DMA1/...re.dll
windows7-x64
1AIMX DMA1/...re.dll
windows10-2004-x64
1AIMX DMA1/symsrv.dll
windows7-x64
1AIMX DMA1/symsrv.dll
windows10-2004-x64
1AIMX DMA1/vmm.dll
windows7-x64
1AIMX DMA1/vmm.dll
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
AIMX_DMA (1).rar
Resource
win7-20240221-en
windows7-x64
10 signatures
150 seconds
Behavioral task
behavioral2
Sample
AIMX_DMA (1).rar
Resource
win10v2004-20240221-en
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral3
Sample
AIMX DMA1/FTD3XX.dll
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
AIMX DMA1/FTD3XX.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
AIMX DMA1/aimx.exe
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
AIMX DMA1/aimx.exe
Resource
win10v2004-20240221-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
AIMX DMA1/dbghelp.dll
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
AIMX DMA1/dbghelp.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
AIMX DMA1/info.db
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
AIMX DMA1/info.db
Resource
win10v2004-20240221-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
AIMX DMA1/leechcore.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral12
Sample
AIMX DMA1/leechcore.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
AIMX DMA1/symsrv.dll
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
AIMX DMA1/symsrv.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
AIMX DMA1/vmm.dll
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
AIMX DMA1/vmm.dll
Resource
win10v2004-20240221-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
AIMX_DMA (1).rar
-
Size
2.0MB
-
MD5
d773ea02abecc1154ff8130cf9ee5179
-
SHA1
3a0a6c929b291ba785b3df6e1a804be6b5826586
-
SHA256
1d89e42e075a50e6b4437d4cc07bbc6062ab973bfda51180210161fd970d84db
-
SHA512
e85126a47d38589a072ccfacd17a332db7c85e2d5901e12dd62361a8a17a85e59fbcf199d37aef7a211146b380b8f69c52566f6fe69172e8be772555e78e6f1b
-
SSDEEP
49152:gzV2ZaKXJNeYQv0oMYUtniFebgtQB0tV8wJjXtP/0WXwfgzR13:gzV2kK5NfQv0oq1dCH8wZtP/0Wgfmp
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/AIMX DMA1/FTD3XX.dll unpack001/AIMX DMA1/aimx.exe
Files
-
AIMX_DMA (1).rar.rar
-
AIMX DMA1/FTD3XX.dll.dll windows:6 windows x64 arch:x64
6f94f6f6008a841e2ba8090d85ca9d8f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
setupapi
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
kernel32
CreateThread
WriteConsoleW
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
SetFilePointerEx
CreateFileA
CloseHandle
GetLastError
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetOverlappedResult
SetEvent
CreateEventA
WaitForMultipleObjects
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
CreateFileW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
Exports
Exports
FT_AbortPipe
FT_ClearNotificationCallback
FT_ClearStreamPipe
FT_Close
FT_ControlTransfer
FT_Create
FT_CreateDeviceInfoList
FT_CycleDevicePort
FT_EnableGPIO
FT_FlushPipe
FT_GetChipConfiguration
FT_GetConfigurationDescriptor
FT_GetDescriptor
FT_GetDeviceDescriptor
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetFirmwareVersion
FT_GetGPIO
FT_GetInterfaceDescriptor
FT_GetLatencyTimer
FT_GetLibraryVersion
FT_GetOverlappedResult
FT_GetPipeInformation
FT_GetPipeTimeout
FT_GetQueueStatus
FT_GetStringDescriptor
FT_GetSuspendTimeout
FT_GetVIDPID
FT_InitializeD2XXExtension
FT_InitializeOverlapped
FT_IoCtl
FT_IsDevicePath
FT_ListDevices
FT_Open
FT_Purge
FT_Read
FT_ReadGPIO
FT_ReadPipe
FT_ReadPipeEx
FT_ReleaseOverlapped
FT_ResetDevicePort
FT_SetChipConfiguration
FT_SetGPIO
FT_SetGPIOLevel
FT_SetGPIOPull
FT_SetLatencyTimer
FT_SetNotificationCallback
FT_SetPipeTimeout
FT_SetStreamPipe
FT_SetSuspendTimeout
FT_SetUSBParameters
FT_WriteGPIO
FT_WritePipe
FT_WritePipeEx
Sections
.text Size: 285KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AIMX DMA1/aimx.exe.exe windows:6 windows x64 arch:x64
0f5eff6fe228cfae6bfa44107a666f79
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
C:\Users\popo\Desktop\lastest\x64\Release\latest.pdb
Imports
vmm
VMMDLL_Map_GetModuleFromNameU
VMMDLL_InitializePlugins
VMMDLL_PidGetFromName
VMMDLL_MemFree
VMMDLL_Initialize
VMMDLL_Scatter_ExecuteRead
VMMDLL_VfsListU
VMMDLL_Scatter_CloseHandle
VMMDLL_ConfigGet
VMMDLL_ConfigSet
VMMDLL_WinReg_QueryValueExU
VMMDLL_Scatter_Initialize
VMMDLL_ProcessGetInformation
VMMDLL_Map_GetEATU
VMMDLL_VfsReadU
VMMDLL_Scatter_Read
VMMDLL_CloseAll
VMMDLL_Scatter_Prepare
VMMDLL_ProcessGetModuleBaseU
VMMDLL_MemReadEx
VMMDLL_Close
setupapi
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
d3d9
Direct3DCreate9
d3dx9_43
D3DXCreateFontA
kernel32
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
RtlCaptureContext
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
IsProcessorFeaturePresent
SetCommState
CloseHandle
GetCommState
CreateFileA
WriteFile
CreateThread
Sleep
GetStdHandle
SetConsoleTextAttribute
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
GetModuleHandleA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
QueryPerformanceCounter
MultiByteToWideChar
user32
ShowWindow
CreateWindowExA
TranslateMessage
PeekMessageA
SetRect
PostQuitMessage
RegisterClassExA
UpdateWindow
GetAsyncKeyState
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetKeyState
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
GetWindowRect
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
GetCursorPos
GetDesktopWindow
DefWindowProcW
DispatchMessageA
msvcp140
?_Throw_Cpp_error@std@@YAXH@Z
??Bid@locale@std@@QEAA_KXZ
?id@?$ctype@D@std@@2V0locale@2@A
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?good@ios_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
imm32
ImmSetCandidateWindow
ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmAssociateContextEx
ws2_32
WSACleanup
sendto
WSAStartup
inet_addr
socket
recvfrom
htons
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memcpy
memcmp
memchr
_CxxThrowException
memset
__C_specific_handler
__current_exception_context
__current_exception
strrchr
__std_exception_copy
__std_exception_destroy
strchr
strstr
__std_terminate
memmove
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
fputc
fgetc
__stdio_common_vsscanf
fread
ftell
__p__commode
_set_fmode
fflush
fclose
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
__stdio_common_vsprintf
setvbuf
fgetpos
fseek
__stdio_common_vfprintf
_wfopen
fwrite
api-ms-win-crt-string-l1-1-0
strcmp
toupper
strncpy
strcpy_s
strncmp
api-ms-win-crt-utility-l1-1-0
rand
srand
qsort
api-ms-win-crt-heap-l1-1-0
malloc
_callnewh
_set_new_mode
free
api-ms-win-crt-convert-l1-1-0
wcstombs
atof
atoi
api-ms-win-crt-time-l1-1-0
_time64
_localtime64_s
api-ms-win-crt-runtime-l1-1-0
_crt_atexit
_cexit
_register_onexit_function
_seh_filter_exe
_set_app_type
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_configure_narrow_argv
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_beginthreadex
exit
_invalid_parameter_noinfo_noreturn
system
_initialize_onexit_table
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
api-ms-win-crt-math-l1-1-0
ceilf
atan2f
log
logf
pow
acosf
powf
roundf
sinf
cosf
sqrtf
asin
fmodf
sqrt
__setusermatherr
tanf
atan2
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 337KB - Virtual size: 336KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 576B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AIMX DMA1/dbghelp.dll.dll windows:6 windows x64 arch:x64
3d64c0b7659a72157d6f0180ea1141c1
Code Sign
61:05:f7:1e:00:00:00:00:00:32Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2009, 23:00Not After13/10/2010, 23:10SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:16:b5:29:00:00:00:00:00:10Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/01/2010, 21:12Not After04/01/2013, 21:22SubjectCN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:16:b5:29:00:00:00:00:00:10Certificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before04/01/2010, 21:12Not After04/01/2013, 21:22SubjectCN=Microsoft Time-Stamp Service,OU=nCipher+OU=nCipher DSE ESN:ACD3-AE66-E0B5,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
79:ad:16:a1:4a:a0:a5:ad:4c:73:58:f4:07:13:2e:65Certificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before09/05/2001, 23:19Not After09/05/2021, 23:28SubjectCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dKey Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:15:08:27:00:00:00:00:00:0cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before25/01/2006, 23:22Not After25/01/2017, 23:32SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
e8:5b:d3:92:b4:88:bf:c8:c3:bd:86:0c:de:15:56:93:dd:70:8d:9cSigner
Actual PE Digeste8:5b:d3:92:b4:88:bf:c8:c3:bd:86:0c:de:15:56:93:dd:70:8d:9cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
dbghelp.pdb
Imports
msvcrt
_isatty
_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
??1type_info@@UEAA@XZ
ferror
wctomb
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
_onexit
_lock
__dllonexit
_unlock
_CxxThrowException
memset
memcpy
_ismbblead
__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
memmove
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
_wctime
time
??_V@YAXPEAX@Z
_ltoa
_strnicmp
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
free
_strlwr
wcsrchr
strstr
_wcsicmp
qsort
iswxdigit
wcsncmp
_vsnwprintf
iswprint
fprintf
fflush
atol
fclose
__unDName
iswdigit
memcmp
bsearch
_wfsopen
fread
fseek
wcstol
strchr
??_U@YAPEAX_K@Z
_time64
_wfullpath
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
_wgetenv
wcsstr
wcschr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_wsopen
kernel32
MoveFileW
SetFilePointer
DeleteFileW
CreateDirectoryW
FlushViewOfFile
MapViewOfFileEx
GetCurrentDirectoryW
InitializeCriticalSectionAndSpinCount
GetFileType
DeviceIoControl
SetFileAttributesW
__chkstk
CreateFileMappingW
LCMapStringW
LocalFree
GetVersion
FormatMessageW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
VirtualQueryEx
GetThreadTimes
GetThreadPriority
GetPriorityClass
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
IsProcessorFeaturePresent
GetSystemInfo
GetSystemTimeAsFileTime
lstrcmpiW
Sleep
DelayLoadFailureHook
LoadLibraryExA
ReadProcessMemory
GetProcessHeap
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesA
SetErrorMode
GetVersionExW
OutputDebugStringW
OutputDebugStringA
WriteFile
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
VirtualProtect
VirtualAlloc
CreateDirectoryA
GetFileAttributesW
GetFullPathNameW
WideCharToMultiByte
MultiByteToWideChar
SetLastError
FindFirstFileW
FindClose
FindNextFileW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetLastError
TlsGetValue
TlsSetValue
LoadLibraryA
GetProcAddress
FreeLibrary
TlsAlloc
TlsFree
GetVersionExA
InitializeCriticalSection
HeapCreate
HeapDestroy
DeleteCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
GetEnvironmentVariableW
GetModuleFileNameW
CreateFileW
CopyFileW
ExpandEnvironmentStringsW
Exports
Exports
DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo
Sections
.text Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 23KB - Virtual size: 120KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AIMX DMA1/info.db
-
AIMX DMA1/leechcore.dll.dll windows:6 windows x64 arch:x64
83c4e5af18d7859d3d7a04f4cfdf618c
Code Sign
13:7d:3c:05:5b:5a:d6:03:3f:27:66:92:c1:8b:36:1fCertificate
IssuerCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLNot Before20/12/2021, 07:19Not After20/12/2022, 07:19SubjectCN=Open Source Developer\, Ulf Frisk,O=Open Source Developer,L=Stockholm,C=SE,1.2.840.113549.1.9.1=#0c16756c662e667269736b40756c66667269736b2e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate
IssuerCN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLNot Before19/05/2021, 05:32Not After18/05/2036, 05:32SubjectCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
5f:34:8b:b2:de:82:2a:ed:20:29:07:2f:c8:50:f4:24:82:a6:45:0e:14:18:6f:2f:04:23:e0:76:61:2e:5e:27Signer
Actual PE Digest5f:34:8b:b2:de:82:2a:ed:20:29:07:2f:c8:50:f4:24:82:a6:45:0e:14:18:6f:2f:04:23:e0:76:61:2e:5e:27Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Github\production\LeechCore\files\lib\leechcore.pdb
Imports
rpcrt4
RpcBindingFree
RpcBindingFromStringBindingA
RpcStringBindingComposeA
NdrClientCall3
RpcBindingSetAuthInfoExA
RpcStringFreeA
setupapi
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
winusb
WinUsb_Free
WinUsb_Initialize
WinUsb_WritePipe
WinUsb_SetPipePolicy
WinUsb_ReadPipe
ws2_32
WSAStartup
closesocket
socket
connect
recvfrom
htons
inet_addr
send
ioctlsocket
WSAGetLastError
setsockopt
kernel32
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
Sleep
GetTickCount64
LoadLibraryA
CloseHandle
CreateThread
SwitchToThread
GetModuleFileNameA
FreeLibrary
ReadFile
DeviceIoControl
GetLastError
CreateFileA
SetFilePointerEx
VirtualFree
VirtualAlloc
CreateFileW
VerSetConditionMask
VerifyVersionInfoW
WriteProcessMemory
GetCurrentProcess
K32GetModuleFileNameExW
OpenProcess
K32EnumProcesses
ReadProcessMemory
K32GetMappedFileNameW
VirtualQueryEx
WaitForMultipleObjects
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
QueryPerformanceFrequency
ResetEvent
DeleteCriticalSection
QueryPerformanceCounter
TryEnterCriticalSection
WriteFile
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetProcAddress
advapi32
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
DeleteService
OpenSCManagerW
CloseServiceHandle
CreateServiceA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
vcruntime140
memcpy
memcmp
memset
strstr
__C_specific_handler
wcsstr
__std_type_info_destroy_list
api-ms-win-crt-stdio-l1-1-0
__acrt_iob_func
__stdio_common_vsprintf
fopen_s
_ftelli64
fread
_fseeki64
__stdio_common_vsnprintf_s
fclose
__stdio_common_vsnwprintf_s
getchar
__stdio_common_vfprintf
api-ms-win-crt-string-l1-1-0
strncpy_s
wcsncat_s
wcscpy_s
wcsncpy_s
strtok_s
strncat_s
_stricmp
_wcsicmp
strcpy_s
_strnicmp
strcat_s
api-ms-win-crt-convert-l1-1-0
_itoa_s
atoi
_atoi64
strtoull
api-ms-win-crt-utility-l1-1-0
srand
rand
api-ms-win-crt-runtime-l1-1-0
_execute_onexit_table
_cexit
_initialize_onexit_table
_initialize_narrow_environment
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
Exports
Exports
LcAllocScatter1
LcAllocScatter2
LcAllocScatter3
LcClose
LcCommand
LcCreate
LcCreateEx
LcDeviceParameterGet
LcDeviceParameterGetNumeric
LcGetOption
LcMemFree
LcMemMap_AddRange
LcMemMap_GetMaxAddress
LcMemMap_IsInitialized
LcRead
LcReadScatter
LcSetOption
LcWrite
LcWriteScatter
Sections
.text Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 160B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AIMX DMA1/symsrv.dll.dll windows:6 windows x64 arch:x64
5d54f5d721e301667338323ac07578e3
Code Sign
61:05:f7:1e:00:00:00:00:00:32Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before13/07/2009, 23:00Not After13/10/2010, 23:10SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:03:dc:f6:00:00:00:00:00:0cCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:12Not After25/07/2011, 19:22SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:15:08:27:00:00:00:00:00:0cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before25/01/2006, 23:22Not After25/01/2017, 23:32SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
42:7a:2b:33:4d:c7:52:a5:93:71:4e:8a:01:94:82:dd:13:04:5b:13Signer
Actual PE Digest42:7a:2b:33:4d:c7:52:a5:93:71:4e:8a:01:94:82:dd:13:04:5b:13Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
symsrv.pdb
Imports
msvcrt
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
ferror
wctomb
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
memset
memcpy
__C_specific_handler
_amsg_exit
free
_initterm
malloc
_XcptFilter
_errno
_wtoi64
_wcslwr
strrchr
wcsstr
??2@YAPEAX_K@Z
fclose
??3@YAXPEAX@Z
wcsrchr
fgetws
_wfopen
_stricmp
getenv
iswspace
tolower
isspace
towlower
_wcsnicmp
_wcsicmp
wcschr
memcmp
kernel32
SetLastError
FreeLibrary
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
Sleep
GlobalFree
ReleaseMutex
OpenMutexW
LoadLibraryW
GetSystemDirectoryW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetModuleFileNameW
LocalFileTimeToFileTime
ExpandEnvironmentStringsW
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFileTime
SetFilePointer
CreateFileA
DosDateTimeToFileTime
FileTimeToDosDateTime
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetSystemTime
DeleteFileW
GetFileTime
CreateWaitableTimerW
MoveFileW
ReadFile
WaitForSingleObject
SetWaitableTimer
CopyFileExW
GetFileSize
LoadLibraryA
LocalFree
DebugBreak
CloseHandle
RemoveDirectoryW
LocalAlloc
GetProcAddress
MultiByteToWideChar
CreateFileW
LocalReAlloc
GetVersionExW
FormatMessageW
WideCharToMultiByte
WriteFile
GetSystemTimeAsFileTime
GetModuleHandleW
OutputDebugStringW
CreateDirectoryW
GetCurrentProcess
CopyFileW
LeaveCriticalSection
GetFileAttributesW
GetLastError
GetEnvironmentVariableW
EnterCriticalSection
RaiseException
advapi32
RegQueryValueExW
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegEnumValueW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
EqualSid
Exports
Exports
EulaDlgProc
RunDllEntry
SymbolServer
SymbolServerByIndex
SymbolServerByIndexW
SymbolServerClose
SymbolServerDeltaName
SymbolServerDeltaNameW
SymbolServerGetIndexString
SymbolServerGetIndexStringW
SymbolServerGetOptions
SymbolServerGetSupplement
SymbolServerGetSupplementW
SymbolServerGetVersion
SymbolServerIsStore
SymbolServerIsStoreW
SymbolServerPing
SymbolServerPingW
SymbolServerSetOptions
SymbolServerSetOptionsW
SymbolServerStoreFile
SymbolServerStoreFileW
SymbolServerStoreSupplement
SymbolServerStoreSupplementW
SymbolServerW
httpCloseHandle
httpOpenFileHandle
httpOpenFileHandleW
httpQueryDataAvailable
httpReadFile
Sections
.text Size: 120KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 167KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AIMX DMA1/vmm.dll.dll windows:6 windows x64 arch:x64
4796fb6a0b553cd9faa8aeae6a141598
Code Sign
13:7d:3c:05:5b:5a:d6:03:3f:27:66:92:c1:8b:36:1fCertificate
IssuerCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLNot Before20/12/2021, 07:19Not After20/12/2022, 07:19SubjectCN=Open Source Developer\, Ulf Frisk,O=Open Source Developer,L=Stockholm,C=SE,1.2.840.113549.1.9.1=#0c16756c662e667269736b40756c66667269736b2e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate
IssuerCN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLNot Before19/05/2021, 05:32Not After18/05/2036, 05:32SubjectCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3b:c6:33:35:80:85:6b:d6:1a:98:fa:ce:3f:9e:f8:65:84:c0:a4:9a:75:c1:ae:8e:53:5a:2f:11:51:ef:fd:87Signer
Actual PE Digest3b:c6:33:35:80:85:6b:d6:1a:98:fa:ce:3f:9e:f8:65:84:c0:a4:9a:75:c1:ae:8e:53:5a:2f:11:51:ef:fd:87Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Github\production\MemProcFS\files\lib\vmm.pdb
Imports
leechcore
LcRead
LcCreateEx
LcClose
LcSetOption
LcReadScatter
LcAllocScatter1
LcWriteScatter
LcGetOption
LcCommand
LcAllocScatter2
LcMemFree
bcrypt
BCryptGetProperty
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptCreateHash
crypt32
CertCreateCertificateContext
CertFreeCertificateContext
CertGetNameStringW
shlwapi
StrStrIA
ws2_32
inet_ntop
kernel32
RtlVirtualUnwind
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
RtlCaptureContext
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleFileNameA
ResetEvent
CreateThread
LocalAlloc
LocalFree
EnterCriticalSection
GetLongPathNameW
WaitForMultipleObjects
LeaveCriticalSection
InitializeCriticalSection
GetTempPathW
WaitForSingleObject
CreateEventW
GetTickCount64
SetEvent
CloseHandle
GetLocalTime
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetSystemTimeAsFileTime
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
LoadLibraryA
GetProcAddress
VerSetConditionMask
FreeLibrary
VerifyVersionInfoW
InitializeCriticalSectionAndSpinCount
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
WideCharToMultiByte
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
QueryPerformanceFrequency
FindClose
SizeofResource
FileTimeToSystemTime
LockResource
LoadResource
FindResourceW
GetModuleHandleA
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
GetStdHandle
ReadConsoleA
SwitchToThread
FindFirstFileA
LoadLibraryExA
FindNextFileA
advapi32
LookupAccountSidA
RegOpenKeyExA
ConvertStringSidToSidA
IsValidSid
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
ConvertSidToStringSidA
vcruntime140
strstr
__C_specific_handler
strrchr
memset
memcmp
memcpy
memmove
__std_type_info_destroy_list
api-ms-win-crt-string-l1-1-0
_strnicmp
strncmp
strcpy_s
_stricmp
strcat_s
strcspn
strncat_s
strnlen
_wcsnicmp
strncpy_s
strcmp
strtok_s
api-ms-win-crt-stdio-l1-1-0
fopen_s
fread
__stdio_common_vfprintf
fclose
__stdio_common_vsnwprintf_s
__acrt_iob_func
_fseeki64
__stdio_common_vsprintf
tmpnam_s
__stdio_common_vsprintf_s
fwrite
__stdio_common_vsnprintf_s
_fsopen
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
strtoull
strtoul
api-ms-win-crt-filesystem-l1-1-0
_access_s
remove
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_cexit
_execute_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_beginthreadex
_endthreadex
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-heap-l1-1-0
malloc
free
realloc
_msize
api-ms-win-crt-math-l1-1-0
floor
log10
Exports
Exports
VMMDLL_Close
VMMDLL_CloseAll
VMMDLL_ConfigGet
VMMDLL_ConfigSet
VMMDLL_ForensicFileAppend
VMMDLL_Initialize
VMMDLL_InitializeEx
VMMDLL_InitializePlugins
VMMDLL_Log
VMMDLL_LogEx
VMMDLL_Map_GetEATU
VMMDLL_Map_GetEATW
VMMDLL_Map_GetHandleU
VMMDLL_Map_GetHandleW
VMMDLL_Map_GetHeap
VMMDLL_Map_GetHeapAlloc
VMMDLL_Map_GetIATU
VMMDLL_Map_GetIATW
VMMDLL_Map_GetModuleFromNameU
VMMDLL_Map_GetModuleFromNameW
VMMDLL_Map_GetModuleU
VMMDLL_Map_GetModuleW
VMMDLL_Map_GetNetU
VMMDLL_Map_GetNetW
VMMDLL_Map_GetPfn
VMMDLL_Map_GetPhysMem
VMMDLL_Map_GetPool
VMMDLL_Map_GetPteU
VMMDLL_Map_GetPteW
VMMDLL_Map_GetServicesU
VMMDLL_Map_GetServicesW
VMMDLL_Map_GetThread
VMMDLL_Map_GetUnloadedModuleU
VMMDLL_Map_GetUnloadedModuleW
VMMDLL_Map_GetUsersU
VMMDLL_Map_GetUsersW
VMMDLL_Map_GetVMU
VMMDLL_Map_GetVMW
VMMDLL_Map_GetVadEx
VMMDLL_Map_GetVadU
VMMDLL_Map_GetVadW
VMMDLL_MemFree
VMMDLL_MemPrefetchPages
VMMDLL_MemRead
VMMDLL_MemReadEx
VMMDLL_MemReadPage
VMMDLL_MemReadScatter
VMMDLL_MemSearch
VMMDLL_MemSize
VMMDLL_MemVirt2Phys
VMMDLL_MemWrite
VMMDLL_MemWriteScatter
VMMDLL_PdbLoad
VMMDLL_PdbSymbolAddress
VMMDLL_PdbSymbolName
VMMDLL_PdbTypeChildOffset
VMMDLL_PdbTypeSize
VMMDLL_PidGetFromName
VMMDLL_PidList
VMMDLL_ProcessGetDirectoriesU
VMMDLL_ProcessGetDirectoriesW
VMMDLL_ProcessGetInformation
VMMDLL_ProcessGetInformationString
VMMDLL_ProcessGetModuleBaseU
VMMDLL_ProcessGetModuleBaseW
VMMDLL_ProcessGetProcAddressU
VMMDLL_ProcessGetProcAddressW
VMMDLL_ProcessGetSectionsU
VMMDLL_ProcessGetSectionsW
VMMDLL_Scatter_Clear
VMMDLL_Scatter_CloseHandle
VMMDLL_Scatter_Execute
VMMDLL_Scatter_ExecuteRead
VMMDLL_Scatter_Initialize
VMMDLL_Scatter_Prepare
VMMDLL_Scatter_PrepareEx
VMMDLL_Scatter_PrepareWrite
VMMDLL_Scatter_Read
VMMDLL_UtilFillHexAscii
VMMDLL_UtilVfsReadFile_FromBOOL
VMMDLL_UtilVfsReadFile_FromDWORD
VMMDLL_UtilVfsReadFile_FromPBYTE
VMMDLL_UtilVfsReadFile_FromQWORD
VMMDLL_UtilVfsWriteFile_BOOL
VMMDLL_UtilVfsWriteFile_DWORD
VMMDLL_VfsListBlobU
VMMDLL_VfsListU
VMMDLL_VfsListW
VMMDLL_VfsList_AddDirectory
VMMDLL_VfsList_AddDirectoryW
VMMDLL_VfsList_AddFile
VMMDLL_VfsList_AddFileW
VMMDLL_VfsReadU
VMMDLL_VfsReadW
VMMDLL_VfsWriteU
VMMDLL_VfsWriteW
VMMDLL_VmGetVmmHandle
VMMDLL_VmMemGPA2Phys
VMMDLL_VmMemRead
VMMDLL_VmMemReadScatter
VMMDLL_VmMemWrite
VMMDLL_VmMemWriteScatter
VMMDLL_VmScatterInitialize
VMMDLL_WinGetThunkInfoIATU
VMMDLL_WinGetThunkInfoIATW
VMMDLL_WinReg_EnumKeyExU
VMMDLL_WinReg_EnumKeyExW
VMMDLL_WinReg_EnumValueU
VMMDLL_WinReg_EnumValueW
VMMDLL_WinReg_HiveList
VMMDLL_WinReg_HiveReadEx
VMMDLL_WinReg_HiveWrite
VMMDLL_WinReg_QueryValueExU
VMMDLL_WinReg_QueryValueExW
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 251KB - Virtual size: 251KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 68KB - Virtual size: 68KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 118KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ