ReleasedProject[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ReleasedProject.zip
Size

32.2MB
MD5

51c49f1a22a26675ceaa1b3e589a30e9
SHA1

1d1eff5d026061c8277091e299e7511d2800b552
SHA256

e0df67fcf96d13974c24a19192306a562b5e77be1467dbec64c4faf78b10e440
SHA512

9ffbf46d752b87e737f859117f8884c8b4496dac5b9d4a127841eff197dcae62b1b29336d9afc0855569dffaec3dd8f45cc15d21c6bbf14df320437db4df3f95
SSDEEP

786432:Qv53sVqHzkzjxnomB1QL/ui0JL3Xm2gCGe0B9ylgRKr:Qv530qyxnF87uJL3Xm2gnRc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ReleasedProject/Executor.exe

Files

ReleasedProject.zip
.zip

Password: 667788
ReleasedProject/Cached
ReleasedProject/Executor.exe
.exe windows:4 windows x86 arch:x86

Password: 667788

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Arctic.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReleasedProject/MEIPreload/manifest.json
ReleasedProject/MEIPreload/preloaded_data.pb
ReleasedProject/Microsoft.Windows.SDK.NET.dll
.dll windows:4 windows x86 arch:x86

Password: 667788

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:8a:ba:8c:a7:12:4c:04:0e:6b:32:10:3c:7b:8e:68:2a:2d:2a:ae:91:2c:bb:2f:7e:02:8e:85:ff:4c:75:9d
Signer

Actual PE Digest

9b:8a:ba:8c:a7:12:4c:04:0e:6b:32:10:3c:7b:8e:68:2a:2d:2a:ae:91:2c:bb:2f:7e:02:8e:85:ff:4c:75:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\s\NetSDKSln\obj\Release\net6.0\IIDOptimizer\Microsoft.Windows.SDK.NET.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18.9MB - Virtual size: 18.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReleasedProject/PresentationCore.dll
.dll windows:4 windows x64 arch:x64

Password: 667788

Code Sign

33:00:00:03:06:9c:9c:5d:25:e3:10:aa:47:00:00:00:00:03:06
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/08/2022, 20:23

Not After

03/08/2023, 20:23

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:75:e9:ef:b3:92:07:25:c3:bb:ca:77:91:59:99:0b:d3:e6:27:7d:c3:ee:a7:5a:d3:ae:bd:74:c0:2d:36:8b
Signer

Actual PE Digest

a5:75:e9:ef:b3:92:07:25:c3:bb:ca:77:91:59:99:0b:d3:e6:27:7d:c3:ee:a7:5a:d3:ae:bd:74:c0:2d:36:8b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PresentationCore.ni.pdb
/_/artifacts/obj/PresentationCore/x64/Release/net6.0/PresentationCore.pdb

Sections

.text
Size: 7.9MB - Virtual size: 7.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReleasedProject/PresentationFramework.dll
.dll windows:4 windows x64 arch:x64

Password: 667788

Code Sign

33:00:00:03:06:9c:9c:5d:25:e3:10:aa:47:00:00:00:00:03:06
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/08/2022, 20:23

Not After

03/08/2023, 20:23

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5e:5d:ec:35:99:ce:76:1e:00:86:9d:8a:36:4f:b9:50:d2:df:a0:a7:bb:56:9d:6c:82:7a:cb:54:9c:42:aa:8a
Signer

Actual PE Digest

5e:5d:ec:35:99:ce:76:1e:00:86:9d:8a:36:4f:b9:50:d2:df:a0:a7:bb:56:9d:6c:82:7a:cb:54:9c:42:aa:8a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PresentationFramework.ni.pdb
/_/artifacts/obj/PresentationFramework/x64/Release/net6.0/PresentationFramework.pdb

Sections

.text
Size: 14.6MB - Virtual size: 14.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 828KB - Virtual size: 827KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReleasedProject/WidevineCdm/LICENSE
ReleasedProject/WidevineCdm/_platform_specific/win_x64/widevinecdm.dll
.dll windows:5 windows x64 arch:x64

Password: 667788

5d3aa908e334e626a5c0f84098f52e62

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:d1:03:a7:f2:9d:96:35:49:d0:2e:08:ef:50:52:6e:5b:b2:c2:d1:12:4c:14:2f:6f:82:a3:cf:5f:f4:f1:1e
Signer

Actual PE Digest

aa:d1:03:a7:f2:9d:96:35:49:d0:2e:08:ef:50:52:6e:5b:b2:c2:d1:12:4c:14:2f:6f:82:a3:cf:5f:f4:f1:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

widevinecdm.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
AcquireSRWLockShared
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateSemaphoreW
CreateThread
DecodePointer
DeleteCriticalSection
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExitThread
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
FreeLibraryAndExitThread
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetExitCodeThread
GetFileSizeEx
GetFileType
GetFinalPathNameByHandleW
GetLastError
GetLocalTime
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProductInfo
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadGroupAffinity
GetThreadId
GetThreadPriority
GetTickCount
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitializeConditionVariable
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
InitializeSRWLock
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ReleaseSRWLockShared
ReleaseSemaphore
ResetEvent
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
TryEnterCriticalSection
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

user32

CharUpperW
EnumDisplayMonitors
GetMonitorInfoW
UnregisterClassW

ole32

CoTaskMemFree

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Exports

Exports

CreateCdmInstance
DeinitializeCdmModule
GetCdmVersion
GetHandleVerifier
InitializeCdmModule_4
VerifyCdmHost_0

Sections

.text
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.rodata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 385B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 70B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReleasedProject/WidevineCdm/_platform_specific/win_x64/widevinecdm.dll.sig
ReleasedProject/WidevineCdm/manifest.json
ReleasedProject/default_apps/external_extensions.json
ReleasedProject/dotnet4.dll
ReleasedProject/grpc_csharp_ext.x64.dll
.dll windows:6 windows x64 arch:x64

Password: 667788

ddc1242eabc6dfe5e51e45049088122c

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:a4:0f:94:18:70:d1:71:0d:28:da:d3:1c:a4:e6:60:aa:a2:d6:41:2a:81:e8:d9:ae:04:71:51:31:fd:8d:23
Signer

Actual PE Digest

a8:a4:0f:94:18:70:d1:71:0d:28:da:d3:1c:a4:e6:60:aa:a2:d6:41:2a:81:e8:d9:ae:04:71:51:31:fd:8d:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

T:\altsrc\github\grpc\workspace_csharp_ext_windows_x64\cmake\build\x64\grpc_csharp_ext.pdb

Imports

advapi32

RegGetValueA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
SystemFunction036

ws2_32

inet_ntop
WSAStartup
WSACleanup
htons
htonl
ntohl
ntohs
inet_pton
getservbyname
getservbyport
send
recvfrom
recv
ioctlsocket
connect
__WSAFDIsSet
gethostname
WSARecv
WSASend
WSARecvFrom
WSAConnect
WSASetLastError
setsockopt
listen
getsockname
getpeername
freeaddrinfo
getaddrinfo
WSAGetOverlappedResult
WSASocketA
WSAIoctl
WSAGetLastError
socket
closesocket
bind
getsockopt

kernel32

UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
VirtualProtect
GetVersionExW
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
OutputDebugStringW
SetEndOfFile
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
CloseHandle
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
FreeLibrary
GetProcAddress
WaitForMultipleObjectsEx
GetVersionExA
GetLastError
ExpandEnvironmentStringsA
GetWindowsDirectoryA
SetLastError
GetTickCount
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThreadId
SetEvent
WaitForSingleObject
CreateEventA
CreateThread
GetCurrentProcessorNumber
GetSystemInfo
LocalFree
FormatMessageA
GetEnvironmentVariableA
SetEnvironmentVariableA
InitializeSRWLock
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableSRW
GetModuleHandleA
GetCurrentProcess
VirtualAlloc
VirtualFree
GetLogicalProcessorInformation
InitOnceExecuteOnce
TlsAlloc
TlsGetValue
TlsSetValue
RtlVirtualUnwind
FindFirstFileExW
FindClose
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
LoadLibraryW
IsValidLocale
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FormatMessageW
WideCharToMultiByte
RtlPcToFileHeader
EncodePointer
DecodePointer
RaiseException
DuplicateHandle
GetCurrentThread
GetExitCodeThread
GetNativeSystemInfo
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
MultiByteToWideChar
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwindEx
LoadLibraryExW
InterlockedPushEntrySList
InterlockedFlushSList
ReadFile
GetTimeZoneInformation
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
GetModuleHandleExW
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
GetModuleFileNameW
HeapFree
HeapAlloc
ExitThread
ResumeThread
FreeLibraryAndExitThread
HeapReAlloc
SetConsoleCtrlHandler
GetStdHandle
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
RtlCaptureStackBackTrace

bcrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider

dbghelp

SymFromAddr
SymSetOptions
SymInitialize

Exports

Exports

gprsharp_convert_clock_type
gprsharp_free
gprsharp_inf_future
gprsharp_inf_past
gprsharp_now
gprsharp_sizeof_timespec
grpcsharp_auth_context_peer_identity_property_name
grpcsharp_auth_context_property_iterator
grpcsharp_auth_context_release
grpcsharp_auth_property_iterator_next
grpcsharp_batch_context_create
grpcsharp_batch_context_destroy
grpcsharp_batch_context_recv_close_on_server_cancelled
grpcsharp_batch_context_recv_initial_metadata
grpcsharp_batch_context_recv_message_length
grpcsharp_batch_context_recv_message_next_slice_peek
grpcsharp_batch_context_recv_status_on_client_details
grpcsharp_batch_context_recv_status_on_client_error_string
grpcsharp_batch_context_recv_status_on_client_status
grpcsharp_batch_context_recv_status_on_client_trailing_metadata
grpcsharp_batch_context_reset
grpcsharp_call_auth_context
grpcsharp_call_cancel
grpcsharp_call_cancel_with_status
grpcsharp_call_credentials_release
grpcsharp_call_destroy
grpcsharp_call_get_peer
grpcsharp_call_recv_initial_metadata
grpcsharp_call_recv_message
grpcsharp_call_send_close_from_client
grpcsharp_call_send_initial_metadata
grpcsharp_call_send_message
grpcsharp_call_send_status_from_server
grpcsharp_call_set_credentials
grpcsharp_call_start_client_streaming
grpcsharp_call_start_duplex_streaming
grpcsharp_call_start_server_streaming
grpcsharp_call_start_serverside
grpcsharp_call_start_unary
grpcsharp_channel_args_create
grpcsharp_channel_args_destroy
grpcsharp_channel_args_set_integer
grpcsharp_channel_args_set_string
grpcsharp_channel_check_connectivity_state
grpcsharp_channel_create_call
grpcsharp_channel_credentials_release
grpcsharp_channel_destroy
grpcsharp_channel_get_target
grpcsharp_channel_watch_connectivity_state
grpcsharp_completion_queue_create_async
grpcsharp_completion_queue_create_sync
grpcsharp_completion_queue_destroy
grpcsharp_completion_queue_next
grpcsharp_completion_queue_pluck
grpcsharp_completion_queue_shutdown
grpcsharp_composite_call_credentials_create
grpcsharp_composite_channel_credentials_create
grpcsharp_init
grpcsharp_insecure_channel_create
grpcsharp_metadata_array_add
grpcsharp_metadata_array_count
grpcsharp_metadata_array_create
grpcsharp_metadata_array_destroy_full
grpcsharp_metadata_array_get_key
grpcsharp_metadata_array_get_value
grpcsharp_metadata_credentials_create_from_plugin
grpcsharp_metadata_credentials_notify_from_plugin
grpcsharp_native_callback_dispatcher_init
grpcsharp_override_default_ssl_roots
grpcsharp_redirect_log
grpcsharp_request_call_context_call
grpcsharp_request_call_context_create
grpcsharp_request_call_context_deadline
grpcsharp_request_call_context_destroy
grpcsharp_request_call_context_host
grpcsharp_request_call_context_method
grpcsharp_request_call_context_request_metadata
grpcsharp_request_call_context_reset
grpcsharp_secure_channel_create
grpcsharp_server_add_insecure_http2_port
grpcsharp_server_add_secure_http2_port
grpcsharp_server_cancel_all_calls
grpcsharp_server_create
grpcsharp_server_credentials_release
grpcsharp_server_destroy
grpcsharp_server_register_completion_queue
grpcsharp_server_request_call
grpcsharp_server_shutdown_and_notify_callback
grpcsharp_server_start
grpcsharp_shutdown
grpcsharp_sizeof_grpc_event
grpcsharp_slice_buffer_adjust_tail_space
grpcsharp_slice_buffer_create
grpcsharp_slice_buffer_destroy
grpcsharp_slice_buffer_reset_and_unref
grpcsharp_slice_buffer_slice_count
grpcsharp_slice_buffer_slice_peek
grpcsharp_ssl_credentials_create
grpcsharp_ssl_server_credentials_create
grpcsharp_test_call_start_unary_echo
grpcsharp_test_callback
grpcsharp_test_nop
grpcsharp_test_override_method
grpcsharp_version_string

Sections

.text
Size: 8.6MB - Virtual size: 8.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 150KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 667788

Password: 667788

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 166KB - Virtual size: 165KB

.rsrc Size: 17KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 12B

Password: 667788

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:ccCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

9b:8a:ba:8c:a7:12:4c:04:0e:6b:32:10:3c:7b:8e:68:2a:2d:2a:ae:91:2c:bb:2f:7e:02:8e:85:ff:4c:75:9dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 18.9MB - Virtual size: 18.9MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 667788

Code Sign

33:00:00:03:06:9c:9c:5d:25:e3:10:aa:47:00:00:00:00:03:06Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

a5:75:e9:ef:b3:92:07:25:c3:bb:ca:77:91:59:99:0b:d3:e6:27:7d:c3:ee:a7:5a:d3:ae:bd:74:c0:2d:36:8bSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 7.9MB - Virtual size: 7.9MB

.data Size: 372KB - Virtual size: 371KB

.reloc Size: 32KB - Virtual size: 31KB

Password: 667788

Code Sign

33:00:00:03:06:9c:9c:5d:25:e3:10:aa:47:00:00:00:00:03:06Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

5e:5d:ec:35:99:ce:76:1e:00:86:9d:8a:36:4f:b9:50:d2:df:a0:a7:bb:56:9d:6c:82:7a:cb:54:9c:42:aa:8aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 14.6MB - Virtual size: 14.6MB

.data Size: 828KB - Virtual size: 827KB

.reloc Size: 70KB - Virtual size: 70KB

Password: 667788

5d3aa908e334e626a5c0f84098f52e62

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

.text
Size: 166KB - Virtual size: 165KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:cc:8e:b5:96:a6:bd:d1:c9:4e:00:00:00:00:02:cc
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

9b:8a:ba:8c:a7:12:4c:04:0e:6b:32:10:3c:7b:8e:68:2a:2d:2a:ae:91:2c:bb:2f:7e:02:8e:85:ff:4c:75:9d
Signer

.text
Size: 18.9MB - Virtual size: 18.9MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:06:9c:9c:5d:25:e3:10:aa:47:00:00:00:00:03:06
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a5:75:e9:ef:b3:92:07:25:c3:bb:ca:77:91:59:99:0b:d3:e6:27:7d:c3:ee:a7:5a:d3:ae:bd:74:c0:2d:36:8b
Signer

.text
Size: 7.9MB - Virtual size: 7.9MB

.data
Size: 372KB - Virtual size: 371KB

.reloc
Size: 32KB - Virtual size: 31KB

33:00:00:03:06:9c:9c:5d:25:e3:10:aa:47:00:00:00:00:03:06
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

5e:5d:ec:35:99:ce:76:1e:00:86:9d:8a:36:4f:b9:50:d2:df:a0:a7:bb:56:9d:6c:82:7a:cb:54:9c:42:aa:8a
Signer

.text
Size: 14.6MB - Virtual size: 14.6MB

.data
Size: 828KB - Virtual size: 827KB

.reloc
Size: 70KB - Virtual size: 70KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

aa:d1:03:a7:f2:9d:96:35:49:d0:2e:08:ef:50:52:6e:5b:b2:c2:d1:12:4c:14:2f:6f:82:a3:cf:5f:f4:f1:1e
Signer

.text
Size: 6.4MB - Virtual size: 6.4MB

.rdata
Size: 5.9MB - Virtual size: 5.9MB

.data
Size: 13KB - Virtual size: 13.8MB

.pdata
Size: 65KB - Virtual size: 65KB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 10KB - Virtual size: 9KB

.retplne
Size: 512B - Virtual size: 92B

.rodata
Size: 2KB - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 385B

.voltbl
Size: 512B - Virtual size: 70B

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 14KB - Virtual size: 14KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a8:a4:0f:94:18:70:d1:71:0d:28:da:d3:1c:a4:e6:60:aa:a2:d6:41:2a:81:e8:d9:ae:04:71:51:31:fd:8d:23
Signer

.text
Size: 8.6MB - Virtual size: 8.6MB

.rdata
Size: 2.8MB - Virtual size: 2.8MB

.data
Size: 150KB - Virtual size: 190KB

.pdata
Size: 476KB - Virtual size: 476KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: 1KB - Virtual size: 1KB

.gfids
Size: 7KB - Virtual size: 6KB