Extended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
Overview
overview
10Static
static
3DeElevator.exe
windows7-x64
10DeElevator.exe
windows10-1703-x64
10DeElevator.exe
windows10-2004-x64
10DeElevator.exe
windows11-21h2-x64
10DeElevator64.dll
windows7-x64
1DeElevator64.dll
windows10-1703-x64
1DeElevator64.dll
windows10-2004-x64
1DeElevator64.dll
windows11-21h2-x64
1Static task
static1
Behavioral task
behavioral1
Sample
DeElevator.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DeElevator.exe
Resource
win10-20240214-en
Behavioral task
behavioral3
Sample
DeElevator.exe
Resource
win10v2004-20240221-en
Behavioral task
behavioral4
Sample
DeElevator.exe
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
DeElevator64.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
DeElevator64.dll
Resource
win10-20240221-en
Behavioral task
behavioral7
Sample
DeElevator64.dll
Resource
win10v2004-20240221-en
Behavioral task
behavioral8
Sample
DeElevator64.dll
Resource
win11-20240221-en
Target
MapACASvc.rar
Size
307KB
MD5
07a75f45a0a0ef08667f80bdb6de1e7f
SHA1
cc559a749988edaee98b90a79d1dbd3d4491c007
SHA256
42bb35a99f00d6ec5a18aced113c138d05a5e9662b61e7130a7383f440c4db27
SHA512
b9b09561b1ded9c8d95b3586ac779c7aa542f6fe6d466f2ec1230134f1e03518f23d3b6c340ffedf9d86a194e95e6328e48465d46cdd03535cb9d663fd585ea7
SSDEEP
6144:0n0/SzCU0v+5ZOxnfnK2okPu/qEp+MFO/T/nZn7yFsmseaXBc:0wSGUa+gnxPu/qD7/BYaRc
Checks for missing Authenticode signature.
resource |
---|
unpack001/DeElevator64.dll |
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageContentCommitment
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
f:\Users\GreenReaper\Documents\Visual Studio 2005\Projects\DeElevator\x64\Release\DeElevate64.pdb
GetCommandLineW
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
ExitProcess
LocalFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlCaptureContext
MessageBoxW
CommandLineToArgvW
RunNonElevated
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
CreateFileW
GetFileSize
ReadFile
WriteFile
CloseHandle
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
VirtualAlloc
VirtualFree
OutputDebugStringW
CreateThread
VirtualProtect
DisableThreadLibraryCalls
FindResourceExW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
lstrcpyW
WriteConsoleW
SetFilePointerEx
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitProcess
GetModuleHandleExW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
RunNonElevated
RunNonElevatedRunDllW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ