D:\yuanma\新散读apex 2.3\x64\Release\ApexDMA.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
DMS.zip
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
DMS.zip
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
DMS.zip
-
Size
1.6MB
-
MD5
20bbbdd3a4e2e66933a047e9f4538ac0
-
SHA1
7c3de713452ec8cf871c661b07c33d9e20fb88dc
-
SHA256
e9acf8378bba9a4b77d81cfea15363f245d2d4acdb9d10b0c14964e29bd9323c
-
SHA512
69e46153cba12d8b5cf44c2813a6584eb543327982b1a869a898c7162b726f9d38416aca9ee79a23c9f73067e03da618b9cb96159b89d4c79a64a6fcc99f9eae
-
SSDEEP
49152:146Gqc7EigGeo5DJXYDVRcGT8k1n1+W6r4q4OgOkUXaZg:1c7EigN+wT/1n1p6cOcU9
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/DMAAPEXv1.8/ApexDMA.exe unpack001/DMAAPEXv1.8/FTD3XX.dll
Files
-
DMS.zip.zip
Password: infect
-
DMAAPEXv1.8/ApexDMA.exe.exe windows:6 windows x64 arch:x64
Password: infect
f15b728fc9f9bb89d9919f8d577d53f5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ws2_32
WSAStartup
recvfrom
socket
sendto
inet_addr
htons
htonl
closesocket
bind
WSACleanup
kernel32
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetStdHandle
CreateFileA
UnhandledExceptionFilter
Sleep
GetCommState
SetCommState
SetCommTimeouts
SetConsoleTextAttribute
GetConsoleWindow
CreateThread
GetCurrentProcessId
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GlobalAlloc
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
CloseHandle
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
WriteFile
user32
UpdateWindow
GetSystemMetrics
PostQuitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
SetProcessDPIAware
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
SetWindowLongW
GetWindowLongW
WindowFromPoint
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
EmptyClipboard
GetClientRect
SetWindowTextW
ReleaseDC
GetDC
SetForegroundWindow
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
SetFocus
BringWindowToTop
IsIconic
SetWindowPos
SetLayeredWindowAttributes
ShowWindow
DestroyWindow
IsChild
CreateWindowExW
RegisterClassExW
UnregisterClassW
GetClipboardData
SetClipboardData
CloseClipboard
AdjustWindowRectEx
OpenClipboard
DefWindowProcW
TrackMouseEvent
gdi32
GetDeviceCaps
DeleteObject
CreateRectRgn
imm32
ImmReleaseContext
ImmAssociateContextEx
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext
d3dcompiler_47
D3DCompile
dwmapi
DwmGetColorizationColor
DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea
DwmEnableBlurBehindWindow
msvcp140
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Thrd_join
_Thrd_sleep
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??Bios_base@std@@QEBA_NXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
vmm
VMMDLL_MemReadEx
VMMDLL_WinReg_QueryValueExU
VMMDLL_MemFree
VMMDLL_Close
VMMDLL_Initialize
VMMDLL_ProcessGetModuleBaseU
VMMDLL_ProcessGetInformationAll
VMMDLL_PidGetFromName
VMMDLL_MemWrite
VMMDLL_Map_GetPhysMem
VMMDLL_Map_GetEATU
VMMDLL_Map_GetModuleFromNameU
VMMDLL_Scatter_CloseHandle
VMMDLL_Scatter_Clear
VMMDLL_Scatter_Read
VMMDLL_Scatter_ExecuteRead
VMMDLL_Scatter_Prepare
VMMDLL_MemRead
VMMDLL_Scatter_Initialize
d3d11
D3D11CreateDeviceAndSwapChain
setupapi
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
vcruntime140
__current_exception_context
__current_exception
__C_specific_handler
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcmp
memset
memmove
memcpy
memchr
strstr
__std_terminate
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-string-l1-1-0
strncmp
strcpy_s
toupper
strcmp
strncpy
api-ms-win-crt-runtime-l1-1-0
_get_initial_narrow_environment
_initterm_e
__p___argc
_errno
exit
__p___argv
_set_app_type
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_wassert
_invalid_parameter_noinfo_noreturn
terminate
_beginthreadex
_initterm
_exit
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
api-ms-win-crt-stdio-l1-1-0
fclose
fflush
__stdio_common_vsscanf
ftell
fread
__stdio_common_vsprintf_s
ungetc
setvbuf
_fseeki64
_set_fmode
fsetpos
fputc
fgetpos
fgetc
ferror
feof
__p__commode
__acrt_iob_func
_wfopen
fopen_s
_get_stream_buffer_pointers
fseek
__stdio_common_vfprintf
__stdio_common_vsprintf
fwrite
api-ms-win-crt-heap-l1-1-0
malloc
free
_set_new_mode
_callnewh
realloc
api-ms-win-crt-utility-l1-1-0
qsort
rand
srand
api-ms-win-crt-math-l1-1-0
pow
ldexp
logf
log
roundf
sinf
atan2f
cosf
ceilf
__setusermatherr
powf
sqrt
acosf
fmodf
sqrtf
api-ms-win-crt-convert-l1-1-0
strtol
strtoll
atoi
strtof
atof
api-ms-win-crt-filesystem-l1-1-0
_lock_file
_unlock_file
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-locale-l1-1-0
_configthreadlocale
Sections
.text Size: 638KB - Virtual size: 638KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 144KB - Virtual size: 144KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1024B - Virtual size: 724B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DMAAPEXv1.8/FTD3XX.dll.dll windows:6 windows x64 arch:x64
Password: infect
6f94f6f6008a841e2ba8090d85ca9d8f
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Project\D3xx\trunk\D3XX\d2xxdll\x64\Release\FTD3XX.pdb
Imports
setupapi
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
kernel32
CreateThread
WriteConsoleW
WaitForSingleObjectEx
OutputDebugStringW
OutputDebugStringA
SetFilePointerEx
CreateFileA
CloseHandle
GetLastError
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetOverlappedResult
SetEvent
CreateEventA
WaitForMultipleObjects
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
CreateFileW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
GetCurrentThread
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetProcessHeap
GetStdHandle
GetFileType
SetConsoleCtrlHandler
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
Exports
Exports
FT_AbortPipe
FT_ClearNotificationCallback
FT_ClearStreamPipe
FT_Close
FT_ControlTransfer
FT_Create
FT_CreateDeviceInfoList
FT_CycleDevicePort
FT_EnableGPIO
FT_FlushPipe
FT_GetChipConfiguration
FT_GetConfigurationDescriptor
FT_GetDescriptor
FT_GetDeviceDescriptor
FT_GetDeviceInfo
FT_GetDeviceInfoDetail
FT_GetDeviceInfoList
FT_GetDriverVersion
FT_GetFirmwareVersion
FT_GetGPIO
FT_GetInterfaceDescriptor
FT_GetLatencyTimer
FT_GetLibraryVersion
FT_GetOverlappedResult
FT_GetPipeInformation
FT_GetPipeTimeout
FT_GetQueueStatus
FT_GetStringDescriptor
FT_GetSuspendTimeout
FT_GetVIDPID
FT_InitializeD2XXExtension
FT_InitializeOverlapped
FT_IoCtl
FT_IsDevicePath
FT_ListDevices
FT_Open
FT_Purge
FT_Read
FT_ReadGPIO
FT_ReadPipe
FT_ReadPipeEx
FT_ReleaseOverlapped
FT_ResetDevicePort
FT_SetChipConfiguration
FT_SetGPIO
FT_SetGPIOLevel
FT_SetGPIOPull
FT_SetLatencyTimer
FT_SetNotificationCallback
FT_SetPipeTimeout
FT_SetStreamPipe
FT_SetSuspendTimeout
FT_SetUSBParameters
FT_WriteGPIO
FT_WritePipe
FT_WritePipeEx
Sections
.text Size: 285KB - Virtual size: 284KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 17KB - Virtual size: 17KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 388B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DMAAPEXv1.8/leechcore.dll.dll windows:6 windows x64 arch:x64
Password: infect
245f8d40de6893b471d1e488cfaf8c43
Code Sign
61:41:98:e7:6e:19:1c:5c:7a:9b:36:24:ae:39:1d:d1Certificate
IssuerCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLNot Before24/11/2023, 06:35Not After23/11/2024, 06:35SubjectCN=Open Source Developer\, Ulf Frisk,O=Open Source Developer,L=Stockholm,C=SE,1.2.840.113549.1.9.1=#0c16756c662e667269736b40756c66667269736b2e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate
IssuerCN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLNot Before19/05/2021, 05:32Not After18/05/2036, 05:32SubjectCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f2:3e:ef:5f:43:9c:46:2e:86:96:dd:5f:6f:11:93:02:a3:04:d4:14:e9:17:67:f8:cd:83:3d:2a:74:bb:72:21Signer
Actual PE Digestf2:3e:ef:5f:43:9c:46:2e:86:96:dd:5f:6f:11:93:02:a3:04:d4:14:e9:17:67:f8:cd:83:3d:2a:74:bb:72:21Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Github\production\LeechCore\files\lib\leechcore.pdb
Imports
credui
CredUIPromptForWindowsCredentialsW
CredUnPackAuthenticationBufferW
rpcrt4
NdrClientCall3
RpcBindingSetAuthInfoExA
RpcBindingFree
RpcStringFreeA
RpcBindingSetAuthInfoExW
RpcStringBindingComposeA
RpcBindingFromStringBindingA
secur32
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
LsaConnectUntrusted
setupapi
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
winusb
WinUsb_WritePipe
WinUsb_Free
WinUsb_SetPipePolicy
WinUsb_ReadPipe
WinUsb_Initialize
ws2_32
setsockopt
WSAGetLastError
htons
recvfrom
connect
socket
send
inet_addr
WSAStartup
closesocket
ioctlsocket
kernel32
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetTickCount64
GetModuleFileNameA
AcquireSRWLockShared
ReleaseSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
QueryPerformanceCounter
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LocalAlloc
LocalFree
DeleteCriticalSection
Sleep
LoadLibraryA
CloseHandle
CreateThread
SwitchToThread
GetProcAddress
FreeLibrary
ReadFile
DeviceIoControl
GetLastError
CreateFileA
SetFilePointerEx
VirtualFree
VirtualAlloc
CreateFileW
VerSetConditionMask
VerifyVersionInfoW
WriteProcessMemory
GetCurrentProcess
K32GetModuleFileNameExW
OpenProcess
K32EnumProcesses
ReadProcessMemory
K32GetMappedFileNameW
VirtualQueryEx
WaitForMultipleObjects
WaitForSingleObject
CreateEventW
SetEvent
QueryPerformanceFrequency
ResetEvent
IsProcessorFeaturePresent
advapi32
StartServiceA
ControlService
DeleteService
OpenSCManagerA
OpenSCManagerW
CloseServiceHandle
CreateServiceA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenServiceA
ole32
CoTaskMemFree
vcruntime140
memset
memcpy
__C_specific_handler
strstr
__std_type_info_destroy_list
memcmp
wcsstr
api-ms-win-crt-stdio-l1-1-0
fread
fopen_s
fwrite
__stdio_common_vsnwprintf_s
_fseeki64
__stdio_common_vswprintf_s
__stdio_common_vfprintf
fclose
__acrt_iob_func
getchar
__stdio_common_vsnprintf_s
__stdio_common_vsprintf
_ftelli64
api-ms-win-crt-string-l1-1-0
strncat_s
strtok_s
wcsncpy_s
strcpy_s
wcsncat_s
_strnicmp
_wcsicmp
strncpy_s
wcscpy_s
strcat_s
strcmp
_stricmp
api-ms-win-crt-convert-l1-1-0
atoi
_itoa_s
strtoull
api-ms-win-crt-utility-l1-1-0
rand
srand
api-ms-win-crt-runtime-l1-1-0
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table
_initterm
_cexit
_initterm_e
_seh_filter_dll
Exports
Exports
LcAllocScatter1
LcAllocScatter2
LcAllocScatter3
LcClose
LcCommand
LcCreate
LcCreateEx
LcDeviceParameterGet
LcDeviceParameterGetNumeric
LcGetOption
LcMemFree
LcMemMap_AddRange
LcMemMap_GetMaxAddress
LcMemMap_IsInitialized
LcRead
LcReadScatter
LcSetOption
LcWrite
LcWriteScatter
Sections
.text Size: 92KB - Virtual size: 91KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 160B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DMAAPEXv1.8/vcruntime140.dll.dll windows:6 windows x64 arch:x64
Password: infect
2cb5da5225e972a08f32d04b8085dc7e
Code Sign
33:00:00:01:1e:12:f4:41:8e:29:47:36:c6:00:00:00:00:01:1eCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before24/10/2018, 21:07Not After10/01/2020, 21:07SubjectCN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:AE2C-E32B-1AFC,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51Certificate
IssuerCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before02/05/2019, 21:37Not After02/05/2020, 21:37SubjectCN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:0e:90:d2:00:00:00:00:00:03Certificate
IssuerCN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before08/07/2011, 20:59Not After08/07/2026, 21:09SubjectCN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4d:24:84:5a:d8:24:0f:44:da:39:3d:42:56:23:00:97:c7:4b:f5:da:fd:f9:61:5c:7e:dd:52:3b:d3:99:48:9eSigner
Actual PE Digest4d:24:84:5a:d8:24:0f:44:da:39:3d:42:56:23:00:97:c7:4b:f5:da:fd:f9:61:5c:7e:dd:52:3b:d3:99:48:9eDigest Algorithmsha256PE Digest Matchestrue83:e2:5c:d3:76:2e:58:2f:51:05:f0:b7:49:b8:fb:d8:75:93:0b:7cSigner
Actual PE Digest83:e2:5c:d3:76:2e:58:2f:51:05:f0:b7:49:b8:fb:d8:75:93:0b:7cDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
d:\agent\_work\3\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb
Imports
api-ms-win-crt-runtime-l1-1-0
abort
terminate
api-ms-win-crt-heap-l1-1-0
calloc
malloc
free
api-ms-win-crt-string-l1-1-0
strcpy_s
wcsncmp
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsprintf_s
api-ms-win-crt-convert-l1-1-0
atol
kernel32
GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
GetModuleHandleW
GetModuleFileNameW
RtlUnwindEx
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
Exports
Exports
_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr
Sections
.text Size: 47KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 148B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 372B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
DMAAPEXv1.8/vmm.dll.dll windows:6 windows x64 arch:x64
Password: infect
0b77eba7e489d82b694bf66be928bc65
Code Sign
61:41:98:e7:6e:19:1c:5c:7a:9b:36:24:ae:39:1d:d1Certificate
IssuerCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLNot Before24/11/2023, 06:35Not After23/11/2024, 06:35SubjectCN=Open Source Developer\, Ulf Frisk,O=Open Source Developer,L=Stockholm,C=SE,1.2.840.113549.1.9.1=#0c16756c662e667269736b40756c66667269736b2e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39Certificate
IssuerCN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PLNot Before19/05/2021, 05:32Not After18/05/2036, 05:32SubjectCN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PLExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
89:e0:cc:8f:ca:56:f1:05:6c:17:94:64:47:90:d1:55:ce:d3:65:ff:7a:2b:4d:28:ac:d9:93:8b:66:b0:d5:aaSigner
Actual PE Digest89:e0:cc:8f:ca:56:f1:05:6c:17:94:64:47:90:d1:55:ce:d3:65:ff:7a:2b:4d:28:ac:d9:93:8b:66:b0:d5:aaDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Github\production\MemProcFS\files\lib\vmm.pdb
Imports
leechcore
LcRead
LcCreateEx
LcClose
LcSetOption
LcReadScatter
LcAllocScatter1
LcWriteScatter
LcGetOption
LcCommand
LcAllocScatter2
LcMemFree
bcrypt
BCryptCreateHash
BCryptHashData
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptFinishHash
BCryptOpenAlgorithmProvider
BCryptDestroyHash
crypt32
CertFreeCertificateContext
CertCreateCertificateContext
CertGetNameStringW
shlwapi
StrStrIA
ws2_32
inet_ntop
kernel32
RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetCurrentProcess
IsDebuggerPresent
TerminateProcess
UnhandledExceptionFilter
LockResource
ResetEvent
LocalAlloc
LocalFree
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetLongPathNameW
WaitForMultipleObjects
CreateEventW
GetTickCount64
SetEvent
GetLocalTime
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InitializeSRWLock
VerSetConditionMask
VerifyVersionInfoW
QueryPerformanceFrequency
GetModuleFileNameA
SizeofResource
FileTimeToSystemTime
FindClose
LoadResource
FindResourceW
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
InterlockedPushEntrySList
InitializeSListHead
InterlockedPopEntrySList
QueryDepthSList
GetStdHandle
ReadConsoleA
SwitchToThread
CreateThread
FindFirstFileA
LoadLibraryExA
FindNextFileA
advapi32
LookupAccountSidA
RegDeleteValueA
IsValidSid
ConvertStringSidToSidA
RegCreateKeyA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegGetValueA
ConvertSidToStringSidA
vcruntime140
strstr
__std_type_info_destroy_list
__C_specific_handler
strrchr
memcmp
memcpy
memmove
memset
api-ms-win-crt-string-l1-1-0
_wcsnicmp
_strnicmp
strncmp
strcmp
strcat_s
_stricmp
strcpy_s
strtok_s
strncpy_s
strncat_s
strspn
strnlen
strcspn
toupper
api-ms-win-crt-heap-l1-1-0
free
malloc
_msize
realloc
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_endthreadex
api-ms-win-crt-time-l1-1-0
_localtime64_s
api-ms-win-crt-stdio-l1-1-0
__stdio_common_vsnprintf_s
fread
tmpnam_s
__stdio_common_vsprintf
__stdio_common_vsprintf_s
fwrite
fclose
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsnwprintf_s
fopen_s
_fseeki64
_fsopen
fflush
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-convert-l1-1-0
strtoull
strtoul
api-ms-win-crt-filesystem-l1-1-0
remove
_access_s
api-ms-win-crt-math-l1-1-0
floor
log10
Exports
Exports
VMMDLL_Close
VMMDLL_CloseAll
VMMDLL_ConfigGet
VMMDLL_ConfigSet
VMMDLL_ForensicFileAppend
VMMDLL_Initialize
VMMDLL_InitializeEx
VMMDLL_InitializePlugins
VMMDLL_Log
VMMDLL_LogEx
VMMDLL_Map_GetEATU
VMMDLL_Map_GetEATW
VMMDLL_Map_GetHandleU
VMMDLL_Map_GetHandleW
VMMDLL_Map_GetHeap
VMMDLL_Map_GetHeapAlloc
VMMDLL_Map_GetIATU
VMMDLL_Map_GetIATW
VMMDLL_Map_GetModuleFromNameU
VMMDLL_Map_GetModuleFromNameW
VMMDLL_Map_GetModuleU
VMMDLL_Map_GetModuleW
VMMDLL_Map_GetNetU
VMMDLL_Map_GetNetW
VMMDLL_Map_GetPfn
VMMDLL_Map_GetPfnEx
VMMDLL_Map_GetPhysMem
VMMDLL_Map_GetPool
VMMDLL_Map_GetPteU
VMMDLL_Map_GetPteW
VMMDLL_Map_GetServicesU
VMMDLL_Map_GetServicesW
VMMDLL_Map_GetThread
VMMDLL_Map_GetUnloadedModuleU
VMMDLL_Map_GetUnloadedModuleW
VMMDLL_Map_GetUsersU
VMMDLL_Map_GetUsersW
VMMDLL_Map_GetVMU
VMMDLL_Map_GetVMW
VMMDLL_Map_GetVadEx
VMMDLL_Map_GetVadU
VMMDLL_Map_GetVadW
VMMDLL_MemFree
VMMDLL_MemPrefetchPages
VMMDLL_MemRead
VMMDLL_MemReadEx
VMMDLL_MemReadPage
VMMDLL_MemReadScatter
VMMDLL_MemSearch
VMMDLL_MemSize
VMMDLL_MemVirt2Phys
VMMDLL_MemWrite
VMMDLL_MemWriteScatter
VMMDLL_PdbLoad
VMMDLL_PdbSymbolAddress
VMMDLL_PdbSymbolName
VMMDLL_PdbTypeChildOffset
VMMDLL_PdbTypeSize
VMMDLL_PidGetFromName
VMMDLL_PidList
VMMDLL_ProcessGetDirectoriesU
VMMDLL_ProcessGetDirectoriesW
VMMDLL_ProcessGetInformation
VMMDLL_ProcessGetInformationAll
VMMDLL_ProcessGetInformationString
VMMDLL_ProcessGetModuleBaseU
VMMDLL_ProcessGetModuleBaseW
VMMDLL_ProcessGetProcAddressU
VMMDLL_ProcessGetProcAddressW
VMMDLL_ProcessGetSectionsU
VMMDLL_ProcessGetSectionsW
VMMDLL_Scatter_Clear
VMMDLL_Scatter_CloseHandle
VMMDLL_Scatter_Execute
VMMDLL_Scatter_ExecuteRead
VMMDLL_Scatter_Initialize
VMMDLL_Scatter_Prepare
VMMDLL_Scatter_PrepareEx
VMMDLL_Scatter_PrepareWrite
VMMDLL_Scatter_PrepareWriteEx
VMMDLL_Scatter_Read
VMMDLL_UtilFillHexAscii
VMMDLL_UtilVfsReadFile_FromBOOL
VMMDLL_UtilVfsReadFile_FromDWORD
VMMDLL_UtilVfsReadFile_FromPBYTE
VMMDLL_UtilVfsReadFile_FromQWORD
VMMDLL_UtilVfsWriteFile_BOOL
VMMDLL_UtilVfsWriteFile_DWORD
VMMDLL_VfsListBlobU
VMMDLL_VfsListU
VMMDLL_VfsListW
VMMDLL_VfsList_AddDirectory
VMMDLL_VfsList_AddDirectoryW
VMMDLL_VfsList_AddFile
VMMDLL_VfsList_AddFileW
VMMDLL_VfsReadU
VMMDLL_VfsReadW
VMMDLL_VfsWriteU
VMMDLL_VfsWriteW
VMMDLL_VmGetVmmHandle
VMMDLL_VmMemRead
VMMDLL_VmMemReadScatter
VMMDLL_VmMemTranslateGPA
VMMDLL_VmMemWrite
VMMDLL_VmMemWriteScatter
VMMDLL_VmScatterInitialize
VMMDLL_WinGetThunkInfoIATU
VMMDLL_WinGetThunkInfoIATW
VMMDLL_WinReg_EnumKeyExU
VMMDLL_WinReg_EnumKeyExW
VMMDLL_WinReg_EnumValueU
VMMDLL_WinReg_EnumValueW
VMMDLL_WinReg_HiveList
VMMDLL_WinReg_HiveReadEx
VMMDLL_WinReg_HiveWrite
VMMDLL_WinReg_QueryValueExU
VMMDLL_WinReg_QueryValueExW
VMMDLL_YaraSearch
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 277KB - Virtual size: 276KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 13KB - Virtual size: 16KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 74KB - Virtual size: 73KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ