Telegram Desktop[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Telegram Desktop.zip
Size

9.3MB
MD5

311f8e33de278e9a2a3a09086cb444e1
SHA1

7d1006c3d39d868de2540be2e888ce4c4c35a6d3
SHA256

d86296cba8a3752b0d794ce152830a544ec7cd7b64dbcdf2aca73481cec59de9
SHA512

7f248ebe1e22982fcc73092cdf8ebbe5b5d9f549c81f17a59451bb5eabcd70a7094560d6dde00a2f7fdfeab18cfaed4bb97401ec45b54e4a84851857402c69db
SSDEEP

196608:KSgUGDobZblzSOaqxg9h+WTwI7oIFOsVp6dfVVXcpb4P9+fwG0s:KSHGUlblzSbqCXZUVJ6psfbcR4Xs

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack004/Checker Zalando/Checker Zalando.exe	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
static1/unpack004/Checker Zalando/Checker Zalando.exe	WebBrowserPassView

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/DscCore.dll
unpack002/DscCoreConfProv.dll
unpack002/drvstore.dll
unpack003/dmview.ocx
unpack003/dnscmmc.dll
unpack003/elshyph.dll
unpack004/Checker Zalando/Checker Zalando.exe
unpack004/Checker Zalando/dycpasapi.dll

Files

Telegram Desktop.zip
.zip
AIO checker 2023.rar
.rar
AIO checker 2023.exe
.exe windows:6 windows x86 arch:x86

f0e0146e7ff4f18a3a5eed18099e5979

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2015, 00:00

Not After

03/10/2018, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:29:41:5c:a1:2e:d8:7d:a8:ba:b5:66:2d:e1:d6:cf:7b:99:82:fe
Signer

Actual PE Digest

22:29:41:5c:a1:2e:d8:7d:a8:ba:b5:66:2d:e1:d6:cf:7b:99:82:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\0ufHwaNfSeScFQ8BgERmZBYvzmD1P86k\Bullet.pdb

Imports

gdi32

ArcTo

user32

CreateIconIndirect

ole32

CoGetApartmentType
CoGetObjectContext

advapi32

SetServiceStatus

kernel32

ReadFile
HeapReAlloc
WriteConsoleW
ReadConsoleW
CreateFileW
CloseHandle
WaitForSingleObject
CreateThread
GetProcAddress
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FormatMessageA
InitOnceBeginInitialize
InitOnceComplete
GetLastError
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
RtlCaptureStackBackTrace
IsProcessorFeaturePresent
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
LocalFree
GetLocaleInfoEx
SetFileInformationByHandle
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetFileInformationByHandleEx
CreateSymbolicLinkW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
HeapSize
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThread
SetConsoleCtrlHandler
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer

Sections

.text
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 757KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ММM
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DscCore.dll
.dll regsvr32 windows:6 windows x64 arch:x64

5c4f5e9d3de04ba637c8b0cb336d0cc1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dsccore.pdb

Imports

msvcrt

_wfopen_s
_wcsicmp
memset
fwscanf_s
fwprintf_s
_vsnwprintf
_waccess
_waccess_s
fseek
fclose
clock
_onexit
__dllonexit
wcsrchr
memcmp
memcpy
_unlock
_lock
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
memmove_s
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@XZ
??0exception@@QEAA@AEBQEBD@Z
??0exception@@QEAA@AEBQEBDH@Z
??0exception@@QEAA@AEBV0@@Z
memcpy_s
_CxxThrowException
__CxxFrameHandler3
??1type_info@@UEAA@XZ
malloc
free
swprintf_s

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FreeLibrary
GetProcAddress
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-sysinfo-l1-2-1

GetSystemDirectoryW
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-rtlsupport-l1-2-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-processthreads-l1-1-2

SetThreadToken
TerminateProcess
GetCurrentProcessId
OpenThreadToken
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

mi

mi_clientFT_V1
MI_Application_InitializeV1

kernel32

ReleaseSemaphore
OpenSemaphoreW
FindFirstFileW
FindClose
FindNextFileW
ResetEvent
GetFileSize
GetComputerNameW
ReadFile
RemoveDirectoryW
WideCharToMultiByte
HeapReAlloc
CreateEventW
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentVariableW
GetTempFileNameW
CreateProcessW
HeapAlloc
HeapFree
CreateDirectoryW
WaitForSingleObject
GetCurrentThread
GetProcessHeap
WriteFile
CopyFileW
FormatMessageW
GetExitCodeProcess
CreateFileW
MultiByteToWideChar
GetTempPathW
SetLastError
GetLocalTime
DeleteCriticalSection
CloseHandle
DeleteFileW
LocalFree
ExpandEnvironmentStringsW
SetEvent
InitializeCriticalSectionAndSpinCount

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateGuid
StringFromGUID2
CoInitializeEx
CoCreateInstance

dscpspluginwkr

StopCurrentPSConfiguration
Pull_GetConfiguration_ManagedPlugin
Test
Get
Pull_InstallCertificate_ManagedPlugin
Pull_GetAction_ManagedPlugin
Set
GetResourceProvider

mimofcodec

MI_Application_NewSerializer_Mof
MI_Application_NewDeserializer_Mof

ntdll

WinSqmAddToStreamEx
WinSqmEndSession
WinSqmStartSession

api-ms-win-security-base-l1-2-0

ImpersonateSelf
RevertToSelf
AdjustTokenPrivileges
GetTokenInformation

crypt32

CryptAcquireCertificatePrivateKey
CryptStringToBinaryW
CertCloseStore
CertFindCertificateInStore
CertFreeCertificateContext
CertOpenStore
CryptBinaryToStringA

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-shutdown-l1-1-1

InitiateSystemShutdownExW

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWrite
EventRegister

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW

cryptsp

CryptDecrypt
CryptGetUserKey

miutils

QualifierFlavorToWMI
Instance_New
ResultFromHRESULT
ResultToHRESULT
TypeToCimType
ValueToVariant

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

Exports

Exports

CATraps
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
LCMTraps
MI_Main
NITS
NITS_PRESENCE

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DscCoreConfProv.dll
.dll regsvr32 windows:6 windows x64 arch:x64

1d21f3140d0d1815b30431e6647792c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DscCoreConfProv.pdb

Imports

msvcrt

??1type_info@@UEAA@XZ
wcspbrk
towlower
_lock
_vsnwprintf
??0exception@@QEAA@XZ
__C_specific_handler
_wcsicmp
??0exception@@QEAA@AEBQEBD@Z
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
fputws
??1exception@@UEAA@XZ
_wmakepath_s
_onexit
wcsncmp
feof
?what@exception@@UEBAPEBDXZ
_wfsopen
fread
memmove_s
_get_errno
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_CxxThrowException
malloc
fclose
ferror
swprintf_s
__dllonexit
_wfopen_s
wcscpy_s
free
_wcserror_s
_wsplitpath_s
_unlock
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleHandleW
LoadStringW
FreeLibrary
LoadLibraryExW
GetProcAddress

api-ms-win-core-sysinfo-l1-2-1

GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW

api-ms-win-core-errorhandling-l1-1-1

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc

api-ms-win-core-file-l1-2-1

WriteFile
FindNextFileW
DeleteFileW
CreateFileW
FindFirstFileExW
CreateDirectoryW
RemoveDirectoryW
GetFileSize
SetFileAttributesW
FindFirstFileW
FindClose
ReadFile

mpr

WNetCancelConnection2W
WNetAddConnection2W

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-synch-l1-2-0

ReleaseSemaphore
Sleep
WaitForSingleObject
OpenSemaphoreW

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-processthreads-l1-1-2

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCServerW
PathRemoveFileSpecW
PathFindNextComponentW
PathCombineW
PathRemoveBackslashW
PathCanonicalizeW
PathStripToRootW
PathIsRootW

api-ms-win-core-kernel32-legacy-l1-1-1

GetComputerNameW
CopyFileW

cryptsp

CryptHashData
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash

mi

mi_clientFT_V1
MI_Application_InitializeV1

mimofcodec

MI_Application_NewDeserializer_Mof
MI_Application_NewSerializer_Mof

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

api-ms-win-core-localization-l1-2-1

FormatMessageW

api-ms-win-eventing-provider-l1-1-0

EventRegister
EventUnregister
EventWrite

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer
GetProviderClassID
MI_Main
NITS
NITS_PRESENCE
NativeProviderTraps

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.txt
drvstore.dll
.dll windows:6 windows x64 arch:x64

6d870c47b3b76e4c1d34231c2eb3d0f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

PDB Paths

drvstore.pdb

Imports

msvcrt

memcpy
__C_specific_handler
_initterm
malloc
free
wcsncmp
_amsg_exit
_XcptFilter
wcstol
_ultow_s
swprintf_s
swscanf
bsearch
toupper
towupper
_vsnprintf
_resetstkoflw
_wcsnicmp
wcstoul
iswxdigit
swscanf_s
memset
wcsstr
wcsrchr
memmove
_wcsicmp
wcschr
_vsnwprintf
memcmp
wcscmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
NtEnumerateKey
NtEnumerateValueKey
NtQueryKey
RtlInitUnicodeStringEx
NtQueryValueKey
NtOpenKey
RtlIsTextUnicode
RtlGetVersion
RtlNtStatusToDosErrorNoTeb
NtCreateFile
RtlInitUnicodeString
LdrUnloadDll
LdrGetProcedureAddress
LdrLoadDll
RtlGetAce
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlValidSid
RtlGetSaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlMapGenericMask
RtlGetDaclSecurityDescriptor
RtlInitializeSid
RtlSelfRelativeToAbsoluteSD2
RtlMakeSelfRelativeSD
RtlGetOwnerSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlUnicodeToMultiByteSize
RtlUnicodeToMultiByteN
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlUpcaseUnicodeChar
NtQuerySystemInformation
RtlGUIDFromString
RtlRandomEx
RtlImageNtHeader
NtSetInformationFile
RtlFormatCurrentUserKeyPath
RtlFreeUnicodeString
NtDeleteKey
NtCreateKey
NtSetValueKey
RtlUnicodeStringToInteger
RtlAllocateHeap
RtlFreeHeap
NtOpenThreadTokenEx
NtOpenProcessTokenEx
NtQueryInformationToken
RtlEqualSid
RtlValidRelativeSecurityDescriptor
RtlLengthSecurityDescriptor
RtlEqualUnicodeString
RtlPrefixUnicodeString
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
NtOpenThreadToken
NtOpenProcessToken
NtQuerySecurityObject
NtDuplicateToken
NtAdjustPrivilegesToken
NtSetInformationThread
RtlCopySid
RtlAddAce
NtSetSecurityObject
NtDeleteValueKey
NtQueryObject
NtDuplicateObject
RtlTimeToTimeFields
LdrGetDllHandle
RtlInitAnsiString
RtlCreateUnicodeString
RtlDuplicateUnicodeString
RtlGetLastNtStatus
VerSetConditionMask
RtlVerifyVersionInfo
NtOpenProcess
NtQueryInformationProcess
NtQueryInformationFile
NtClose
RtlNtStatusToDosError

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetErrorMode
RaiseException
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetLocalTime
GetSystemTimeAsFileTime

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
EnterCriticalSection
SleepEx
CreateMutexW
LeaveCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
WaitForSingleObjectEx
CreateEventW
ReleaseMutex
SetEvent

api-ms-win-core-file-l1-1-0

WriteFile
GetTempFileNameW
FindFirstFileW
CreateDirectoryW
GetShortPathNameW
ReadFile
GetFileSizeEx
LocalFileTimeToFileTime
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
FileTimeToLocalFileTime
SetFileTime
CompareFileTime
GetFileTime
FindClose
SetEndOfFile
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateFileA
SetFilePointer
CreateFileW
GetFileAttributesW
GetFileInformationByHandle
FindNextFileW
RemoveDirectoryW
GetDriveTypeW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringW
WideCharToMultiByte
GetStringTypeExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW
lstrcmpW
lstrlenA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegLoadKeyW
RegUnLoadKeyW
RegDeleteValueW
RegCreateKeyExW
RegSaveKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegFlushKey
RegQueryValueExW
RegDeleteKeyExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeAbsoluteSD
IsValidSecurityDescriptor
MakeSelfRelativeSD
FreeSid
SetSecurityDescriptorGroup
EqualSid
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
AllocateAndInitializeSid
SetFileSecurityW
AdjustTokenPrivileges
GetKernelObjectSecurity
DuplicateTokenEx
GetFileSecurityW
CheckTokenMembership
SetKernelObjectSecurity

api-ms-win-core-file-l2-1-0

MoveFileExW
CopyFileExW
CreateHardLinkW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
UnmapViewOfFile
MapViewOfFile

api-ms-win-core-localization-obsolete-l1-2-0

GetSystemDefaultUILanguage

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
GetProcAddress
LoadLibraryExW

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc

api-ms-win-core-localization-l1-2-0

GetThreadLocale
LCMapStringW
FormatMessageW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineA
GetEnvironmentVariableW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TlsAlloc
GetCurrentProcess
GetCurrentThread
TlsGetValue
TlsSetValue
TlsFree
TerminateProcess
GetCurrentProcessId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-0

GetNativeSystemInfo

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
GetFileVersionInfoSizeExW
VerQueryValueW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc

api-ms-win-core-processsecurity-l1-1-0

SetThreadToken
OpenProcessToken
OpenThreadToken

api-ms-win-core-kernel32-legacy-l1-1-0

DosDateTimeToFileTime

api-ms-win-core-rtlsupport-l1-1-0

RtlCompareMemory

api-ms-win-core-file-l1-2-0

GetTempPathW

Exports

Exports

DriverPackageClose
DriverPackageEnumClassesW
DriverPackageEnumConfigurationsW
DriverPackageEnumDevicesW
DriverPackageEnumDriversW
DriverPackageEnumFilesW
DriverPackageEnumInterfacesW
DriverPackageEnumPropertiesW
DriverPackageEnumRegKeysW
DriverPackageEnumServicesW
DriverPackageGetVersionInfoW
DriverPackageOpenW
DriverStoreClose
DriverStoreConfigureW
DriverStoreCopyW
DriverStoreDeleteW
DriverStoreDriverPackageResolveCallbackW
DriverStoreEnumObjectsW
DriverStoreEnumW
DriverStoreFindW
DriverStoreGetObjectPropertyKeysW
DriverStoreGetObjectPropertyW
DriverStoreImportW
DriverStoreOfflineAddDriverPackageA
DriverStoreOfflineAddDriverPackageW
DriverStoreOfflineDeleteDriverPackageA
DriverStoreOfflineDeleteDriverPackageW
DriverStoreOfflineEnumDriverPackageA
DriverStoreOfflineEnumDriverPackageW
DriverStoreOfflineFindDriverPackageA
DriverStoreOfflineFindDriverPackageW
DriverStoreOpenW
DriverStorePublishW
DriverStoreReflectCriticalW
DriverStoreReflectW
DriverStoreSetLogContext
DriverStoreSetObjectPropertyW
DriverStoreUnconfigureW
DriverStoreUnpublishW
DriverStoreUnreflectCriticalW
DriverStoreUnreflectW
pServerDeleteDriverPackage
pServerImportDriverPackage

Sections

.text
Size: 669KB - Virtual size: 668KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CC Checker AcTeam.rar
.rar
CC Checker AcTeam.exe
.exe windows:6 windows x86 arch:x86

f0e0146e7ff4f18a3a5eed18099e5979

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/09/2015, 00:00

Not After

03/10/2018, 12:00

Subject

CN=Valve,O=Valve,L=Bellevue,ST=WA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:29:41:5c:a1:2e:d8:7d:a8:ba:b5:66:2d:e1:d6:cf:7b:99:82:fe
Signer

Actual PE Digest

22:29:41:5c:a1:2e:d8:7d:a8:ba:b5:66:2d:e1:d6:cf:7b:99:82:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\0ufHwaNfSeScFQ8BgERmZBYvzmD1P86k\Bullet.pdb

Imports

gdi32

ArcTo

user32

CreateIconIndirect

ole32

CoGetApartmentType
CoGetObjectContext

advapi32

SetServiceStatus

kernel32

ReadFile
HeapReAlloc
WriteConsoleW
ReadConsoleW
CreateFileW
CloseHandle
WaitForSingleObject
CreateThread
GetProcAddress
RaiseException
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
FormatMessageA
InitOnceBeginInitialize
InitOnceComplete
GetLastError
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
RtlCaptureStackBackTrace
IsProcessorFeaturePresent
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
Sleep
SwitchToThread
GetExitCodeThread
GetNativeSystemInfo
LocalFree
GetLocaleInfoEx
SetFileInformationByHandle
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetSystemTimeAsFileTime
GetTickCount64
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetModuleHandleW
GetFileInformationByHandleEx
CreateSymbolicLinkW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
InitializeSListHead
HeapSize
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetCurrentThread
SetConsoleCtrlHandler
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
OutputDebugStringW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer

Sections

.text
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 757KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ММM
Size: 512B - Virtual size: 294B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
README.txt
dmview.ocx
.dll regsvr32 windows:6 windows x64 arch:x64

cade1bb83eee406153899628af9ee28a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dmview.pdb

Imports

mfc42u

ord3920
ord2902
ord629
ord1043
ord493
ord971
ord1875
ord4573
ord4953
ord2488
ord2712
ord287
ord1473
ord1510
ord1527
ord455
ord949
ord408
ord904
ord3742
ord599
ord4209
ord2546
ord5353
ord4808
ord2111
ord3137
ord5890
ord3020
ord2394
ord6257
ord5889
ord4301
ord3310
ord4623
ord5388
ord2992
ord5166
ord1441
ord3396
ord2105
ord2783
ord4436
ord4257
ord4601
ord1561
ord1566
ord5445
ord525
ord984
ord3283
ord3754
ord6175
ord4985
ord4372
ord3165
ord3053
ord3374
ord4816
ord3363
ord3244
ord3050
ord6807
ord2398
ord4895
ord3537
ord2491
ord5385
ord5399
ord4761
ord5416
ord4962
ord4754
ord5110
ord5113
ord5111
ord4697
ord4702
ord4713
ord4941
ord5475
ord4997
ord4998
ord5011
ord5157
ord4695
ord5004
ord5017
ord5434
ord5056
ord5010
ord5031
ord5032
ord5033
ord5307
ord5308
ord5024
ord5339
ord5334
ord5329
ord5395
ord4951
ord4874
ord4904
ord5302
ord5012
ord5143
ord5025
ord5026
ord4412
ord5978
ord3069
ord2917
ord5074
ord5072
ord5572
ord4121
ord3019
ord5629
ord1964
ord2159
ord6380
ord5322
ord5248
ord2181
ord6011
ord4752
ord5054
ord4683
ord1345
ord5946
ord1701
ord2450
ord3850
ord4983
ord3484
ord3384
ord5868
ord4822
ord6800
ord3447
ord6799
ord1891
ord4576
ord1512
ord496
ord974
ord2300
ord4771
ord4986
ord3385
ord4786
ord5708
ord6808
ord1777
ord6437
ord2517
ord5080
ord5406
ord5245
ord4721
ord5687
ord5419
ord5235
ord5038
ord4926
ord6133
ord2574
ord6577
ord6238
ord2846
ord659
ord1063
ord4213
ord2751
ord1517
ord6787
ord1530
ord3837
ord3534
ord6053
ord5711
ord5730
ord5065
ord4368
ord5724
ord5722
ord3468
ord2412
ord5615
ord1388
ord4191
ord6071
ord2515
ord2559
ord4836
ord6813
ord1126
ord2463
ord912
ord6385
ord4262
ord3417
ord4567
ord627
ord1041
ord6395
ord6544
ord6349
ord6393
ord3407
ord3806
ord4747
ord2593
ord2629
ord1287
ord1284
ord2845
ord4187
ord1966
ord2461
ord650
ord1055
ord4594
ord3910
ord311
ord827
ord2639
ord1506
ord1524
ord4550
ord4273
ord2754
ord2757
ord2756
ord3748
ord1427
ord1426
ord1082
ord288
ord812
ord1544
ord1586
ord1555
ord1583
ord1585
ord355
ord1477
ord1553
ord1416
ord1491
ord1577
ord6880
ord2121
ord5804
ord6821
ord2876
ord5815
ord6832
ord6351
ord6632
ord6522
ord5061
ord2178
ord2138
ord6520
ord2776
ord1646
ord1647
ord2898
ord3346
ord6886
ord2857
ord4481
ord4599
ord3783
ord3790
ord3830
ord286
ord1574
ord2427
ord2408
ord3740
ord851
ord336
ord622
ord620
ord4473
ord1463
ord2393
ord624
ord1040
ord626
ord1122
ord6734
ord2906
ord6887
ord665
ord1067
ord4770
ord4988
ord4371
ord3164
ord4077
ord4083
ord4082
ord3046
ord3166
ord3052
ord3366
ord3231
ord4815
ord3362
ord3243
ord3049
ord5699
ord2140
ord2457
ord5683
ord1736
ord5484
ord3933
ord6814
ord2060
ord2670
ord4789
ord5229
ord4017
ord5712
ord4694
ord6812
ord5586
ord2399
ord5663
ord1778
ord4365
ord5000
ord6440

msvcrt

_initterm
malloc
free
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_purecall
wcsncmp
localeconv
__C_specific_handler
_wtoi
iswdigit
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
_lock
_unlock
__dllonexit
_onexit
wcsstr
??1type_info@@UEAA@XZ
_CxxThrowException
log10
memset

dmdskmgr

?GetScopeNode@CDMScopeNodeCollection@@QEAAH_JPEAPEAVCDMScopeNode@@@Z
?GetParentDiskPtr@CDMNodeObj@@QEAAPEAV1@XZ
?GetUIState@CTaskData@@QEAAKXZ
?EnumDisks@CTaskData@@QEAAXAEAKPEAPEA_J@Z
?EnumVolumes@CTaskData@@QEAAXAEAKPEAPEA_J@Z
?DoDelete@CContextMenu@@QEAAX_J@Z
?GetResultPane@CDMSnapin@@QEAAH_JPEAPEAVCDMResultPane@@@Z
?GetDeviceType@CDMNodeObj@@QEAAKXZ
?EnumFirstVolumeMember@CDMNodeObj@@QEAAXAEA_JAEAJ@Z
?namecmp@@YAHPEBG0@Z
?ShowContextMenu@CContextMenu@@QEAAJPEAVCWnd@@JJ_J@Z
?GetResultStringArray@CDMNodeObj@@QEAAHAEAVCStringArray@@@Z
?PopUpInit@CContextMenu@@QEAAXPEAVCDMNodeObj@@AEAH1H@Z
?GetStorageType@CDMNodeObj@@QEAAXAEAVCString@@H@Z
?UpDateConsoleView@CDMSnapin@@QEAAX_J@Z
?GetSizeString@CDMNodeObj@@QEAAXAEAVCString@@@Z
?GetObjectId@CDMNodeObj@@QEAAXAEA_J@Z
?GetImageNum@CDMNodeObj@@QEAAHXZ
?GetSizeMB@CDMNodeObj@@QEAAXAEA_J@Z
?GetExtendedRegionColor@CDMNodeObj@@QEAAKXZ
?IsHiddenRegion@CDMNodeObj@@QEAAHXZ
?GetSize@CDMNodeObj@@QEAAXAEA_JH@Z
?GetDiskInfo@CDMNodeObj@@QEAAHAEAUdiskinfoex@@@Z
?EnumDiskRegions@CDMNodeObj@@QEAAXPEAPEA_JAEAJ@Z
?GetStorageType@CDMNodeObj@@QEAA?AW4_STORAGE_TYPES@@XZ
?GetPatternRef@CDMNodeObj@@QEAAHXZ
?GetColorRef@CDMNodeObj@@QEAAKXZ
?GetVolumeStatus@CDMNodeObj@@QEAAHAEAVCString@@@Z
?GetFileSystemLabel@CDMNodeObj@@QEAAXAEAVCString@@@Z
?GetFileSystemName@CDMNodeObj@@QEAAXAEAVCString@@@Z
?GetFlags@CDMNodeObj@@QEAAJXZ
?GetParentVolumePtr@CDMNodeObj@@QEAAPEAV1@XZ
?GetDriveLetter@CDMNodeObj@@QEAAXAEAG@Z
?GetName@CDMNodeObj@@QEAAXAEAVCString@@@Z
?GetOfflineReasonText@CDMNodeObj@@QEAAHAEAVCString@@@Z
?IsDiskOffline@CDMNodeObj@@QEAAHXZ
?GetDiskStatus@CDMNodeObj@@QEAAHAEAVCString@@@Z
?EnumVolumeMembers@CDMNodeObj@@QEAAXPEAPEA_JAEAJ@Z
?GetDiskTypeName@CDMNodeObj@@QEAAXAEAVCString@@@Z
?Command@CContextMenu@@QEAAJJPEAUIDataObject@@_J@Z

kernel32

GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
LocalAlloc
LocalFree
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess

comctl32

ImageList_GetIcon
ImageList_Draw
ImageList_AddMasked

user32

GetWindowRect
EnableWindow
SendMessageW
RegisterWindowMessageW
NotifyWinEvent
BeginPaint
GetClientRect
EndPaint
GetDC
ReleaseDC
ShowScrollBar
GetSysColor
GetFocus
InvalidateRect
ScreenToClient
SystemParametersInfoW
GetCursorPos
PtInRect
GetKeyState
DrawFrameControl
LoadCursorW
SetCursor
LoadBitmapW
PostMessageW
GetParent
SetRect
ClientToScreen
FillRect
DrawTextExW
DrawIconEx
LoadImageW
DestroyIcon
IsWindow
PostThreadMessageW

oleaut32

LoadRegTypeLi
SysAllocString

gdi32

BitBlt
CreateBitmap
GetDeviceCaps
SelectObject
CreateCompatibleDC
GetTextMetricsW
CreateFontIndirectW
CreateSolidBrush
PatBlt
GetBkColor
ExtTextOutW
CreateHatchBrush
GetTextExtentPoint32W

shlwapi

StrCmpLogicalW

oleacc

AccessibleObjectFromWindow
LresultFromObject

dmutil

ShowMessage

Exports

Exports

?AddLDMObjMapEntry@CDataCache@@QEAAXPEAU_LDM_OBJ_MAP_ENTRY@@@Z
?GetDiskCount@CDataCache@@QEAAKXZ
?GetLdmObjectId@CDMNodeObj@@QEAA_JXZ
?GetNumMembers@CDMNodeObj@@QEAAKXZ
?GetOcxFrameCWndPtr@CTaskData@@QEAAPEAVCWnd@@XZ
?GetRegionColorStructPtr@CTaskData@@QEAAXPEAPEAU_REGION_COLORS@@AEAH@Z
?GetServerName@CDataCache@@QEAA?AVCString@@XZ
?GetVolumeCount@CDataCache@@QEAAKXZ
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dnscmmc.dll
.dll regsvr32 windows:6 windows x64 arch:x64

3922b90b5a2eecbfa5765ccf4dbe450f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

dnscmmc.pdb

Imports

msvcrt

??2@YAPEAX_K@Z
_CxxThrowException
_cexit
abort
memmove
??3@YAXPEAX@Z
__CxxFrameHandler3
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
malloc
free
_amsg_exit
_XcptFilter
_errno
memset

ole32

CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree
CoCreateInstance

kernel32

RtlVirtualUnwind
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetTickCount
OutputDebugStringA
GetProcAddress
SetLastError
GetVersion
GetLastError
VirtualQuery
RtlPcToFileHeader
GetModuleHandleA
GetSystemTimeAsFileTime
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
lstrlenW
GlobalAlloc
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
Sleep
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter

mscoree

_CorDllMain
CorBindToRuntimeEx

user32

LoadStringW
LoadImageA
RegisterClipboardFormatW

advapi32

RegQueryValueExW
RegDeleteKeyW
RegDeleteTreeW
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteValueW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 858B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
elshyph.dll
.dll windows:6 windows x64 arch:x64

b6b3ace989c6db7ab2cafc69ea32ef86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

elshyph.pdb

Imports

msvcrt

realloc
free
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
??8type_info@@QEBAHAEBV0@@Z
_vsnwprintf
towlower
bsearch
_wtoi
setlocale
memcpy
strerror
___mb_cur_max_func
_errno
__pctype_func
___lc_handle_func
___lc_codepage_func
calloc
__crtLCMapStringW
__uncaught_exception
abort
_CxxThrowException
??0exception@@QEAA@XZ
memcmp
memset
__CxxFrameHandler3
_onexit
__dllonexit
_unlock
_lock
??1type_info@@UEAA@XZ
__C_specific_handler
_initterm
_amsg_exit
wcscpy_s
_XcptFilter
malloc
_purecall
??_V@YAXPEAX@Z
memmove
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
??3@YAXPEAX@Z
??1exception@@UEAA@XZ
wcscmp

ntdll

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

kernel32

DecodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetStringTypeW
WideCharToMultiByte
MultiByteToWideChar
GetUserPreferredUILanguages
UnmapViewOfFile
CloseHandle
CreateFileW
GetLastError
LocalFree
CreateFileMappingW
MapViewOfFile
CompareStringOrdinal
InitializeSRWLock
AcquireSRWLockShared
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetSystemWindowsDirectoryW
AcquireSRWLockExclusive
DisableThreadLibraryCalls
Sleep
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
EncodePointer

advapi32

RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegOpenKeyExW
RegCloseKey
RegOpenCurrentUser
RegEnumKeyExW
EventWrite
EventUnregister
EventRegister
RegQueryInfoKeyW
RegEnumValueW

shlwapi

PathAppendW

Exports

Exports

DoAction
FreePropertyBag
FreeService
InitService
RecognizeText

Sections

.text
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Checker Zalando.rar
.rar
Checker Zalando/Checker Zalando.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

/e?0!|]G
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Checker Zalando/dycpasapi.dll
.dll windows:6 windows x64 arch:x64

147334bd1cbbd98036ac54896aaddeab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\Free Menu Project\Again\BLUGTA - Other Countries\bin\Release\SpookyGui.pdb

Imports

urlmon

URLDownloadToFileW

winmm

timeGetTime

kernel32

QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SetLastError
FormatMessageA
CreateFileA
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
GetEnvironmentVariableW
WideCharToMultiByte
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FindClose
FindFirstFileW
FindNextFileW
MultiByteToWideChar
FormatMessageW
WriteFile
GetSystemTimeAsFileTime
VerSetConditionMask
ConvertFiberToThread
LoadLibraryW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
CreateProcessW
GetExitCodeProcess
WaitForSingleObject
EnterCriticalSection
ConvertThreadToFiber
SwitchToFiber
DeleteFiber
CreateFiber
GetModuleFileNameA
GetModuleHandleExW
GetProcAddress
AttachConsole
GetCurrentProcessId
AllocConsole
GetStdHandle
SetConsoleTitleA
SetConsoleOutputCP
SetConsoleTextAttribute
FreeConsole
DisableThreadLibraryCalls
FreeLibraryAndExitThread
CreateThread
CloseHandle
FlushFileBuffers
EnumSystemLocalesW
SleepEx
Sleep
RtlVirtualUnwind
LeaveCriticalSection
GetModuleHandleA
IsThreadAFiber
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
GetModuleFileNameW
SetStdHandle
SetConsoleCtrlHandler
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
ExitThread
ExitProcess
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
OutputDebugStringW
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
CreateEventW
ResetEvent
SetEvent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlLookupFunctionEntry
GetCPInfo
GetStringTypeW
GetTickCount64
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
QueryPerformanceCounter
GetModuleHandleW
GetTickCount
WriteConsoleW
HeapCreate
GetCurrentProcess
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
VerifyVersionInfoW
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
RtlCaptureContext
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindFirstFileExW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetFileInformationByHandle
AreFileApisANSI
CopyFileW
GetFileInformationByHandleEx
LocalFree
GetLocaleInfoEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetExitCodeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
RtlPcToFileHeader
RaiseException
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

user32

ClientToScreen
SetCursor
GetClientRect
ReleaseDC
GetDC
GetForegroundWindow
ReleaseCapture
SetCapture
GetCapture
GetKeyState
IsChild
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
ScreenToClient
GetAsyncKeyState
SetProcessDPIAware
SetWindowLongPtrW
CallWindowProcW
FindWindowW
MessageBoxA
GetCursorPos
SetCursorPos
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
LoadCursorW
MonitorFromWindow

advapi32

CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptSignHashW
CryptEnumProvidersW

bcrypt

BCryptGenRandom

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

ws2_32

WSAGetLastError
htonl
listen
ioctlsocket
getaddrinfo
freeaddrinfo
inet_pton
recvfrom
sendto
gethostname
shutdown
getnameinfo
__WSAFDIsSet
select
WSASetLastError
bind
connect
getpeername
getsockname
getsockopt
socket
ntohs
setsockopt
WSAIoctl
WSAStartup
WSACleanup
accept
closesocket
recv
ntohl
send
htons

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143

crypt32

CryptQueryObject
CertGetCertificateContextProperty
CertOpenStore
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CertCloseStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

gdi32

GetDeviceCaps

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 97KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0e0146e7ff4f18a3a5eed18099e5979

Code Sign

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39Certificate

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

22:29:41:5c:a1:2e:d8:7d:a8:ba:b5:66:2d:e1:d6:cf:7b:99:82:feSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

ole32

advapi32

kernel32

Sections

.text Size: 576KB - Virtual size: 575KB

.rdata Size: 757KB - Virtual size: 756KB

.data Size: 1.6MB - Virtual size: 1.6MB

.idata Size: 5KB - Virtual size: 5KB

.ММM Size: 512B - Virtual size: 294B

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 270B

.reloc Size: 28KB - Virtual size: 28KB

5c4f5e9d3de04ba637c8b0cb336d0cc1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-profile-l1-1-0

mi

kernel32

ole32

dscpspluginwkr

mimofcodec

ntdll

api-ms-win-security-base-l1-2-0

crypt32

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-shutdown-l1-1-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

cryptsp

miutils

oleaut32

Exports

Exports

Sections

.text Size: 171KB - Virtual size: 171KB

.data Size: 6KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

0c:e7:e0:e5:17:d8:46:fe:8f:e5:60:fc:1b:f0:30:39
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

08:4c:af:4d:f4:99:14:1d:40:4b:71:99:aa:2c:21:31
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

22:29:41:5c:a1:2e:d8:7d:a8:ba:b5:66:2d:e1:d6:cf:7b:99:82:fe
Signer

.text
Size: 576KB - Virtual size: 575KB

.rdata
Size: 757KB - Virtual size: 756KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.idata
Size: 5KB - Virtual size: 5KB

.ММM
Size: 512B - Virtual size: 294B

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 270B

.reloc
Size: 28KB - Virtual size: 28KB

.text
Size: 171KB - Virtual size: 171KB

.data
Size: 6KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 175KB - Virtual size: 175KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 5KB - Virtual size: 5KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB