Extracted

• 5f012a7c1f68bce82f52fd82280a3a43ba54af7d8ceffc73ec5544181230f296

  .exe windows:4 windows x86 arch:x86

  3756947b3e7059e30bd77d705a3cb609

  
  

  Code Sign

  33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  15/12/2020, 21:31

  Not After

  02/12/2021, 21:31

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08/07/2011, 20:59

  Not After

  08/07/2026, 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  d1:f7:96:24:7c:ab:eb:91:c6:4c:8f:aa:2e:73:39:a6:c4:f7:f7:a0:78:39:98:8c:cd:9c:c6:a2:11:ec:f8:00

  Signer

  Actual PE Digest

  d1:f7:96:24:7c:ab:eb:91:c6:4c:8f:aa:2e:73:39:a6:c4:f7:f7:a0:78:39:98:8c:cd:9c:c6:a2:11:ec:f8:00

  Digest Algorithm

  sha256

  PE Digest Matches

  false

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  CloseHandle

  WriteFile

  SetFilePointer

  CreateFileA

  VirtualFree

  ReadFile

  VirtualAlloc

  GetFileSize

  PeekNamedPipe

  CreateProcessA

  GetStartupInfoA

  CreatePipe

  GetCurrentProcessId

  TerminateProcess

  WinExec

  FindClose

  FindFirstFileA

  GetSystemDirectoryA

  ExitProcess

  SetThreadPriority

  GetCurrentThread

  SetPriorityClass

  GetCurrentProcess

  SizeofResource

  LockResource

  LoadResource

  FindResourceA

  CreateDirectoryA

  ExpandEnvironmentStringsA

  GetTempPathA

  Sleep

  GetTickCount

  WideCharToMultiByte

  MultiByteToWideChar

  GetComputerNameA

  GetLastError

  GetModuleFileNameA

  GetVolumeInformationA

  OpenProcess

  GetVersionExA

  GetStringTypeW

  GetStringTypeA

  LCMapStringW

  GetSystemTimeAsFileTime

  HeapAlloc

  HeapFree

  GetProcAddress

  GetModuleHandleA

  GetCommandLineA

  GetProcessHeap

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  EnterCriticalSection

  LeaveCriticalSection

  RtlUnwind

  DeleteCriticalSection

  HeapReAlloc

  HeapDestroy

  HeapCreate

  GetStdHandle

  SetHandleCount

  GetFileType

  GetConsoleCP

  GetConsoleMode

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  LoadLibraryA

  InitializeCriticalSection

  FreeEnvironmentStringsA

  GetEnvironmentStrings

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  SetStdHandle

  FlushFileBuffers

  GetCPInfo

  GetACP

  GetOEMCP

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  HeapSize

  GetLocaleInfoA

  SetEndOfFile

  LCMapStringA

  advapi32

  GetUserNameA

  RegOpenKeyA

  RegDeleteKeyA

  RegCloseKey

  OpenProcessToken

  AllocateAndInitializeSid

  GetTokenInformation

  EqualSid

  FreeSid

  RegSetValueExA

  shell32

  SHChangeNotify

  ord680

  ShellExecuteA

  wininet

  HttpOpenRequestA

  InternetOpenA

  InternetConnectA

  InternetReadFile

  InternetOpenUrlA

  InternetCloseHandle

  HttpSendRequestA

  Sections

  .text

  Size: 56KB - Virtual size: 53KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 12KB - Virtual size: 9KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 8KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ