A10_UPX[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

A10_UPX.exe
Size

11.0MB
MD5

05372795f73195b4545db265e31d3c4a
SHA1

2ab26ef2aabb7266ce90e3644df7a6c1fab1e9c1
SHA256

e8c5312b324cc17c658de4a55f3da9e14e55a96bd4653ae65c3958185dae44f3
SHA512

cc63e77e5644d67bcde65cce4c62fb2c0717a495590a7936bfcd08623ae8646cb94f82f6234fe3b8b16aceb971bc911fdc0ae1b433d1c778e59e112c71e4d604
SSDEEP

196608:8XyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:8ihL3HyGGlj+E3I6Ev0Pex

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
A10_UPX.exe
unpack001/$PLUGINSDIR/DotNetChecker.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsisdl.dll
unpack001/out.upx

Files

A10_UPX.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 492KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 313KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/DotNetChecker.dll
.dll windows:6 windows x86 arch:x86

97f7d9845e06a5a728269d7279e09e03

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\sean.fleming\source\repos\NsisDotNetChecker\plugin\Release\DotNetChecker.pdb

Imports

kernel32

FreeLibrary
LoadLibraryExW
GetProcAddress
CreateFileW
DecodePointer
LoadLibraryW
GetSystemInfo
SetErrorMode
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetStringTypeW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
RaiseException

user32

GetSystemMetrics
wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Exports

Exports

GetDotNet10ServicePack
GetDotNet11ServicePack
GetDotNet20ServicePack
GetDotNet30ServicePack
GetDotNet35ServicePack
GetDotNet40ClientServicePack
GetDotNet40FullServicePack
GetDotNet451ServicePack
GetDotNet452ServicePack
GetDotNet45ServicePack
GetDotNet461ServicePack
GetDotNet462ServicePack
GetDotNet46ServicePack
GetDotNet471ServicePack
GetDotNet472ServicePack
GetDotNet47ServicePack
IsDotNet10Installed
IsDotNet11Installed
IsDotNet20Installed
IsDotNet30Installed
IsDotNet35Installed
IsDotNet40ClientInstalled
IsDotNet40FullInstalled
IsDotNet451Installed
IsDotNet452Installed
IsDotNet45Installed
IsDotNet461Installed
IsDotNet462Installed
IsDotNet46Installed
IsDotNet471Installed
IsDotNet472Installed
IsDotNet47Installed

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

5e62e8e248e7364886b604bd1fcf4c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisdl.dll
.dll windows:4 windows x86 arch:x86

ed06d61f6957c32cd324837726a5a070

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

wsock32

__WSAFDIsSet
WSAStartup
WSACleanup
send
WSAGetLastError
recv
select
connect
shutdown
closesocket
socket
htons
inet_ntoa
ioctlsocket
gethostbyname

user32

SetWindowLongW
CharPrevA
SetDlgItemTextA
RegisterWindowMessageW
DestroyWindow
EnableWindow
wsprintfA
CallWindowProcW
CreateWindowExW
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExW
SetWindowTextA
GetWindowRect
SendMessageW
GetWindowLongW

kernel32

MultiByteToWideChar
WideCharToMultiByte
lstrcpynW
lstrcpyW
CreateFileW
WriteFile
Sleep
DeleteFileW
GetTickCount
MulDiv
GlobalFree
GlobalAlloc
lstrcatA
lstrlenA
lstrcpynA
WaitForSingleObject
CloseHandle
lstrcmpiA
CreateThread
lstrcpyA

Exports

Exports

download
download_quiet

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 882B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Anycast.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31/05/2017, 18:14

Not After

30/05/2042, 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:82:21:0b:98:59:23:19:44:0c:1d:11:42:bc:06:a9
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

12/08/2023, 15:26

Not After

21/08/2025, 16:31

Subject

SERIALNUMBER=7560039,CN=HYBRIDDB LLC,O=HYBRIDDB LLC,L=Claymont,ST=Delaware,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:e1:a9:fc:2d:9a:45:51:d5:99:13:23:ba:dd:92:a2:8f:49:a0:57:79:00:0a:7f:1a:b8:35:ac:82:d1:48:23
Signer

Actual PE Digest

b9:e1:a9:fc:2d:9a:45:51:d5:99:13:23:ba:dd:92:a2:8f:49:a0:57:79:00:0a:7f:1a:b8:35:ac:82:d1:48:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Anycast\Anycast.Windows\Anycast\obj\Release\Anycast.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Anycast.exe.config
.xml
Packet.dll
.dll windows:6 windows x64 arch:x64

75e6589fd407f403bc0d30a24208dc2a

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

05/05/2021, 00:00

Not After

10/06/2024, 23:59

Subject

SERIALNUMBER=200010310013,CN=Insecure.Com LLC,O=Insecure.Com LLC,L=Seattle,ST=Washington,C=US,1.3.6.1.4.1.311.60.2.1.2=#130a43616c69666f726e6961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:4e:29:7c:13:28:17:c4:bd:33:62:8d:ce:d2:ea:6e:3f:ee:09:09:cf:6a:3c:44:ea:47:b7:6c:c5:cd:ca:af
Signer

Actual PE Digest

ab:4e:29:7c:13:28:17:c4:bd:33:62:8d:ce:d2:ea:6e:3f:ee:09:09:cf:6a:3c:44:ea:47:b7:6c:c5:cd:ca:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\x64\Release\Packet.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

htons
htonl

iphlpapi

GetAdaptersAddresses

kernel32

WideCharToMultiByte
ReadFile
GetModuleFileNameA
SetNamedPipeHandleState
SetLastError
GetFullPathNameW
WriteFile
DeviceIoControl
GetModuleFileNameW
CreateMutexW
GetSystemDirectoryW
HeapReAlloc
MultiByteToWideChar
GetProcessHeap
GetLastError
GetFileAttributesA
CreateFileA
SetEvent
QueryPerformanceFrequency
CloseHandle
LoadLibraryW
GetProcAddress
GetCurrentProcessId
QueryPerformanceCounter
FlushFileBuffers
ReleaseMutex
WaitForSingleObject
HeapFree
Sleep
HeapAlloc
GetConsoleOutputCP
GetConsoleMode
CreateFileW
WriteConsoleW
CreateEventW
IsProcessorFeaturePresent
HeapSize
SetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
SetFilePointerEx
GetStringTypeW

advapi32

RegCloseKey
QueryServiceStatus
CloseServiceHandle
RegQueryValueExA
OpenSCManagerW
AllocateAndInitializeSid
ControlService
FreeSid
StartServiceW
CheckTokenMembership
RegOpenKeyExA
OpenServiceA

shell32

ShellExecuteExA

Exports

Exports

PacketAllocatePacket
PacketCloseAdapter
PacketFreePacket
PacketGetAdapterNames
PacketGetAirPcapHandle
PacketGetDriverName
PacketGetDriverVersion
PacketGetMonitorMode
PacketGetNetInfoEx
PacketGetNetType
PacketGetReadEvent
PacketGetStats
PacketGetStatsEx
PacketGetTimestampModes
PacketGetVersion
PacketInitPacket
PacketIsDumpEnded
PacketIsLoopbackAdapter
PacketIsMonitorModeSupported
PacketLibraryVersion
PacketOpenAdapter
PacketReceivePacket
PacketRequest
PacketSendPacket
PacketSendPackets
PacketSetBpf
PacketSetBuff
PacketSetDumpLimits
PacketSetDumpName
PacketSetHwFilter
PacketSetLoopbackBehavior
PacketSetMinToCopy
PacketSetMode
PacketSetMonitorMode
PacketSetNumWrites
PacketSetReadTimeout
PacketSetSnapLen
PacketSetTimestampMode
PacketStopDriver

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
anycast-service.exe
.exe windows:6 windows x64 arch:x64

a51d9e0a1ce4356d504beffd161eb2dd

Code Sign

56:b6:29:cd:34:bc:78:f6
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

31/05/2017, 18:14

Not After

30/05/2042, 18:14

Subject

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:82:21:0b:98:59:23:19:44:0c:1d:11:42:bc:06:a9
Certificate

Issuer

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

12/08/2023, 15:26

Not After

21/08/2025, 16:31

Subject

SERIALNUMBER=7560039,CN=HYBRIDDB LLC,O=HYBRIDDB LLC,L=Claymont,ST=Delaware,C=US,1.3.6.1.4.1.311.60.2.1.3=#13025553,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

Issuer

CN=SSL.com EV Root Certification Authority RSA R2,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

26/03/2019, 17:44

Not After

22/03/2034, 17:44

Subject

CN=SSL.com EV Code Signing Intermediate CA RSA R3,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:3a:d9:d6:df:b9:07:95:6a:c5:e6:bb:ad:35:e2:88:f0:44:1a:a9:e1:7c:61:47:51:33:53:75:ed:59:7f:eb
Signer

Actual PE Digest

ea:3a:d9:d6:df:b9:07:95:6a:c5:e6:bb:ad:35:e2:88:f0:44:1a:a9:e1:7c:61:47:51:33:53:75:ed:59:7f:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Projects\Anycast\Anycast.Windows.Service\target\release\deps\anycast_service.pdb

Imports

iphlpapi

GetBestRoute
GetAdaptersInfo
GetAdaptersAddresses

packet

PacketGetAdapterNames

kernel32

SetConsoleMode
FormatMessageW
CreateFileMappingW
ReleaseSemaphore
WaitForMultipleObjects
UnmapViewOfFile
GetFileInformationByHandleEx
GetConsoleMode
GetQueuedCompletionStatusEx
GetStdHandle
lstrlenW
GetTimeZoneInformation
SetLastError
GetFinalPathNameByHandleW
TryAcquireSRWLockExclusive
CreateIoCompletionPort
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetFileCompletionNotificationModes
GetLogicalProcessorInformation
GetModuleHandleA
GetCurrentThread
MultiByteToWideChar
WriteConsoleW
QueryPerformanceFrequency
GetModuleHandleW
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
ReleaseMutex
GetEnvironmentVariableW
RtlLookupFunctionEntry
GetSystemInfo
CreateFileW
GetFileInformationByHandle
CreateEventA
SetFilePointerEx
CreateDirectoryW
FindFirstFileW
FindClose
ReleaseSRWLockShared
SetEnvironmentVariableW
AcquireSRWLockShared
DeleteFileW
SetHandleInformation
InitializeSListHead
CreateThread
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentDirectoryW
RtlCaptureContext
GetExitCodeProcess
CreatePipe
CreateProcessW
SetCurrentDirectoryW
SetConsoleCtrlHandler
CreateSemaphoreA
GetCommandLineW
LoadLibraryExA
SetThreadStackGuarantee
AddVectoredExceptionHandler
RtlVirtualUnwind
InitializeCriticalSection
TlsAlloc
IsDebuggerPresent
UnhandledExceptionFilter
GetModuleFileNameW
PostQueuedCompletionStatus
MapViewOfFile
GetProcAddress
LoadLibraryExW
SetThreadErrorMode
SetEvent
SwitchToThread
CloseHandle
SetUnhandledExceptionFilter
GetLastError
WaitForSingleObject
HeapReAlloc
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
HeapAlloc
GetProcessHeap
FreeLibrary
HeapFree
GetCurrentProcess
DuplicateHandle
VirtualProtect
GetFullPathNameW
IsProcessorFeaturePresent
GetCurrentThreadId
TerminateProcess

ws2_32

getsockname
WSAIoctl
getpeername
WSASend
WSAStartup
listen
socket
recvfrom
getaddrinfo
freeaddrinfo
setsockopt
getsockopt
recv
send
connect
bind
WSASocketW
sendto
shutdown
WSAGetLastError
ioctlsocket
closesocket
WSACleanup
accept

bcrypt

BCryptGenRandom

advapi32

SystemFunction036
QueryServiceStatusEx
ChangeServiceConfig2W
CreateServiceW
SetServiceStatus
RegCreateKeyExW
RegCloseKey
RegisterServiceCtrlHandlerExW
DeleteService
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
QueryServiceConfigW
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ControlService
StartServiceCtrlDispatcherW
RegDeleteValueW

wininet

InternetSetOptionW

ole32

StringFromGUID2
CLSIDFromString
CoTaskMemFree
CoCreateGuid

shell32

SHGetKnownFolderPath

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtCreateFile
NtWriteFile
NtReadFile

oleaut32

GetErrorInfo
SysStringLen
SysFreeString

vcruntime140

memset
memcpy
__CxxFrameHandler3
memmove
__current_exception_context
__current_exception
__C_specific_handler
memcmp

api-ms-win-crt-string-l1-1-0

isxdigit
isspace
wcslen
islower
isdigit
strlen

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fflush
__stdio_common_vfprintf
_set_fmode
__p__commode

api-ms-win-crt-runtime-l1-1-0

exit
_configure_narrow_argv
_initialize_narrow_environment
_exit
__p___argc
__p___argv
_cexit
_c_exit
_initterm_e
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
terminate
_register_thread_local_exe_atexit_callback
_initterm
abort
_get_initial_narrow_environment

api-ms-win-crt-heap-l1-1-0

free
malloc
_set_new_mode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tdata
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
wintun.dll
.dll windows:6 windows x64 arch:x64

01ce5951b7d0dcca222159a28511a055

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:63:d5:fc:a7:28:88:2f:36:ff:1b:df:5d:85:f0:ba
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/12/2018, 00:00

Not After

14/12/2021, 12:00

Subject

SERIALNUMBER=4227913,CN=WireGuard LLC,O=WireGuard LLC,L=Boulder,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13044f68696f,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:b2:c9:fd:88:91:f9:1c:30:2d:36:f9:b1:b3:95:7d:da:2e:ea:b0:e7:6f:7a:16:e7:90:01:98:4b:e8:2f:39
Signer

Actual PE Digest

d8:b2:c9:fd:88:91:f9:1c:30:2d:36:f9:b1:b3:95:7d:da:2e:ea:b0:e7:6f:7a:16:e7:90:01:98:4b:e8:2f:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Jason A. Donenfeld\Projects\wintun\Release\amd64\wintun.pdb

Imports

kernel32

HeapCreate
GetCurrentProcess
LoadLibraryExA
CloseHandle
HeapDestroy
GetProcAddress
LocalFree
GetModuleHandleW
IsWow64Process
HeapFree
SetLastError
WaitForSingleObject
CreateFileW
OpenProcess
QueueUserWorkItem
CreateEventW
Sleep
GetLastError
SetEvent
HeapAlloc
GetCurrentProcessId
GetProcessTimes
RemoveDirectoryW
DeleteFileW
FormatMessageW
EnterCriticalSection
CreatePrivateNamespaceW
OpenPrivateNamespaceW
LeaveCriticalSection
InitializeCriticalSection
CreateBoundaryDescriptorW
CreateMutexW
ReleaseMutex
ClosePrivateNamespace
AddSIDToBoundaryDescriptor
DeleteCriticalSection
DeleteBoundaryDescriptor
ExpandEnvironmentStringsW
HeapReAlloc
CreateDirectoryW
SizeofResource
WriteFile
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryW
VirtualFree
DeviceIoControl
VirtualAlloc
InitializeCriticalSectionAndSpinCount
ReadFile
SetHandleInformation
CreatePipe
GetExitCodeThread
CreateThread
CreateProcessW
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle

ntdll

NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetNtVersionNumbers
NtQueryKey
NtQuerySystemTime

Exports

Exports

WintunAllocateSendPacket
WintunCloseAdapter
WintunCreateAdapter
WintunDeleteDriver
WintunEndSession
WintunGetAdapterLUID
WintunGetReadWaitEvent
WintunGetRunningDriverVersion
WintunOpenAdapter
WintunReceivePacket
WintunReleaseReceivePacket
WintunSendPacket
WintunSetLogger
WintunStartSession

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 492KB

UPX1 Size: 313KB - Virtual size: 316KB

.rsrc Size: 122KB - Virtual size: 124KB

97f7d9845e06a5a728269d7279e09e03

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 160B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 4KB - Virtual size: 4KB

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 648B

5e62e8e248e7364886b604bd1fcf4c13

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 714B

.rdata Size: 1024B - Virtual size: 705B

.data Size: 512B - Virtual size: 104B

.reloc Size: 512B - Virtual size: 240B

ed06d61f6957c32cd324837726a5a070

Headers

UPX0
Size: - Virtual size: 492KB

UPX1
Size: 313KB - Virtual size: 316KB

.rsrc
Size: 122KB - Virtual size: 124KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 160B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B

.text
Size: 1024B - Virtual size: 714B

.rdata
Size: 1024B - Virtual size: 705B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 882B

56:b6:29:cd:34:bc:78:f6
Certificate

39:82:21:0b:98:59:23:19:44:0c:1d:11:42:bc:06:a9
Certificate

42:4b:6a:53:ce:c7:66:14:1c:2a:63:b1:a5:1c:41:04
Certificate

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

b9:e1:a9:fc:2d:9a:45:51:d5:99:13:23:ba:dd:92:a2:8f:49:a0:57:79:00:0a:7f:1a:b8:35:ac:82:d1:48:23
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 96KB - Virtual size: 96KB

.reloc
Size: 512B - Virtual size: 12B

61:20:4d:b4:00:00:00:00:00:27
Certificate

0a:a6:07:83:eb:b5:07:6e:bc:2d:12:da:9b:04:c2:90
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ab:4e:29:7c:13:28:17:c4:bd:33:62:8d:ce:d2:ea:6e:3f:ee:09:09:cf:6a:3c:44:ea:47:b7:6c:c5:cd:ca:af
Signer