GachaLife[.]zip

Resubmissions

06/04/2024, 09:29

240406-lf7nhsfc2y 3

Sharing

Copy URL

Twitter E-mail

General

Target

GachaLife.zip
Size

100.2MB
MD5

38ec0ccf9644dfb59413ee70ea5e0968
SHA1

4ab309d221b852ea2aa8825df858cbf66a4cdebb
SHA256

a40919f89e5087b17c85a91da8ab011829c8df86a13217014d971e26c35b21b9
SHA512

b090c6a8d97024bf7258012755c96d30417ff31aac58d8f023e88701e7c2f29e1fa3d2712840d002e8cc1b268283aa7e77c999f5905bf071deb17e1381d6bf4a
SSDEEP

3145728:uwH+4NAm1RDCH91lbUfFt9UjZn0tSCPzlWK:t+4NvDCd1SfFt9UjZn0p7cK

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/CaptiveAppEntry.exe
unpack001/GachaLifePC.app/GachaLife.exe

Files

GachaLife.zip
.zip

Password: gacha_life.swf
GachaLifePC.app/Adobe AIR/Versions/1.0/Adobe AIR.dll
.dll windows:6 windows x86 arch:x86

Password: gacha_life.swf

86abd472a5ab54d3b56d38aa57b0b442

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:45:ee:37:d8:97:bf:58:73:6d:5f:00:74:22:e9:27:68:3f:e7:96:19:c9:08:a8:e8:a8:de:a4:c9:f8:68:45
Signer

Actual PE Digest

fc:45:ee:37:d8:97:bf:58:73:6d:5f:00:74:22:e9:27:68:3f:e7:96:19:c9:08:a8:e8:a8:de:a4:c9:f8:68:45

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\runtime_sdk_withdrm\Runtime-SDK-WithDRM.vc2015.pdb

Imports

kernel32

GetSystemTime
SystemTimeToFileTime
GetTimeZoneInformation
WaitForSingleObject
SleepEx
QueueUserAPC
OpenThread
SetThreadPriority
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
IsDBCSLeadByte
GetLocalTime
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
SetCurrentDirectoryW
GetCurrentDirectoryW
GetSystemDirectoryW
DebugBreak
SetEvent
ResetEvent
CreateEventW
TerminateThread
GetTickCount
WaitForMultipleObjects
CreateWaitableTimerW
VerSetConditionMask
CreateFileA
DeleteFileW
GetFileAttributesW
GetFileSize
ReadFile
SetFilePointer
ExitThread
CreateProcessA
GetSystemDirectoryA
FindResourceExW
LoadResource
LockResource
GlobalFree
LoadLibraryW
FindResourceExA
MoveFileExW
VerifyVersionInfoW
GetUserDefaultUILanguage
GetUserDefaultLangID
FindFirstFileW
GetTempPathW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
GetFileAttributesA
GetFileAttributesExW
GetFileInformationByHandle
GetFileSizeEx
GetFullPathNameW
GetLogicalDriveStringsW
GetLongPathNameW
QueryPerformanceFrequency
GetVolumeInformationW
RemoveDirectoryW
SetEndOfFile
DeviceIoControl
CreateMutexA
CreateProcessW
lstrlenW
GetTempPathA
GetTempFileNameA
GetSystemWow64DirectoryW
GetDriveTypeW
GetProcessTimes
SetNamedPipeHandleState
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
ReleaseSemaphore
CreateSemaphoreW
DuplicateHandle
GetExitCodeThread
GetLocaleInfoA
GetExitCodeProcess
GetModuleHandleA
LocalFree
ConnectNamedPipe
GetOverlappedResult
OpenProcess
CreateNamedPipeA
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
lstrlenA
GetComputerNameExW
SetHandleInformation
CreateNamedPipeW
CancelIo
FormatMessageW
GenerateConsoleCtrlEvent
SizeofResource
lstrcmpiW
FindResourceW
SetThreadAffinityMask
CompareFileTime
CreateEventA
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerA
VerifyVersionInfoA
GlobalMemoryStatus
FlushConsoleInputBuffer
InterlockedPopEntrySList
FlushInstructionCache
LoadLibraryExA
FreeLibraryAndExitThread
ReadConsoleInputA
SetConsoleMode
ReadConsoleW
GetTempFileNameW
RaiseFailFastException
FileTimeToSystemTime
GetVersionExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameA
LockFile
LockFileEx
UnlockFile
UnlockFileEx
CreateFileMappingW
FormatMessageA
AreFileApisANSI
GetNumberFormatW
GetCurrencyFormatW
InterlockedIncrement
InterlockedDecrement
GetNativeSystemInfo
LocalAlloc
lstrcpynW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetProcessAffinityMask
CreateFileW
WriteConsoleW
CreateThread
WaitForSingleObjectEx
CloseHandle
OutputDebugStringA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
WriteFile
SetStdHandle
GetStringTypeW
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
GetFileType
GetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetCurrentThread
HeapAlloc
HeapFree
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsAlloc
SetLastError
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
EncodePointer
OutputDebugStringW
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetModuleHandleW
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetSystemInfo
TlsSetValue
TlsGetValue
GetCurrentThreadId
SwitchToThread
Sleep
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
LoadLibraryA
DecodePointer

user32

RegisterWindowMessageA
EnumDisplayDevicesW
CharNextW
EnumDisplayDevicesA
UpdateLayeredWindow
GetAsyncKeyState
GetLastInputInfo
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
RemoveMenu
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DestroyMenu
CreatePopupMenu
CreateMenu
DdeFreeStringHandle
DdeCreateStringHandleA
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeW
GetKeyboardLayout
ActivateKeyboardLayout
MapVirtualKeyW
ToAscii
GetKeyboardState
CharLowerW
CharUpperW
UnregisterClassA
SetCaretPos
ShowCaret
DestroyCaret
CreateCaret
PostMessageA
GetMessageW
EnumDisplayMonitors
ChangeDisplaySettingsExW
OffsetRect
GetSysColor
GetWindowDC
GetMenuBarInfo
EnumDisplaySettingsW
GetWindow
EnumWindows
GetClassLongW
MapWindowPoints
GetWindowTextW
SetWindowRgn
EndPaint
BeginPaint
UpdateWindow
DeleteMenu
GetSystemMenu
DrawMenuBar
SetMenu
GetActiveWindow
IsZoomed
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
FlashWindowEx
ShowWindow
IsWindow
GetClassInfoExW
MonitorFromPoint
GetAncestor
FindWindowExW
EnumChildWindows
UnregisterClassW
wsprintfW
GetMonitorInfoA
MonitorFromRect
GetProcessWindowStation
PostQuitMessage
GetUserObjectInformationW
GetDoubleClickTime
GetKeyState
GetCursorPos
ScreenToClient
RegisterClipboardFormatA
RegisterClipboardFormatW
GetClipboardFormatNameA
GetDC
ReleaseDC
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
RemovePropW
SetForegroundWindow
GetForegroundWindow
WaitForInputIdle
GetWindowInfo
LoadCursorW
GetWindowThreadProcessId
CopyRect
SetCursorPos
InvalidateRect
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetQueueStatus
GetFocus
CallWindowProcW
AttachThreadInput
GetMessageTime
TrackMouseEvent
LoadStringW
CloseWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
MsgWaitForMultipleObjects
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
DestroyIcon
LoadIconW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
IsClipboardFormatAvailable
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
SendMessageTimeoutW
PostMessageW
PtInRect
InflateRect
SetRectEmpty
SetRect
ClientToScreen
GetCursor
SetCursor
MessageBoxW
MessageBoxA
GetWindowRect
GetClientRect
GetWindowTextLengthW
SetWindowTextW
GetPropW
SetPropW
GetSystemMetrics
IsWindowEnabled
EnableWindow
SendInput
SetFocus
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
SetWindowPos
MoveWindow
DestroyWindow
PostThreadMessageW
ShowWindowAsync

ole32

CreateBindCtx
OleFlushClipboard
OleGetClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
CoCreateInstance
CoSetProxyBlanket
CoFreeUnusedLibraries
CoInitialize
CoTaskMemFree
CoUninitialize
ReleaseStgMedium
OleIsCurrentClipboard
RegisterDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
OleUninitialize
OleInitialize
MkParseDisplayName

oleaut32

SysStringLen
VariantClear
VariantInit
SysAllocStringByteLen
LoadRegTypeLi
SysAllocStringLen
SysAllocString
LoadTypeLi
VarUI4FromStr
SysStringByteLen
SysFreeString

crypt32

CertGetEnhancedKeyUsage
CryptFindLocalizedName
CryptImportPublicKeyInfo
CryptProtectData
CryptUnprotectData
CertAddEncodedCertificateToStore
CertDuplicateCertificateContext
CertCloseStore
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CryptVerifyMessageSignature
CryptGetMessageCertificates
CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertCreateCertificateContext

winspool.drv

ClosePrinter
GetPrinterW
OpenPrinterW
EnumPrintersW

winmm

timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent
mixerGetControlDetailsA
waveOutPause
waveOutRestart
waveInGetPosition
mixerSetControlDetails
waveOutReset
timeBeginPeriod
timeEndPeriod
waveOutGetDevCapsW
waveOutOpen
waveOutClose
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutGetPosition
waveOutGetNumDevs
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInReset
waveInGetDevCapsA
mixerGetID
waveOutGetDevCapsA
waveOutMessage
waveInMessage
mixerGetDevCapsA
mixerOpen
mixerClose
mixerGetLineInfoA
mixerGetLineControlsA

oleacc

AccessibleObjectFromWindow

ws2_32

getsockname
closesocket
htonl
getsockopt
shutdown
listen
accept
gethostname
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
setsockopt
recv
__WSAFDIsSet
select
ioctlsocket
sendto
send
htons
connect
bind
WSAAddressToStringA
recvfrom
getpeername
WSASocketW
WSAIoctl
WSAAsyncSelect
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
ntohs
ntohl
inet_ntoa
inet_addr

gdi32

CreateBitmap
GetObjectW
BitBlt
CreateDIBSection
SetDIBitsToDevice
DeleteObject
CreateCompatibleDC
GetCurrentObject
DeleteDC
GetTextCharacterExtra
GetFontData
EnumFontFamiliesExW
GetClipRgn
GetBkMode
GetBkColor
EnumFontFamiliesW
EnumFontFamiliesA
CreateRectRgn
CreateFontIndirectA
GdiFlush
MoveToEx
SelectClipRgn
OffsetRgn
LineTo
CreatePen
CombineRgn
GetClipBox
CreateRectRgnIndirect
GetDeviceCaps
GetDIBits
CreateCompatibleBitmap
SelectPalette
RealizePalette
GetICMProfileA
SetPixel
GetStockObject
GetTextAlign
GetTextColor
GetTextExtentPoint32A
GetTextExtentPoint32W
IntersectClipRect
CreateDCA
CreateFontIndirectW
SetBkColor
SetBkMode
SetGraphicsMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
GetTextMetricsW
GetWorldTransform
SetWorldTransform
ExtTextOutA
ExtTextOutW
DPtoLP
CreateDCW
CreateICW
CreateSolidBrush
Rectangle
GdiAlphaBlend
SetStretchBltMode
StretchBlt
GetStretchBltMode
CreatePalette
RestoreDC
GetSystemPaletteEntries
PolyBezierTo
LPtoDP
ExtCreatePen
StrokePath
SelectClipPath
FillPath
EndPath
BeginPath
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
SetPolyFillMode
SaveDC
SelectObject
ResetDCW

msimg32

AlphaBlend

advapi32

SetEntriesInAclW
CryptExportKey
CryptEncrypt
GetSidSubAuthorityCount
GetSidSubAuthority
CryptImportKey
CryptDestroyKey
CryptGenKey
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegOpenKeyA
SetSecurityInfo
IsValidSid
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
MakeSelfRelativeSD
InitializeSecurityDescriptor
InitializeAcl
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
RegCloseKey
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegQueryInfoKeyW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

comdlg32

PrintDlgW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW

shell32

ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
CommandLineToArgvW
SHChangeNotify
SHGetSpecialFolderLocation
Shell_NotifyIconW
ord4
ord2
SHGetDiskFreeSpaceExW
SHFileOperationW
SHGetFolderPathW
SHAppBarMessage
SHGetSettings
SHBrowseForFolderW
SHGetFolderLocation
SHGetFolderPathA
SHGetPathFromIDListW

shlwapi

AssocQueryStringW
PathFileExistsW
PathRemoveFileSpecW
StrStrIW
StrRStrIW
ord219
PathAppendA
PathAppendW
StrDupW
StrCmpW

wininet

InternetGetCookieW
InternetSetCookieW
InternetErrorDlg

msi

ord137
ord141
ord96
ord113
ord88
ord16
ord205
ord37
ord72
ord90
ord173
ord70
ord125
ord121
ord17
ord20
ord92
ord151
ord153
ord78
ord159
ord32
ord84
ord8

urlmon

CopyStgMedium
CoInternetCompareUrl
CoInternetParseUrl

comctl32

ImageList_GetIconSize
ImageList_Draw

mscms

TranslateBitmapBits
CloseColorProfile
CreateColorTransformW
DeleteColorTransform
OpenColorProfileW

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData

dsound

ord8
ord1

iphlpapi

GetAdaptersAddresses

dnsapi

DnsQuery_UTF8
DnsFree

Exports

Exports

ADLWMain
AdobeCPGetAPI
AppEntryWinMain
AppInstallWinMain
CaptiveAppEntryWinMain
ExtendedAppEntryWinMain
FREAcquireBitmapData
FREAcquireBitmapData2
FREAcquireByteArray
FRECallObjectMethod
FREDispatchStatusEventAsync
FREGetArrayElementAt
FREGetArrayLength
FREGetContextActionScriptData
FREGetContextNativeData
FREGetObjectAsBool
FREGetObjectAsDouble
FREGetObjectAsInt32
FREGetObjectAsUTF8
FREGetObjectAsUint32
FREGetObjectProperty
FREGetObjectType
FREInvalidateBitmapDataRect
FRENewObject
FRENewObjectFromBool
FRENewObjectFromDouble
FRENewObjectFromInt32
FRENewObjectFromUTF8
FRENewObjectFromUint32
FREReleaseBitmapData
FREReleaseByteArray
FRESetArrayElementAt
FRESetArrayLength
FRESetContextActionScriptData
FRESetContextNativeData
FRESetObjectProperty
NAIPWMain
RuntimeInstallerWinMain

Sections

.text
Size: 11.9MB - Virtual size: 11.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.6MB - Virtual size: 6.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 744KB - Virtual size: 743KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/Adobe AIR.vch
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/CaptiveAppEntry.exe
.exe windows:6 windows x86 arch:x86

Password: gacha_life.swf

99f1208f8baa2895eb326f6c41fd3294

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

Imports

kernel32

SetStdHandle
WriteConsoleW
GetProcAddress
ExitProcess
HeapAlloc
GetProcessHeap
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
CreateFileW
GetUserDefaultUILanguage
GetModuleFileNameW
GetStdHandle
GetCommandLineW
RaiseException
DecodePointer
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
WriteFile
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
GetModuleFileNameA
GetModuleHandleExW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
HeapFree

shell32

CommandLineToArgvW

user32

MessageBoxExW

shlwapi

StrCmpW

Exports

Exports

AmdPowerXpressRequestBetterBatteryLife
NvOptimusDisablement

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/Licenses/cairo/COPYING
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/Licenses/cairo/COPYING-LGPL-2.1
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/Licenses/cairo/COPYING-MPL-1.1
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/Licenses/pcre2/COPYING
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/Licenses/pixman/COPYING
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/NPSWF32.dll
.dll windows:5 windows x86 arch:x86

Password: gacha_life.swf

b8ee5247fe5026a539c47b8fccacd597

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:f1:c7:7a:e9:4b:3c:30:70:10:48:cc:6e:c1:49:a3:ca:e5:a1:fb:ac:10:b6:9f:de:ec:10:8d:48:55:f4:46
Signer

Actual PE Digest

ee:f1:c7:7a:e9:4b:3c:30:70:10:48:cc:6e:c1:49:a3:ca:e5:a1:fb:ac:10:b6:9f:de:ec:10:8d:48:55:f4:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\depot\main\FlashRuntime\Main\code\products\AIR\AIRCaptivePlugin\Release\NPSWF32.pdb

Imports

user32

EndPaint
DestroyWindow
FillRect
LoadImageW
UnregisterClassW
GetClientRect
BeginPaint
LoadIconW
GetWindowLongW
SetWindowLongW
SetWindowPos
FrameRect
CreateWindowExW
RegisterClassW
DefWindowProcW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
GetStockObject
DeleteObject

shell32

ShellExecuteW

msvcr90

_encoded_null
memcpy
_except_handler4_common
_onexit
??3@YAXPAX@Z
??2@YAPAXI@Z
_encode_pointer
_malloc_crt
free
memset
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock

kernel32

QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetTickCount
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/NPSWF64.dll
.dll windows:5 windows x64 arch:x64

Password: gacha_life.swf

ad9a10c28b07039cee460ff13509e776

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:fb:8c:d0:97:d3:7e:c0:2e:01:8b:a0:b4:db:33:ab:58:48:1f:61:41:8f:4e:74:0b:a8:fb:29:d9:1d:7a:39
Signer

Actual PE Digest

3a:fb:8c:d0:97:d3:7e:c0:2e:01:8b:a0:b4:db:33:ab:58:48:1f:61:41:8f:4e:74:0b:a8:fb:29:d9:1d:7a:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sage21920\Main\code\products\AIR\AIRCaptivePlugin\x64\Release\NPSWF64.pdb

Imports

user32

EndPaint
DestroyWindow
FillRect
LoadImageW
UnregisterClassW
GetClientRect
BeginPaint
LoadIconW
GetWindowLongW
SetWindowLongW
SetWindowPos
FrameRect
CreateWindowExW
RegisterClassW
DefWindowProcW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
GetStockObject
DeleteObject

shell32

ShellExecuteW

msvcr90

_initterm_e
memset
_onexit
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_encode_pointer
_malloc_crt
_initterm
memcpy
free
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock

kernel32

QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
GetTickCount
IsDebuggerPresent
Sleep
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlVirtualUnwind
SetUnhandledExceptionFilter

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/WebKit.dll
.dll windows:6 windows x86 arch:x86

Password: gacha_life.swf

771ffa791f1ce710d8c7f8a7c9e2f1ce

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:e6:24:24:07:e1:e5:c7:7c:ab:1a:9e:be:f7:12:96:f9:55:e3:3b:c3:98:a9:c7:1c:57:e1:05:84:0f:da:97
Signer

Actual PE Digest

51:e6:24:24:07:e1:e5:c7:7c:ab:1a:9e:be:f7:12:96:f9:55:e3:3b:c3:98:a9:c7:1c:57:e1:05:84:0f:da:97

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\WebKit.pdb

Imports

kernel32

InterlockedFlushSList
SetLastError
HeapSize
GetTimeZoneInformation
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetProcessHeap
HeapReAlloc
GetACP
GetStdHandle
GetFileType
DecodePointer
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
TlsFree
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
RtlUnwind
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
CompareStringW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SetEndOfFile
CreateDirectoryW
GetFullPathNameA
GetFullPathNameW
ReadConsoleW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileAttributesA
LoadLibraryW
FormatMessageW
LocalFree
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
GetLocaleInfoW
MultiByteToWideChar
GetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
ReadFile
GetFileSize
CreateFileW
FoldStringW
GetThreadTimes
GetCurrentThread
VirtualFree
GetSystemInfo
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
WriteFile
DeleteFileA
GetTickCount
GetCPInfo

user32

SetParent
GetWindowLongW
SetWindowLongW
ShowWindow
SetFocus
GetKeyboardState
SetKeyboardState
GetWindowRect
ClientToScreen
SendMessageW
DefWindowProcA
DefWindowProcW
CallWindowProcW
RegisterClassExW
CreateWindowExW
DestroyWindow
MoveWindow
GetFocus
FillRect
SystemParametersInfoW
ReleaseDC
SetCapture
ReleaseCapture
UpdateWindow
GetUpdateRect
SetWindowRgn
GetWindowRgn
GetDC
GetLastInputInfo
LoadCursorW
IsChild
SetWindowLongA
EqualRect
IntersectRect
GetPropW
SetPropW
InvalidateRect

gdi32

GetCharWidthI
GetTextMetricsW
GetGlyphOutlineW
GetOutlineTextMetricsW
AddFontMemResourceEx
GetTextFaceW
EnumEnhMetaFile
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
GetFontUnicodeRanges
GetStockObject
EnumFontFamiliesExW
RemoveFontMemResourceEx
CreateFontIndirectW
GetFontData
ModifyWorldTransform
SaveDC
RestoreDC
IntersectClipRect
CreateDIBSection
SetWorldTransform
GetWorldTransform
SetGraphicsMode
SelectObject
GetRgnBox
GetClipBox
DeleteObject
CreateRectRgn
CreateCompatibleDC
GetGlyphIndicesW
GetObjectW
BitBlt
CreateCompatibleBitmap
DeleteDC
ExtCreateRegion
GetClipRgn
GetGraphicsMode
SelectClipRgn
ExtSelectClipRgn
GdiFlush
SetBkMode
SetTextColor
SetTextAlign
ExtTextOutW
GetCharWidth32W
SetMapMode
GetDeviceCaps
CreateSolidBrush
StretchDIBits

usp10

ScriptStringFree
ScriptStringOut
ScriptFreeCache
ScriptItemize
ScriptShape
ScriptStringAnalyse
ScriptPlace
ScriptXtoCP

urlmon

FindMimeFromData

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeEndPeriod
timeBeginPeriod

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid

Exports

Exports

WebKitGetAPI
cairo_append_path
cairo_arc
cairo_arc_negative
cairo_clip
cairo_clip_extents
cairo_clip_preserve
cairo_close_path
cairo_copy_clip_rectangle_list
cairo_copy_page
cairo_copy_path
cairo_copy_path_flat
cairo_create
cairo_curve_to
cairo_debug_reset_static_data
cairo_destroy
cairo_device_acquire
cairo_device_destroy
cairo_device_finish
cairo_device_flush
cairo_device_get_reference_count
cairo_device_get_type
cairo_device_get_user_data
cairo_device_reference
cairo_device_release
cairo_device_set_user_data
cairo_device_status
cairo_device_to_user
cairo_device_to_user_distance
cairo_fill
cairo_fill_extents
cairo_fill_preserve
cairo_font_extents
cairo_font_face_destroy
cairo_font_face_get_reference_count
cairo_font_face_get_type
cairo_font_face_get_user_data
cairo_font_face_reference
cairo_font_face_set_user_data
cairo_font_face_status
cairo_font_options_copy
cairo_font_options_create
cairo_font_options_destroy
cairo_font_options_equal
cairo_font_options_get_antialias
cairo_font_options_get_hint_metrics
cairo_font_options_get_hint_style
cairo_font_options_get_subpixel_order
cairo_font_options_hash
cairo_font_options_merge
cairo_font_options_set_antialias
cairo_font_options_set_hint_metrics
cairo_font_options_set_hint_style
cairo_font_options_set_subpixel_order
cairo_font_options_status
cairo_format_stride_for_width
cairo_get_antialias
cairo_get_current_point
cairo_get_dash
cairo_get_dash_count
cairo_get_fill_rule
cairo_get_font_face
cairo_get_font_matrix
cairo_get_font_options
cairo_get_group_target
cairo_get_line_cap
cairo_get_line_join
cairo_get_line_width
cairo_get_matrix
cairo_get_miter_limit
cairo_get_operator
cairo_get_reference_count
cairo_get_scaled_font
cairo_get_source
cairo_get_target
cairo_get_tolerance
cairo_get_user_data
cairo_glyph_allocate
cairo_glyph_extents
cairo_glyph_free
cairo_glyph_path
cairo_has_current_point
cairo_identity_matrix
cairo_image_surface_create
cairo_image_surface_create_for_data
cairo_image_surface_create_from_png
cairo_image_surface_create_from_png_stream
cairo_image_surface_get_data
cairo_image_surface_get_format
cairo_image_surface_get_height
cairo_image_surface_get_stride
cairo_image_surface_get_width
cairo_in_clip
cairo_in_fill
cairo_in_stroke
cairo_line_to
cairo_mask
cairo_mask_surface
cairo_matrix_init
cairo_matrix_init_identity
cairo_matrix_init_rotate
cairo_matrix_init_scale
cairo_matrix_init_translate
cairo_matrix_invert
cairo_matrix_multiply
cairo_matrix_rotate
cairo_matrix_scale
cairo_matrix_transform_distance
cairo_matrix_transform_point
cairo_matrix_translate
cairo_mesh_pattern_begin_patch
cairo_mesh_pattern_curve_to
cairo_mesh_pattern_end_patch
cairo_mesh_pattern_get_control_point
cairo_mesh_pattern_get_corner_color_rgba
cairo_mesh_pattern_get_patch_count
cairo_mesh_pattern_get_path
cairo_mesh_pattern_line_to
cairo_mesh_pattern_move_to
cairo_mesh_pattern_set_control_point
cairo_mesh_pattern_set_corner_color_rgb
cairo_mesh_pattern_set_corner_color_rgba
cairo_move_to
cairo_new_path
cairo_new_sub_path
cairo_paint
cairo_paint_with_alpha
cairo_path_destroy
cairo_path_extents
cairo_pattern_add_color_stop_rgb
cairo_pattern_add_color_stop_rgba
cairo_pattern_create_for_surface
cairo_pattern_create_linear
cairo_pattern_create_mesh
cairo_pattern_create_radial
cairo_pattern_create_raster_source
cairo_pattern_create_rgb
cairo_pattern_create_rgba
cairo_pattern_destroy
cairo_pattern_get_color_stop_count
cairo_pattern_get_color_stop_rgba
cairo_pattern_get_extend
cairo_pattern_get_filter
cairo_pattern_get_linear_points
cairo_pattern_get_matrix
cairo_pattern_get_radial_circles
cairo_pattern_get_reference_count
cairo_pattern_get_rgba
cairo_pattern_get_surface
cairo_pattern_get_type
cairo_pattern_get_user_data
cairo_pattern_reference
cairo_pattern_set_extend
cairo_pattern_set_filter
cairo_pattern_set_matrix
cairo_pattern_set_user_data
cairo_pattern_status
cairo_pop_group
cairo_pop_group_to_source
cairo_push_group
cairo_push_group_with_content
cairo_raster_source_pattern_get_acquire
cairo_raster_source_pattern_get_callback_data
cairo_raster_source_pattern_get_copy
cairo_raster_source_pattern_get_finish
cairo_raster_source_pattern_get_snapshot
cairo_raster_source_pattern_set_acquire
cairo_raster_source_pattern_set_callback_data
cairo_raster_source_pattern_set_copy
cairo_raster_source_pattern_set_finish
cairo_raster_source_pattern_set_snapshot
cairo_recording_surface_create
cairo_recording_surface_get_extents
cairo_recording_surface_ink_extents
cairo_rectangle
cairo_rectangle_list_destroy
cairo_reference
cairo_region_contains_point
cairo_region_contains_rectangle
cairo_region_copy
cairo_region_create
cairo_region_create_rectangle
cairo_region_create_rectangles
cairo_region_destroy
cairo_region_equal
cairo_region_get_extents
cairo_region_get_rectangle
cairo_region_intersect
cairo_region_intersect_rectangle
cairo_region_is_empty
cairo_region_num_rectangles
cairo_region_reference
cairo_region_status
cairo_region_subtract
cairo_region_subtract_rectangle
cairo_region_translate
cairo_region_union
cairo_region_union_rectangle
cairo_region_xor
cairo_region_xor_rectangle
cairo_rel_curve_to
cairo_rel_line_to
cairo_rel_move_to
cairo_reset_clip
cairo_restore
cairo_rotate
cairo_save
cairo_scale
cairo_scaled_font_create
cairo_scaled_font_destroy
cairo_scaled_font_extents
cairo_scaled_font_get_ctm
cairo_scaled_font_get_font_face
cairo_scaled_font_get_font_matrix
cairo_scaled_font_get_font_options
cairo_scaled_font_get_reference_count
cairo_scaled_font_get_scale_matrix
cairo_scaled_font_get_type
cairo_scaled_font_get_user_data
cairo_scaled_font_glyph_extents
cairo_scaled_font_reference
cairo_scaled_font_set_user_data
cairo_scaled_font_status
cairo_scaled_font_text_extents
cairo_scaled_font_text_to_glyphs
cairo_select_font_face
cairo_set_antialias
cairo_set_dash
cairo_set_fill_rule
cairo_set_font_face
cairo_set_font_matrix
cairo_set_font_options
cairo_set_font_size
cairo_set_line_cap
cairo_set_line_join
cairo_set_line_width
cairo_set_matrix
cairo_set_miter_limit
cairo_set_operator
cairo_set_scaled_font
cairo_set_source
cairo_set_source_rgb
cairo_set_source_rgba
cairo_set_source_surface
cairo_set_tolerance
cairo_set_user_data
cairo_show_glyphs
cairo_show_page
cairo_show_text
cairo_show_text_glyphs
cairo_status
cairo_status_to_string
cairo_stroke
cairo_stroke_extents
cairo_stroke_preserve
cairo_surface_copy_page
cairo_surface_create_similar
cairo_surface_create_similar_image
cairo_surface_destroy
cairo_surface_finish
cairo_surface_flush
cairo_surface_get_content
cairo_surface_get_device
cairo_surface_get_device_offset
cairo_surface_get_device_scale
cairo_surface_get_fallback_resolution
cairo_surface_get_font_options
cairo_surface_get_mime_data
cairo_surface_get_reference_count
cairo_surface_get_type
cairo_surface_get_user_data
cairo_surface_has_show_text_glyphs
cairo_surface_map_to_image
cairo_surface_mark_dirty
cairo_surface_mark_dirty_rectangle
cairo_surface_reference
cairo_surface_set_device_offset
cairo_surface_set_device_scale
cairo_surface_set_fallback_resolution
cairo_surface_set_mime_data
cairo_surface_set_user_data
cairo_surface_show_page
cairo_surface_status
cairo_surface_supports_mime_type
cairo_surface_unmap_image
cairo_surface_write_to_png
cairo_surface_write_to_png_stream
cairo_text_cluster_allocate
cairo_text_cluster_free
cairo_text_extents
cairo_text_path
cairo_toy_font_face_create
cairo_toy_font_face_get_family
cairo_toy_font_face_get_slant
cairo_toy_font_face_get_weight
cairo_transform
cairo_translate
cairo_user_font_face_create
cairo_user_font_face_get_init_func
cairo_user_font_face_get_render_glyph_func
cairo_user_font_face_get_text_to_glyphs_func
cairo_user_font_face_get_unicode_to_glyph_func
cairo_user_font_face_set_init_func
cairo_user_font_face_set_render_glyph_func
cairo_user_font_face_set_text_to_glyphs_func
cairo_user_font_face_set_unicode_to_glyph_func
cairo_user_to_device
cairo_user_to_device_distance
cairo_win32_font_face_create_for_hfont
cairo_win32_font_face_create_for_logfontw
cairo_win32_font_face_create_for_logfontw_hfont
cairo_win32_scaled_font_done_font
cairo_win32_scaled_font_get_device_to_logical
cairo_win32_scaled_font_get_logical_to_device
cairo_win32_scaled_font_get_metrics_factor
cairo_win32_scaled_font_select_font
cairo_win32_surface_create
cairo_win32_surface_create_with_ddb
cairo_win32_surface_create_with_dib
cairo_win32_surface_get_dc
cairo_win32_surface_get_image

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 948KB - Virtual size: 947KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.unwante
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/WebKit/LGPL License.txt
GachaLifePC.app/Adobe AIR/Versions/1.0/Resources/WebKit/Notice WebKit.txt
GachaLifePC.app/GachaLife.exe
.exe windows:6 windows x86 arch:x86

Password: gacha_life.swf

99f1208f8baa2895eb326f6c41fd3294

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

Imports

kernel32

SetStdHandle
WriteConsoleW
GetProcAddress
ExitProcess
HeapAlloc
GetProcessHeap
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
CreateFileW
GetUserDefaultUILanguage
GetModuleFileNameW
GetStdHandle
GetCommandLineW
RaiseException
DecodePointer
SetFilePointerEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
WriteFile
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
RtlUnwind
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
GetModuleFileNameA
GetModuleHandleExW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
HeapFree

shell32

CommandLineToArgvW

user32

MessageBoxExW

shlwapi

StrCmpW

Exports

Exports

AmdPowerXpressRequestBetterBatteryLife
NvOptimusDisablement

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GachaLifePC.app/GachaLifePC.swf
GachaLifePC.app/META-INF/AIR/application.xml
.xml
GachaLifePC.app/META-INF/AIR/hash
GachaLifePC.app/META-INF/signatures.xml
GachaLifePC.app/icon128.png
.png

Password: gacha_life.swf
GachaLifePC.app/icon16.png
.png

Password: gacha_life.swf
GachaLifePC.app/icon32.png
.png
GachaLifePC.app/icon48.png
.png
GachaLifePC.app/mimetype

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: gacha_life.swf

Password: gacha_life.swf

86abd472a5ab54d3b56d38aa57b0b442

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

fc:45:ee:37:d8:97:bf:58:73:6d:5f:00:74:22:e9:27:68:3f:e7:96:19:c9:08:a8:e8:a8:de:a4:c9:f8:68:45Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

crypt32

winspool.drv

winmm

oleacc

ws2_32

gdi32

msimg32

advapi32

version

comdlg32

shell32

shlwapi

wininet

msi

urlmon

comctl32

mscms

secur32

dsound

iphlpapi

dnsapi

Exports

Exports

Sections

.text Size: 11.9MB - Virtual size: 11.9MB

.rdata Size: 6.6MB - Virtual size: 6.6MB

.data Size: 276KB - Virtual size: 1.2MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 209KB - Virtual size: 209KB

.reloc Size: 744KB - Virtual size: 743KB

Password: gacha_life.swf

99f1208f8baa2895eb326f6c41fd3294

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

user32

shlwapi

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 920B

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

fc:45:ee:37:d8:97:bf:58:73:6d:5f:00:74:22:e9:27:68:3f:e7:96:19:c9:08:a8:e8:a8:de:a4:c9:f8:68:45
Signer

.text
Size: 11.9MB - Virtual size: 11.9MB

.rdata
Size: 6.6MB - Virtual size: 6.6MB

.data
Size: 276KB - Virtual size: 1.2MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 209KB - Virtual size: 209KB

.reloc
Size: 744KB - Virtual size: 743KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 4KB - Virtual size: 3KB

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ee:f1:c7:7a:e9:4b:3c:30:70:10:48:cc:6e:c1:49:a3:ca:e5:a1:fb:ac:10:b6:9f:de:ec:10:8d:48:55:f4:46
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 592B

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3a:fb:8c:d0:97:d3:7e:c0:2e:01:8b:a0:b4:db:33:ab:58:48:1f:61:41:8f:4e:74:0b:a8:fb:29:d9:1d:7a:39
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 372B

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 36B