rCubed-2[.]0[.]0-64bit[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

rCubed-2.0.0-64bit.zip
Size

23.2MB
MD5

0a41d164553e6b128aaf534ef8e45d18
SHA1

d41849a4772dc7fa1f21293f4706027b3894ae7f
SHA256

0d8ea62f062e14bdded875879212a3162fd0c08737ba38332fdce0ef1eebcd83
SHA512

5dc06a051cc6b71a023f6bae0da15206be0d5e7359ae97b219e16f500de9759afec473580b922390a62d3029a0c71c24eee4fe92e3a44b92807b42d361f89304
SSDEEP

393216:WtvrtlNp9wtqkvYYqonDOa9yDkHvkoHFpL0Cwpg4ydLrQ6ePC9/VhFpA0CRW6XQ4:UtP/wtjpDpADkHRFFVwW4ydDIC91+0Cj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/CaptiveAppEntry.exe

Files

rCubed-2.0.0-64bit.zip
.zip
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Adobe AIR.dll
.dll windows:6 windows x64 arch:x64

3740f4e247142de610d3acf8455d9122

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-01-2019 00:00

Not After

03-02-2021 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6c:c0:30:77:40:4d:cb:02:58:13:48:18:d6:d7:bd:e4:9c:19:f2:1e:bf:53:28:23:1c:0a:cc:33:d0:90:d8:2c
Signer

Actual PE Digest

6c:c0:30:77:40:4d:cb:02:58:13:48:18:d6:d7:bd:e4:9c:19:f2:1e:bf:53:28:23:1c:0a:cc:33:d0:90:d8:2c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\runtime_sdk_sansdrm\Runtime-SDK-SansDRM.vc2015.pdb

Imports

kernel32

FindFirstFileW
FindNextFileW
GetTempPathW
SetUnhandledExceptionFilter
GetCurrentProcess
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
GetFileAttributesA
GetFileAttributesExW
GetFileInformationByHandle
GetFileSizeEx
GetFullPathNameW
GetLogicalDriveStringsW
GetLongPathNameW
GetTempFileNameW
GetVolumeInformationW
RemoveDirectoryW
GetUserDefaultUILanguage
SetFilePointerEx
DeviceIoControl
CreateMutexA
CreateProcessW
GetModuleFileNameA
GetModuleFileNameW
lstrlenW
GetTempPathA
GetTempFileNameA
GetSystemWow64DirectoryW
GetDriveTypeW
GetProcessTimes
SetLastError
GetStdHandle
SetNamedPipeHandleState
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
SetConsoleCtrlHandler
ReleaseSemaphore
CreateSemaphoreW
DuplicateHandle
GetCurrentThread
GetExitCodeThread
GetLocaleInfoA
GetExitCodeProcess
GetModuleHandleA
LCMapStringW
GetLocaleInfoW
LocalFree
ConnectNamedPipe
GetOverlappedResult
OpenProcess
GetSystemTimeAsFileTime
CreateNamedPipeA
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
lstrlenA
GetComputerNameExW
SetHandleInformation
CreateNamedPipeW
CancelIo
TerminateProcess
FormatMessageW
GenerateConsoleCtrlEvent
SizeofResource
LoadLibraryExW
lstrcmpiW
FindResourceW
SetThreadAffinityMask
CompareFileTime
CreateEventA
SetWaitableTimer
CancelWaitableTimer
CreateWaitableTimerA
VerifyVersionInfoA
IsDebuggerPresent
OutputDebugStringW
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
LoadLibraryExA
CompareStringW
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
WaitForSingleObjectEx
GetStartupInfoW
FindClose
RtlUnwindEx
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
ReadConsoleW
VerifyVersionInfoW
MoveFileExW
FindResourceExA
LoadLibraryW
GlobalFree
LockResource
LoadResource
FindResourceExW
GetSystemDirectoryA
CreateProcessA
ExitThread
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetFileAttributesW
DeleteFileW
CreateFileW
CreateFileA
VerSetConditionMask
CreateWaitableTimerW
WaitForMultipleObjects
GetModuleHandleW
GetTickCount
TerminateThread
CreateEventW
ResetEvent
SetEvent
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
GetLocalTime
IsDBCSLeadByte
GetCPInfo
GetACP
GetCurrentProcessId
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
TlsFree
TlsAlloc
SetThreadPriority
OpenThread
CreateThread
QueueUserAPC
SleepEx
WaitForSingleObject
CloseHandle
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemTime
GetProcessHeap
HeapSize
HeapFree
HeapAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
RaiseFailFastException
DebugBreak
RtlPcToFileHeader
GetUserDefaultLangID
GlobalMemoryStatus
FlushConsoleInputBuffer
FileTimeToSystemTime
GetVersionExW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameA
LockFile
LockFileEx
UnlockFile
UnlockFileEx
CreateFileMappingW
FormatMessageA
AreFileApisANSI
GetNumberFormatW
GetCurrencyFormatW
ReadConsoleInputA
SetConsoleMode
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetProcessAffinityMask
GetSystemInfo
TlsSetValue
TlsGetValue
GetCurrentThreadId
SwitchToThread
Sleep
DeleteCriticalSection
TryEnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
SetEndOfFile
DecodePointer

user32

CharNextW
EnumDisplayDevicesA
UpdateLayeredWindow
GetAsyncKeyState
GetLastInputInfo
SetMenuItemInfoW
GetMenuItemInfoW
InsertMenuItemW
RemoveMenu
SetMenuInfo
GetMenuInfo
TrackPopupMenu
DestroyMenu
CreatePopupMenu
CreateMenu
DdeFreeStringHandle
DdeCreateStringHandleA
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeUninitialize
DdeInitializeW
GetKeyboardLayout
ActivateKeyboardLayout
MapVirtualKeyW
ToAscii
GetKeyboardState
CharLowerW
CharUpperW
UnregisterClassA
SetCaretPos
ShowCaret
DestroyCaret
CreateCaret
PostQuitMessage
GetMessageW
EnumDisplayMonitors
ChangeDisplaySettingsExW
PostMessageA
GetSysColor
GetWindowDC
GetMenuBarInfo
EnumDisplaySettingsW
GetWindow
EnumWindows
GetClassLongW
SetWindowLongW
GetWindowLongW
MapWindowPoints
GetWindowTextW
SetWindowRgn
EndPaint
BeginPaint
UpdateWindow
DeleteMenu
GetSystemMenu
DrawMenuBar
SetMenu
GetActiveWindow
IsZoomed
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
FlashWindowEx
ShowWindowAsync
ShowWindow
IsWindow
GetClassInfoExW
GetAncestor
FindWindowExW
EnumChildWindows
RemovePropW
SetForegroundWindow
GetForegroundWindow
WaitForInputIdle
GetWindowInfo
LoadCursorW
UnregisterClassW
GetUserObjectInformationW
GetProcessWindowStation
RegisterWindowMessageA
OffsetRect
EnumDisplayDevicesW
GetDoubleClickTime
GetKeyState
GetCursorPos
ScreenToClient
RegisterClipboardFormatA
RegisterClipboardFormatW
GetClipboardFormatNameA
GetDC
ReleaseDC
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
EmptyClipboard
IsClipboardFormatAvailable
TranslateMessage
DispatchMessageW
GetWindowThreadProcessId
CopyRect
SetCursorPos
InvalidateRect
KillTimer
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetQueueStatus
GetFocus
CallWindowProcW
AttachThreadInput
GetMessageTime
TrackMouseEvent
LoadStringW
CloseWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
MsgWaitForMultipleObjects
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
DestroyIcon
LoadIconW
GetParent
GetDesktopWindow
SetWindowLongPtrW
GetWindowLongPtrW
PtInRect
InflateRect
SetRectEmpty
PeekMessageW
SendMessageW
SendMessageTimeoutW
PostMessageW
PostThreadMessageW
DestroyWindow
MoveWindow
SetRect
ClientToScreen
GetCursor
SetCursor
MessageBoxW
MessageBoxA
GetWindowRect
GetClientRect
GetWindowTextLengthW
SetWindowTextW
GetPropW
SetPropW
GetSystemMetrics
IsWindowEnabled
EnableWindow
SendInput
SetFocus
GetDlgItemTextW
GetDlgItemTextA
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
SetWindowPos
MonitorFromPoint

ole32

CoCreateInstance
OleFlushClipboard
OleGetClipboard
OleSetClipboard
CreateBindCtx
RegisterDragDrop
DoDragDrop
RevokeDragDrop
OleIsCurrentClipboard
ReleaseStgMedium
CoUninitialize
CoTaskMemFree
CoInitialize
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
PropVariantClear
CoTaskMemAlloc
CoTaskMemRealloc
OleUninitialize
OleInitialize
MkParseDisplayName

oleaut32

SysStringLen
VariantClear
VariantInit
LoadRegTypeLi
SysAllocStringLen
SysAllocString
LoadTypeLi
VarUI4FromStr
SysFreeString

winspool.drv

ClosePrinter
EnumPrintersW
OpenPrinterW
GetPrinterW

winmm

timeEndPeriod
waveOutGetDevCapsW
timeBeginPeriod
waveOutClose
waveOutPrepareHeader
timeGetDevCaps
timeGetTime
timeKillEvent
timeSetEvent
mixerGetControlDetailsA
waveOutPause
waveOutRestart
waveInGetPosition
mixerSetControlDetails
waveOutOpen
waveOutGetPosition
waveOutUnprepareHeader
waveOutWrite
waveOutReset
waveOutGetNumDevs
waveInGetNumDevs
waveInGetDevCapsW
waveInOpen
waveInClose
waveInPrepareHeader
waveInUnprepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInReset
waveInGetDevCapsA
mixerGetID
waveOutGetDevCapsA
waveOutMessage
waveInMessage
mixerGetDevCapsA
mixerOpen
mixerClose
mixerGetLineInfoA
mixerGetLineControlsA

oleacc

AccessibleObjectFromWindow

crypt32

CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CertAddEncodedCertificateToStore
CryptUnprotectData
CryptProtectData
CryptImportPublicKeyInfo
CertCloseStore
CertFindCertificateInStore
CertVerifySubjectCertificateContext
CertCreateCertificateContext
CertFreeCertificateContext
CryptVerifyMessageSignature
CryptGetMessageCertificates
CertOpenStore
CertEnumCertificatesInStore
CertGetCertificateChain
CertFreeCertificateChain
CryptFindLocalizedName

ws2_32

accept
listen
recvfrom
closesocket
htonl
htons
inet_addr
inet_ntoa
gethostname
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
setsockopt
recv
__WSAFDIsSet
shutdown
getsockopt
ntohl
ioctlsocket
sendto
send
select
connect
bind
WSAAddressToStringA
getsockname
getpeername
WSASocketW
WSAIoctl
WSAAsyncSelect
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
ntohs

gdi32

SetStretchBltMode
StretchBlt
GdiAlphaBlend
Rectangle
CreateSolidBrush
CreatePalette
GetSystemPaletteEntries
CreateDCA
GetStretchBltMode
CreateFontIndirectW
PolyBezierTo
EnumFontFamiliesExW
GetFontData
CreateBitmap
GetObjectW
BitBlt
CreateDIBSection
SetDIBitsToDevice
SelectObject
DeleteDC
LPtoDP
CreateCompatibleDC
RestoreDC
ExtCreatePen
StrokePath
SelectClipPath
FillPath
EndPath
BeginPath
AbortDoc
EndPage
StartPage
EndDoc
StartDocW
StretchDIBits
SetPolyFillMode
SaveDC
DeleteObject
CreateICW
CreateDCW
DPtoLP
ExtTextOutW
ExtTextOutA
SetWorldTransform
GetWorldTransform
GetTextMetricsW
SetTextAlign
SetTextColor
SetTextCharacterExtra
SetGraphicsMode
SetBkMode
SetBkColor
IntersectClipRect
GetTextExtentPoint32W
GetTextExtentPoint32A
GetTextColor
GetTextAlign
GetTextCharacterExtra
GetCurrentObject
GetClipRgn
GetBkMode
GetBkColor
EnumFontFamiliesW
EnumFontFamiliesA
CreateRectRgn
CreateFontIndirectA
GdiFlush
MoveToEx
SelectClipRgn
OffsetRgn
LineTo
CreatePen
CombineRgn
GetClipBox
CreateRectRgnIndirect
GetDeviceCaps
GetDIBits
CreateCompatibleBitmap
SelectPalette
RealizePalette
GetICMProfileA
SetPixel
GetStockObject
ResetDCW

msimg32

AlphaBlend

advapi32

RegOpenKeyExW
RegOpenKeyExA
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyA
SetSecurityInfo
SetEntriesInAclW
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
MakeSelfRelativeSD
InitializeSecurityDescriptor
InitializeAcl
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExA
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgW
PageSetupDlgW

shell32

ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW
CommandLineToArgvW
SHChangeNotify
SHGetSpecialFolderLocation
Shell_NotifyIconW
ord4
ord2
SHGetDiskFreeSpaceExW
SHFileOperationW
SHGetFolderPathW
SHAppBarMessage
SHGetSettings
SHBrowseForFolderW
SHGetFolderLocation
SHGetFolderPathA
SHGetPathFromIDListW

shlwapi

AssocQueryStringW
PathFileExistsW
PathRemoveFileSpecW
StrStrIW
StrRStrIW
ord219
PathAppendA
PathAppendW
StrDupW
StrCmpW

wininet

InternetSetCookieW
InternetErrorDlg
InternetGetCookieW

msi

ord137
ord141
ord16
ord113
ord88
ord205
ord90
ord173
ord70
ord125
ord121
ord17
ord20
ord92
ord151
ord153
ord78
ord159
ord32
ord84
ord72
ord96
ord37
ord8

urlmon

CopyStgMedium
CoInternetCompareUrl
CoInternetParseUrl

comctl32

ImageList_Draw
ImageList_GetIconSize

mscms

TranslateBitmapBits
CloseColorProfile
CreateColorTransformW
DeleteColorTransform
OpenColorProfileW

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData

dsound

ord1
ord8

iphlpapi

GetAdaptersAddresses

dnsapi

DnsQuery_UTF8
DnsFree

Exports

Exports

ADLWMain
AppEntryWinMain
AppInstallWinMain
CaptiveAppEntryWinMain
ExtendedAppEntryWinMain
FREAcquireBitmapData
FREAcquireBitmapData2
FREAcquireByteArray
FRECallObjectMethod
FREDispatchStatusEventAsync
FREGetArrayElementAt
FREGetArrayLength
FREGetContextActionScriptData
FREGetContextNativeData
FREGetObjectAsBool
FREGetObjectAsDouble
FREGetObjectAsInt32
FREGetObjectAsUTF8
FREGetObjectAsUint32
FREGetObjectProperty
FREGetObjectType
FREInvalidateBitmapDataRect
FRENewObject
FRENewObjectFromBool
FRENewObjectFromDouble
FRENewObjectFromInt32
FRENewObjectFromUTF8
FRENewObjectFromUint32
FREReleaseBitmapData
FREReleaseByteArray
FRESetArrayElementAt
FRESetArrayLength
FRESetContextActionScriptData
FRESetContextNativeData
FRESetObjectProperty
NAIPWMain
RuntimeInstallerWinMain

Sections

.text
Size: 11.5MB - Virtual size: 11.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 570KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 527KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/CaptiveAppEntry.exe
.exe windows:6 windows x64 arch:x64

7404853f9a2768583879ed766d465f38

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

Imports

kernel32

SetStdHandle
WriteConsoleW
GetProcAddress
ExitProcess
HeapAlloc
GetProcessHeap
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
CreateFileW
GetUserDefaultUILanguage
GetModuleFileNameW
GetStdHandle
GetCommandLineW
RaiseException
SetFilePointerEx
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
WriteFile
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
GetCurrentProcess
GetModuleFileNameA
TerminateProcess
GetModuleHandleExW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapFree

shell32

CommandLineToArgvW

user32

MessageBoxExW

shlwapi

StrCmpW

Exports

Exports

AmdPowerXpressRequestBetterBatteryLife
NvOptimusDisablement

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/Licenses/cairo/COPYING
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/Licenses/cairo/COPYING-LGPL-2.1
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/Licenses/cairo/COPYING-MPL-1.1
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/Licenses/pcre2/COPYING
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/Licenses/pixman/COPYING
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/NPSWF32.dll
.dll windows:5 windows x86 arch:x86

b8ee5247fe5026a539c47b8fccacd597

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-01-2019 00:00

Not After

03-02-2021 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:f1:c7:7a:e9:4b:3c:30:70:10:48:cc:6e:c1:49:a3:ca:e5:a1:fb:ac:10:b6:9f:de:ec:10:8d:48:55:f4:46
Signer

Actual PE Digest

ee:f1:c7:7a:e9:4b:3c:30:70:10:48:cc:6e:c1:49:a3:ca:e5:a1:fb:ac:10:b6:9f:de:ec:10:8d:48:55:f4:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\depot\main\FlashRuntime\Main\code\products\AIR\AIRCaptivePlugin\Release\NPSWF32.pdb

Imports

user32

EndPaint
DestroyWindow
FillRect
LoadImageW
UnregisterClassW
GetClientRect
BeginPaint
LoadIconW
GetWindowLongW
SetWindowLongW
SetWindowPos
FrameRect
CreateWindowExW
RegisterClassW
DefWindowProcW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
GetStockObject
DeleteObject

shell32

ShellExecuteW

msvcr90

_encoded_null
memcpy
_except_handler4_common
_onexit
??3@YAXPAX@Z
??2@YAPAXI@Z
_encode_pointer
_malloc_crt
free
memset
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock

kernel32

QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetTickCount
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/NPSWF64.dll
.dll windows:5 windows x64 arch:x64

ad9a10c28b07039cee460ff13509e776

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-01-2019 00:00

Not After

03-02-2021 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:fb:8c:d0:97:d3:7e:c0:2e:01:8b:a0:b4:db:33:ab:58:48:1f:61:41:8f:4e:74:0b:a8:fb:29:d9:1d:7a:39
Signer

Actual PE Digest

3a:fb:8c:d0:97:d3:7e:c0:2e:01:8b:a0:b4:db:33:ab:58:48:1f:61:41:8f:4e:74:0b:a8:fb:29:d9:1d:7a:39

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sage21920\Main\code\products\AIR\AIRCaptivePlugin\x64\Release\NPSWF64.pdb

Imports

user32

EndPaint
DestroyWindow
FillRect
LoadImageW
UnregisterClassW
GetClientRect
BeginPaint
LoadIconW
GetWindowLongW
SetWindowLongW
SetWindowPos
FrameRect
CreateWindowExW
RegisterClassW
DefWindowProcW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
GetObjectW
GetStockObject
DeleteObject

shell32

ShellExecuteW

msvcr90

_initterm_e
memset
_onexit
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_encode_pointer
_malloc_crt
_initterm
memcpy
free
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock

kernel32

QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
GetTickCount
IsDebuggerPresent
Sleep
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlVirtualUnwind
SetUnhandledExceptionFilter

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/WebKit.dll
.dll windows:6 windows x64 arch:x64

704e216694e44094d78982517b7af7eb

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31-01-2019 00:00

Not After

03-02-2021 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Flash Player,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04-01-2017 00:00

Not After

18-01-2028 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:17:52:43:73:12:66:88:eb:11:8b:12:fd:fd:55:9b:d6:15:ce:39:9e:b0:29:6a:84:c4:99:76:40:01:dd:e5
Signer

Actual PE Digest

ff:17:52:43:73:12:66:88:eb:11:8b:12:fd:fd:55:9b:d6:15:ce:39:9e:b0:29:6a:84:c4:99:76:40:01:dd:e5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\WebKit.pdb

Imports

kernel32

TlsGetValue
TlsSetValue
TlsFree
InterlockedFlushSList
SetLastError
HeapSize
GetTimeZoneInformation
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetProcessHeap
HeapReAlloc
GetACP
GetStdHandle
GetFileType
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
TlsAlloc
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RaiseException
EncodePointer
RtlPcToFileHeader
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
CompareStringW
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
SetEndOfFile
CreateDirectoryW
GetFullPathNameA
GetFullPathNameW
ReadConsoleW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileAttributesA
LoadLibraryW
FormatMessageW
LocalFree
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
GetLocaleInfoW
MultiByteToWideChar
GetLastError
LoadLibraryExW
GetProcAddress
FreeLibrary
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExW
ReadFile
GetFileSize
CreateFileW
FoldStringW
VirtualFree
GetThreadTimes
GetCurrentThread
VirtualAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
CloseHandle
WriteFile
DeleteFileA
GetTickCount
GetOEMCP

user32

SetParent
GetWindowLongPtrW
SetWindowLongPtrW
ShowWindow
SetFocus
GetKeyboardState
SetKeyboardState
GetWindowRect
ClientToScreen
SendMessageW
DefWindowProcA
DefWindowProcW
CallWindowProcW
RegisterClassExW
IsChild
DestroyWindow
MoveWindow
GetFocus
FillRect
SystemParametersInfoW
ReleaseDC
SetCapture
ReleaseCapture
UpdateWindow
GetUpdateRect
SetWindowRgn
GetWindowRgn
GetDC
GetLastInputInfo
LoadCursorW
CreateWindowExW
SetWindowLongPtrA
EqualRect
IntersectRect
GetPropW
SetPropW
InvalidateRect

gdi32

GetCharWidthI
GetTextMetricsW
GetGlyphOutlineW
GetOutlineTextMetricsW
AddFontMemResourceEx
GetTextFaceW
EnumEnhMetaFile
DeleteEnhMetaFile
CreateEnhMetaFileW
CloseEnhMetaFile
GetFontUnicodeRanges
GetStockObject
EnumFontFamiliesExW
RemoveFontMemResourceEx
CreateFontIndirectW
GetFontData
ModifyWorldTransform
SaveDC
RestoreDC
IntersectClipRect
CreateDIBSection
SetWorldTransform
GetWorldTransform
SetGraphicsMode
SelectObject
GetRgnBox
GetClipBox
DeleteObject
CreateRectRgn
CreateCompatibleDC
GetGlyphIndicesW
GetObjectW
BitBlt
CreateCompatibleBitmap
DeleteDC
ExtCreateRegion
GetClipRgn
GetGraphicsMode
SelectClipRgn
ExtSelectClipRgn
GdiFlush
SetBkMode
SetTextColor
SetTextAlign
ExtTextOutW
GetCharWidth32W
SetMapMode
GetDeviceCaps
CreateSolidBrush
StretchDIBits

usp10

ScriptStringFree
ScriptStringOut
ScriptFreeCache
ScriptItemize
ScriptShape
ScriptStringAnalyse
ScriptPlace
ScriptXtoCP

urlmon

FindMimeFromData

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeEndPeriod
timeBeginPeriod

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

ole32

CoTaskMemFree
CoCreateInstance
CoCreateGuid

Exports

Exports

WebKitGetAPI
cairo_append_path
cairo_arc
cairo_arc_negative
cairo_clip
cairo_clip_extents
cairo_clip_preserve
cairo_close_path
cairo_copy_clip_rectangle_list
cairo_copy_page
cairo_copy_path
cairo_copy_path_flat
cairo_create
cairo_curve_to
cairo_debug_reset_static_data
cairo_destroy
cairo_device_acquire
cairo_device_destroy
cairo_device_finish
cairo_device_flush
cairo_device_get_reference_count
cairo_device_get_type
cairo_device_get_user_data
cairo_device_reference
cairo_device_release
cairo_device_set_user_data
cairo_device_status
cairo_device_to_user
cairo_device_to_user_distance
cairo_fill
cairo_fill_extents
cairo_fill_preserve
cairo_font_extents
cairo_font_face_destroy
cairo_font_face_get_reference_count
cairo_font_face_get_type
cairo_font_face_get_user_data
cairo_font_face_reference
cairo_font_face_set_user_data
cairo_font_face_status
cairo_font_options_copy
cairo_font_options_create
cairo_font_options_destroy
cairo_font_options_equal
cairo_font_options_get_antialias
cairo_font_options_get_hint_metrics
cairo_font_options_get_hint_style
cairo_font_options_get_subpixel_order
cairo_font_options_hash
cairo_font_options_merge
cairo_font_options_set_antialias
cairo_font_options_set_hint_metrics
cairo_font_options_set_hint_style
cairo_font_options_set_subpixel_order
cairo_font_options_status
cairo_format_stride_for_width
cairo_get_antialias
cairo_get_current_point
cairo_get_dash
cairo_get_dash_count
cairo_get_fill_rule
cairo_get_font_face
cairo_get_font_matrix
cairo_get_font_options
cairo_get_group_target
cairo_get_line_cap
cairo_get_line_join
cairo_get_line_width
cairo_get_matrix
cairo_get_miter_limit
cairo_get_operator
cairo_get_reference_count
cairo_get_scaled_font
cairo_get_source
cairo_get_target
cairo_get_tolerance
cairo_get_user_data
cairo_glyph_allocate
cairo_glyph_extents
cairo_glyph_free
cairo_glyph_path
cairo_has_current_point
cairo_identity_matrix
cairo_image_surface_create
cairo_image_surface_create_for_data
cairo_image_surface_create_from_png
cairo_image_surface_create_from_png_stream
cairo_image_surface_get_data
cairo_image_surface_get_format
cairo_image_surface_get_height
cairo_image_surface_get_stride
cairo_image_surface_get_width
cairo_in_clip
cairo_in_fill
cairo_in_stroke
cairo_line_to
cairo_mask
cairo_mask_surface
cairo_matrix_init
cairo_matrix_init_identity
cairo_matrix_init_rotate
cairo_matrix_init_scale
cairo_matrix_init_translate
cairo_matrix_invert
cairo_matrix_multiply
cairo_matrix_rotate
cairo_matrix_scale
cairo_matrix_transform_distance
cairo_matrix_transform_point
cairo_matrix_translate
cairo_mesh_pattern_begin_patch
cairo_mesh_pattern_curve_to
cairo_mesh_pattern_end_patch
cairo_mesh_pattern_get_control_point
cairo_mesh_pattern_get_corner_color_rgba
cairo_mesh_pattern_get_patch_count
cairo_mesh_pattern_get_path
cairo_mesh_pattern_line_to
cairo_mesh_pattern_move_to
cairo_mesh_pattern_set_control_point
cairo_mesh_pattern_set_corner_color_rgb
cairo_mesh_pattern_set_corner_color_rgba
cairo_move_to
cairo_new_path
cairo_new_sub_path
cairo_paint
cairo_paint_with_alpha
cairo_path_destroy
cairo_path_extents
cairo_pattern_add_color_stop_rgb
cairo_pattern_add_color_stop_rgba
cairo_pattern_create_for_surface
cairo_pattern_create_linear
cairo_pattern_create_mesh
cairo_pattern_create_radial
cairo_pattern_create_raster_source
cairo_pattern_create_rgb
cairo_pattern_create_rgba
cairo_pattern_destroy
cairo_pattern_get_color_stop_count
cairo_pattern_get_color_stop_rgba
cairo_pattern_get_extend
cairo_pattern_get_filter
cairo_pattern_get_linear_points
cairo_pattern_get_matrix
cairo_pattern_get_radial_circles
cairo_pattern_get_reference_count
cairo_pattern_get_rgba
cairo_pattern_get_surface
cairo_pattern_get_type
cairo_pattern_get_user_data
cairo_pattern_reference
cairo_pattern_set_extend
cairo_pattern_set_filter
cairo_pattern_set_matrix
cairo_pattern_set_user_data
cairo_pattern_status
cairo_pop_group
cairo_pop_group_to_source
cairo_push_group
cairo_push_group_with_content
cairo_raster_source_pattern_get_acquire
cairo_raster_source_pattern_get_callback_data
cairo_raster_source_pattern_get_copy
cairo_raster_source_pattern_get_finish
cairo_raster_source_pattern_get_snapshot
cairo_raster_source_pattern_set_acquire
cairo_raster_source_pattern_set_callback_data
cairo_raster_source_pattern_set_copy
cairo_raster_source_pattern_set_finish
cairo_raster_source_pattern_set_snapshot
cairo_recording_surface_create
cairo_recording_surface_get_extents
cairo_recording_surface_ink_extents
cairo_rectangle
cairo_rectangle_list_destroy
cairo_reference
cairo_region_contains_point
cairo_region_contains_rectangle
cairo_region_copy
cairo_region_create
cairo_region_create_rectangle
cairo_region_create_rectangles
cairo_region_destroy
cairo_region_equal
cairo_region_get_extents
cairo_region_get_rectangle
cairo_region_intersect
cairo_region_intersect_rectangle
cairo_region_is_empty
cairo_region_num_rectangles
cairo_region_reference
cairo_region_status
cairo_region_subtract
cairo_region_subtract_rectangle
cairo_region_translate
cairo_region_union
cairo_region_union_rectangle
cairo_region_xor
cairo_region_xor_rectangle
cairo_rel_curve_to
cairo_rel_line_to
cairo_rel_move_to
cairo_reset_clip
cairo_restore
cairo_rotate
cairo_save
cairo_scale
cairo_scaled_font_create
cairo_scaled_font_destroy
cairo_scaled_font_extents
cairo_scaled_font_get_ctm
cairo_scaled_font_get_font_face
cairo_scaled_font_get_font_matrix
cairo_scaled_font_get_font_options
cairo_scaled_font_get_reference_count
cairo_scaled_font_get_scale_matrix
cairo_scaled_font_get_type
cairo_scaled_font_get_user_data
cairo_scaled_font_glyph_extents
cairo_scaled_font_reference
cairo_scaled_font_set_user_data
cairo_scaled_font_status
cairo_scaled_font_text_extents
cairo_scaled_font_text_to_glyphs
cairo_select_font_face
cairo_set_antialias
cairo_set_dash
cairo_set_fill_rule
cairo_set_font_face
cairo_set_font_matrix
cairo_set_font_options
cairo_set_font_size
cairo_set_line_cap
cairo_set_line_join
cairo_set_line_width
cairo_set_matrix
cairo_set_miter_limit
cairo_set_operator
cairo_set_scaled_font
cairo_set_source
cairo_set_source_rgb
cairo_set_source_rgba
cairo_set_source_surface
cairo_set_tolerance
cairo_set_user_data
cairo_show_glyphs
cairo_show_page
cairo_show_text
cairo_show_text_glyphs
cairo_status
cairo_status_to_string
cairo_stroke
cairo_stroke_extents
cairo_stroke_preserve
cairo_surface_copy_page
cairo_surface_create_similar
cairo_surface_create_similar_image
cairo_surface_destroy
cairo_surface_finish
cairo_surface_flush
cairo_surface_get_content
cairo_surface_get_device
cairo_surface_get_device_offset
cairo_surface_get_device_scale
cairo_surface_get_fallback_resolution
cairo_surface_get_font_options
cairo_surface_get_mime_data
cairo_surface_get_reference_count
cairo_surface_get_type
cairo_surface_get_user_data
cairo_surface_has_show_text_glyphs
cairo_surface_map_to_image
cairo_surface_mark_dirty
cairo_surface_mark_dirty_rectangle
cairo_surface_reference
cairo_surface_set_device_offset
cairo_surface_set_device_scale
cairo_surface_set_fallback_resolution
cairo_surface_set_mime_data
cairo_surface_set_user_data
cairo_surface_show_page
cairo_surface_status
cairo_surface_supports_mime_type
cairo_surface_unmap_image
cairo_surface_write_to_png
cairo_surface_write_to_png_stream
cairo_text_cluster_allocate
cairo_text_cluster_free
cairo_text_extents
cairo_text_path
cairo_toy_font_face_create
cairo_toy_font_face_get_family
cairo_toy_font_face_get_slant
cairo_toy_font_face_get_weight
cairo_transform
cairo_translate
cairo_user_font_face_create
cairo_user_font_face_get_init_func
cairo_user_font_face_get_render_glyph_func
cairo_user_font_face_get_text_to_glyphs_func
cairo_user_font_face_get_unicode_to_glyph_func
cairo_user_font_face_set_init_func
cairo_user_font_face_set_render_glyph_func
cairo_user_font_face_set_text_to_glyphs_func
cairo_user_font_face_set_unicode_to_glyph_func
cairo_user_to_device
cairo_user_to_device_distance
cairo_win32_font_face_create_for_hfont
cairo_win32_font_face_create_for_logfontw
cairo_win32_font_face_create_for_logfontw_hfont
cairo_win32_scaled_font_done_font
cairo_win32_scaled_font_get_device_to_logical
cairo_win32_scaled_font_get_logical_to_device
cairo_win32_scaled_font_get_metrics_factor
cairo_win32_scaled_font_select_font
cairo_win32_surface_create
cairo_win32_surface_create_with_ddb
cairo_win32_surface_create_with_dib
cairo_win32_surface_get_dc
cairo_win32_surface_get_image

Sections

.text
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.unwante
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/WebKit/LGPL License.txt
R3Air.2.0.0.Release.64/Adobe AIR/Versions/1.0/Resources/WebKit/Notice WebKit.txt
R3Air.2.0.0.Release.64/META-INF/AIR/application.xml
.xml
R3Air.2.0.0.Release.64/META-INF/AIR/hash
R3Air.2.0.0.Release.64/META-INF/signatures.xml
R3Air.2.0.0.Release.64/R3.exe
.exe windows:6 windows x64 arch:x64

7404853f9a2768583879ed766d465f38

Code Sign

59:35:6f:52:b7:fd:ca:b3:4f:13:04:cb:05:af:14:a4
Certificate

Issuer

CN=Air Signing Certificate

Not Before

17-06-2021 20:24

Not After

17-06-2025 20:34

Subject

CN=Air Signing Certificate

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

66:ca:77:c2:fa:5d:59:2c:a1:c8:ed:82:ff:1f:a1:f6:b7:48:7c:61:19:07:e2:d6:a4:84:98:98:05:96:d8:e8
Signer

Actual PE Digest

66:ca:77:c2:fa:5d:59:2c:a1:c8:ed:82:ff:1f:a1:f6:b7:48:7c:61:19:07:e2:d6:a4:84:98:98:05:96:d8:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\r\ws\St_Make\code\build\win\results\Release\info\CaptiveAppEntry.vc2015.pdb

Imports

kernel32

SetStdHandle
WriteConsoleW
GetProcAddress
ExitProcess
HeapAlloc
GetProcessHeap
GetModuleHandleW
LoadLibraryW
GetFileAttributesW
CreateFileW
GetUserDefaultUILanguage
GetModuleFileNameW
GetStdHandle
GetCommandLineW
RaiseException
SetFilePointerEx
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
WriteFile
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
RtlUnwindEx
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetFileType
GetCurrentProcess
GetModuleFileNameA
TerminateProcess
GetModuleHandleExW
GetACP
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapFree

shell32

CommandLineToArgvW

user32

MessageBoxExW

shlwapi

StrCmpW

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
R3Air.2.0.0.Release.64/R3Air.swf
R3Air.2.0.0.Release.64/changelog.txt
R3Air.2.0.0.Release.64/data/icons/icon-144.png
.png
R3Air.2.0.0.Release.64/data/icons/icon-180.png
.png
R3Air.2.0.0.Release.64/data/icons/icon-192.png
.png
R3Air.2.0.0.Release.64/data/icons/icon-36.png
.png
R3Air.2.0.0.Release.64/data/icons/icon-48.png
.png
R3Air.2.0.0.Release.64/data/icons/icon-512.png
.png
R3Air.2.0.0.Release.64/data/icons/icon-72.png
.png
R3Air.2.0.0.Release.64/data/icons/icon-96.png
.png
R3Air.2.0.0.Release.64/mimetype

Sharing

General

Malware Config

Signatures

Files

3740f4e247142de610d3acf8455d9122

Code Sign

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

6c:c0:30:77:40:4d:cb:02:58:13:48:18:d6:d7:bd:e4:9c:19:f2:1e:bf:53:28:23:1c:0a:cc:33:d0:90:d8:2cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

ole32

oleaut32

winspool.drv

winmm

oleacc

crypt32

ws2_32

gdi32

msimg32

advapi32

version

comdlg32

shell32

shlwapi

wininet

msi

urlmon

comctl32

mscms

secur32

dsound

iphlpapi

dnsapi

Exports

Exports

Sections

.text Size: 11.5MB - Virtual size: 11.5MB

.rdata Size: 6.8MB - Virtual size: 6.8MB

.data Size: 570KB - Virtual size: 1.5MB

.pdata Size: 527KB - Virtual size: 526KB

.tls Size: 512B - Virtual size: 9B

_RDATA Size: 512B - Virtual size: 8B

.rsrc Size: 209KB - Virtual size: 209KB

.reloc Size: 240KB - Virtual size: 239KB

7404853f9a2768583879ed766d465f38

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

user32

shlwapi

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 2KB - Virtual size: 1KB

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

6c:c0:30:77:40:4d:cb:02:58:13:48:18:d6:d7:bd:e4:9c:19:f2:1e:bf:53:28:23:1c:0a:cc:33:d0:90:d8:2c
Signer

.text
Size: 11.5MB - Virtual size: 11.5MB

.rdata
Size: 6.8MB - Virtual size: 6.8MB

.data
Size: 570KB - Virtual size: 1.5MB

.pdata
Size: 527KB - Virtual size: 526KB

.tls
Size: 512B - Virtual size: 9B

_RDATA
Size: 512B - Virtual size: 8B

.rsrc
Size: 209KB - Virtual size: 209KB

.reloc
Size: 240KB - Virtual size: 239KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 2KB - Virtual size: 1KB

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ee:f1:c7:7a:e9:4b:3c:30:70:10:48:cc:6e:c1:49:a3:ca:e5:a1:fb:ac:10:b6:9f:de:ec:10:8d:48:55:f4:46
Signer

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 1024B - Virtual size: 592B

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3a:fb:8c:d0:97:d3:7e:c0:2e:01:8b:a0:b4:db:33:ab:58:48:1f:61:41:8f:4e:74:0b:a8:fb:29:d9:1d:7a:39
Signer

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 372B

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 512B - Virtual size: 36B

0d:2c:ac:cd:3e:9e:ec:06:73:84:10:ba:31:bf:65:95
Certificate