ossec-agent[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ossec-agent.zip
Size

7.8MB
MD5

48bc89f44ff55784e7ebd5b771869d2f
SHA1

0e226599a257dcfd640c87909682e26cd7c8219d
SHA256

301217c1abc0dded8d8ce06c51e2c769dc371fce46fbd599b6fa1b1f68e0f70f
SHA512

9f27ac663e13a28b449561a4567857bf8be0dd3195f367c5b8005251127b0e4096a8a42efb8c4e31b87971b14ec5ccabc46c364397440556e3c1d06d9db43605
SSDEEP

196608:V3TlISPzd15E51//hKuE7XWMtyEr5TnEnNBvjNPvJj2XEO9:JTlbJ7K/hKuIXWMtyaTABvjNPhj2Ug

Score

1^/10

Malware Config

Signatures

Files

ossec-agent.zip
.zip
ossec-agent/.agent_info
ossec-agent/LICENSE.txt
ossec-agent/REVISION
ossec-agent/VERSION
ossec-agent/active-response/active-responses.log
ossec-agent/active-response/bin/netsh.exe
.exe windows:4 windows x86 arch:x86

4ce980453bf7989a62f48ead41b68215

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:44:5b:ea:55:f9:6f:e4:ed:15:79:ae:ea:9e:b4:cc:bb:6c:23:59:50:ff:d0:34:f8:ee:29:e3:8e:31:e4:de
Signer

Actual PE Digest

be:44:5b:ea:55:f9:6f:e4:ed:15:79:ae:ea:9e:b4:cc:bb:6c:23:59:50:ff:d0:34:f8:ee:29:e3:8e:31:e4:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringA
CertOpenSystemStoreA

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileA
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrcmpiA

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_findclose
_fullpath
_get_osfhandle
_initterm
_iob
_lock
_onexit
_open_osfhandle
_setjmp3
_ultoa
_unlock
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fread
free
fseek
fsetpos
ftell
fwrite
getc
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memcpy
memmove
memset
localtime
_mktemp
printf
qsort
realloc
rename
setlocale
signal
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
strtoul
tolower
ungetc
vfprintf
time
wcslen
wcstombs
_stat
_findnext
_findfirst
longjmp
_unlink
_umask
_strdup
_rmdir
_mkdir
_getpid
_getcwd
_fdopen
_close
_chdir

psapi

EnumProcessModules
GetModuleFileNameExW

shlwapi

PathFindFileNameA
PathRemoveFileSpecA

user32

GetSystemMetrics

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/active-response/bin/route-null.exe
.exe windows:4 windows x86 arch:x86

f0386a019ccd410900a0447d003a35ad

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:5c:43:d0:d0:ad:64:5c:26:c2:20:47:98:5f:fb:0e:31:0c:1f:b6:69:3a:30:8d:5a:1e:df:bc:70:78:c8:ab
Signer

Actual PE Digest

54:5c:43:d0:d0:ad:64:5c:26:c2:20:47:98:5f:fb:0e:31:0c:1f:b6:69:3a:30:8d:5a:1e:df:bc:70:78:c8:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringA
CertOpenSystemStoreA

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileA
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrcmpiA

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_findclose
_fullpath
_get_osfhandle
_initterm
_iob
_lock
_onexit
_open_osfhandle
_setjmp3
_ultoa
_unlock
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fread
free
fseek
fsetpos
ftell
fwrite
getc
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memcpy
memmove
memset
localtime
_mktemp
printf
qsort
realloc
remove
rename
setlocale
signal
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtol
strtoul
system
tolower
ungetc
vfprintf
time
wcslen
wcstombs
_stat
_findnext
_findfirst
longjmp
_unlink
_umask
_strdup
_rmdir
_mkdir
_getpid
_getcwd
_fdopen
_close
_chdir

psapi

EnumProcessModules
GetModuleFileNameExW

shlwapi

PathFindFileNameA
PathRemoveFileSpecA

user32

GetSystemMetrics

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/agent-auth.exe
.exe windows:4 windows x86 arch:x86

a9ae31497db1c93495d596634080b3c8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:b8:8d:c9:9d:00:45:21:c4:55:2d:01:c5:e9:eb:a1:de:4d:24:e8:7c:74:4e:7e:ef:76:10:1d:1b:ce:48:16
Signer

Actual PE Digest

98:b8:8d:c9:9d:00:45:21:c4:55:2d:01:c5:e9:eb:a1:de:4d:24:e8:7c:74:4e:7e:ef:76:10:1d:1b:ce:48:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
CryptAcquireContextA
CryptGenRandom
DeleteService
FreeSid
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringA
CertOpenSystemStoreA

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileA
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrcmpiA

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p___argv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_findclose
_fullpath
_get_osfhandle
_initterm
_iob
_lock
_onexit
_open_osfhandle
_setjmp3
_ultoa
_unlock
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
isalnum
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memchr
memcpy
memmove
memset
mktime
localtime
_mktemp
printf
qsort
realloc
rename
setlocale
signal
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
ungetc
vfprintf
time
_stricmp
_strnicmp
wcslen
wcstombs
_stat
_findnext
_findfirst
longjmp
_unlink
_umask
_strdup
_rmdir
_mkdir
_getpid
_getcwd
_fdopen
_close
_chdir

psapi

EnumProcessModules
GetModuleFileNameExW

shlwapi

PathFindFileNameA
PathRemoveFileSpecA

user32

GetSystemMetrics

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust

ws2_32

freeaddrinfo
getaddrinfo

wsock32

WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostname
getsockopt
htonl
htons
inet_addr
inet_ntoa
listen
ntohl
recv
select
send
setsockopt
socket

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/agent-auth.exe.manifest
ossec-agent/client.keys
ossec-agent/dbsync.dll
.dll windows:4 windows x86 arch:x86

81e3aa7422bd934511db273cd02a3ab6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:a7:c5:05:7e:4f:7e:cf:65:07:4f:78:e5:36:c8:6d:82:6e:49:de:3b:39:9e:4f:b6:4e:38:98:24:6b:dd:b4
Signer

Actual PE Digest

a2:a7:c5:05:7e:4f:7e:cf:65:07:4f:78:e5:36:c8:6d:82:6e:49:de:3b:39:9e:4f:b6:4e:38:98:24:6b:dd:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_assert
_errno
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
fputc
free
fwrite
islower
isspace
isupper
localeconv
malloc
memcmp
memcpy
memmove
memset
realloc
remove
setlocale
strchr
strerror
strlen
strncmp
strtol
vfprintf
wcslen

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__divdi3
__moddi3
__register_frame_info
__udivdi3
__umoddi3

libstdc++-6

_ZNKSt13runtime_error4whatEv
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt9type_infoeqERKS_
_ZNSo3putEc
_ZNSo5flushEv
_ZNSolsEi
_ZNSt12__basic_fileIcED1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_filebufIcSt11char_traitsIcEEC1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC1ERKS_
_ZNSt13runtime_errorD1Ev
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6thread20hardware_concurrencyEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6insertEjPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6resizeEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERjj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_mutateEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9push_backEc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_
_ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE7_M_syncEPcjj
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZNSt9exceptionD2Ev
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_i
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt20__throw_system_errori
_ZSt24__throw_invalid_argumentPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt4cerr
_ZSt4cout
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZSt9terminatev
_ZTTNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTTSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSt13basic_filebufIcSt11char_traitsIcEE
_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZdlPvj
_Znwj
__cxa_allocate_exception
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__gxx_personality_v0

Exports

Exports

_ZN11DeleteQuery4dataERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN11DeleteQuery5resetEv
_ZN11DeleteQuery9rowFilterERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN11InsertQuery4dataERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN11InsertQuery5resetEv
_ZN11SelectQuery10columnListERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS6_EE
_ZN11SelectQuery10orderByOptERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN11SelectQuery11distinctOptEb
_ZN11SelectQuery8countOptEj
_ZN11SelectQuery9rowFilterERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN12SyncRowQuery12ignoreColumnERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN12SyncRowQuery13returnOldDataEv
_ZN12SyncRowQuery4dataERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN12SyncRowQuery5resetEv
_ZN6DBSync10deleteRowsERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN6DBSync10initializeESt8functionIFvRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEE
_ZN6DBSync10insertDataERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN6DBSync10selectRowsERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEESt8functionIFv18ReturnTypeCallbackSG_EE
_ZN6DBSync14setTableMaxRowERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEx
_ZN6DBSync18updateWithSnapshotERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEERSE_
_ZN6DBSync18updateWithSnapshotERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEESt8functionIFv18ReturnTypeCallbackSG_EE
_ZN6DBSync20addTableRelationshipERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN6DBSync7syncRowERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEESt8functionIFv18ReturnTypeCallbackSG_EE
_ZN6DBSync8teardownEv
_ZN6DBSyncC1E8HostType12DbEngineTypeRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_
_ZN6DBSyncC1EPv
_ZN6DBSyncC2E8HostType12DbEngineTypeRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_
_ZN6DBSyncC2EPv
_ZN6DBSyncD0Ev
_ZN6DBSyncD1Ev
_ZN6DBSyncD2Ev
_ZN9DBSyncTxn10syncTxnRowERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN9DBSyncTxn14getDeletedRowsESt8functionIFv18ReturnTypeCallbackRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS3_14adl_serializerES6_IhSaIhEEEEEE
_ZN9DBSyncTxnC1EPv
_ZN9DBSyncTxnC1EPvRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEEjjSt8functionIFv18ReturnTypeCallbackSH_EE
_ZN9DBSyncTxnC2EPv
_ZN9DBSyncTxnC2EPvRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEEjjSt8functionIFv18ReturnTypeCallbackSH_EE
_ZN9DBSyncTxnD0Ev
_ZN9DBSyncTxnD1Ev
_ZN9DBSyncTxnD2Ev
_ZTI11DeleteQuery
_ZTI11InsertQuery
_ZTI11SelectQuery
_ZTI12SyncRowQuery
_ZTI5QueryI11DeleteQueryE
_ZTI5QueryI11InsertQueryE
_ZTI5QueryI11SelectQueryE
_ZTI5QueryI12SyncRowQueryE
_ZTI6DBSync
_ZTI9DBSyncTxn
_ZTV11DeleteQuery
_ZTV11InsertQuery
_ZTV11SelectQuery
_ZTV12SyncRowQuery
_ZTV5QueryI11DeleteQueryE
_ZTV5QueryI11InsertQueryE
_ZTV5QueryI11SelectQueryE
_ZTV5QueryI12SyncRowQueryE
_ZTV6DBSync
_ZTV9DBSyncTxn
dbsync_add_table_relationship
dbsync_close_txn
dbsync_create
dbsync_create_txn
dbsync_delete_rows
dbsync_free_result
dbsync_get_deleted_rows
dbsync_initialize
dbsync_insert_data
dbsync_select_rows
dbsync_set_table_max_rows
dbsync_sync_row
dbsync_sync_txn_row
dbsync_teardown
dbsync_update_with_snapshot
dbsync_update_with_snapshot_cb

Sections

.text
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/help.txt
ossec-agent/internal_options.conf
ossec-agent/last-ossec.conf
ossec-agent/libfimdb.dll
.dll windows:4 windows x86 arch:x86

1907e2f6091e4a2a9bca956cbec74c72

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:ee:f1:f3:c9:85:a4:aa:11:80:71:86:dc:34:2c:13:2e:60:b0:af:c1:d7:14:94:bf:46:9f:87:f7:52:6f:e7
Signer

Actual PE Digest

cb:ee:f1:f3:c9:85:a4:aa:11:80:71:86:dc:34:2c:13:2e:60:b0:af:c1:d7:14:94:bf:46:9f:87:f7:52:6f:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_assert
_errno
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
fputc
free
fwrite
islower
isspace
isupper
localeconv
malloc
memcmp
memcpy
memmove
memset
realloc
setlocale
strchr
strerror
strlen
strncmp
vfprintf
time
wcslen

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__divdi3
__moddi3
__register_frame_info
__udivdi3
__umoddi3

libstdc++-6

_ZNKSt13runtime_error4whatEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt9type_infoeqERKS_
_ZNSt11logic_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt11logic_errorC2ERKS_
_ZNSt12future_errorD1Ev
_ZNSt13__future_base12_Result_baseC2Ev
_ZNSt13__future_base12_Result_baseD2Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC1ERKS_
_ZNSt13runtime_errorD1Ev
_ZNSt15__exception_ptr13exception_ptr4swapERS0_
_ZNSt15__exception_ptr13exception_ptrD1Ev
_ZNSt18condition_variable10notify_allEv
_ZNSt18condition_variable4waitERSt11unique_lockISt5mutexE
_ZNSt18condition_variableC1Ev
_ZNSt18condition_variableD1Ev
_ZNSt6chrono3_V212steady_clock3nowEv
_ZNSt6chrono3_V212system_clock3nowEv
_ZNSt6thread15_M_start_threadESt10unique_ptrINS_6_StateESt14default_deleteIS1_EEPFvvE
_ZNSt6thread4joinEv
_ZNSt6thread6_StateD2Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6insertEjPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6resizeEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERjj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_mutateEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9push_backEc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE10_M_replaceEjjPKwj
_ZNSt9exceptionD2Ev
_ZSt14__once_functor
_ZSt15future_categoryv
_ZSt16__get_once_mutexv
_ZSt17__throw_bad_allocv
_ZSt17current_exceptionv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_future_errori
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt20__throw_system_errori
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt27__set_once_functor_lock_ptrPSt11unique_lockISt5mutexE
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt9terminatev
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVSt12future_error
_ZdaPv
_ZdlPvj
_Znaj
_Znwj
__cxa_allocate_exception
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_pure_virtual
__cxa_rethrow
__cxa_throw
__cxa_throw_bad_array_new_length
__gxx_personality_v0
__once_proxy

dbsync

_ZN11DeleteQuery4dataERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN11DeleteQuery9rowFilterERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN11SelectQuery10columnListERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS6_EE
_ZN11SelectQuery10orderByOptERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN11SelectQuery11distinctOptEb
_ZN11SelectQuery8countOptEj
_ZN11SelectQuery9rowFilterERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN6DBSyncC1E8HostType12DbEngineTypeRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_
dbsync_close_txn
dbsync_create_txn
dbsync_get_deleted_rows
dbsync_initialize
dbsync_sync_txn_row

rsync

_ZN10RemoteSyncC1Ejj
_ZN14QueryParameter10columnListERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS6_EE
_ZN14QueryParameter10orderByOptERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN14QueryParameter11distinctOptEb
_ZN14QueryParameter14countFieldNameERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN14QueryParameter9rowFilterERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN21RegisterConfiguration10countRangeER14QueryParameter
_ZN21RegisterConfiguration11decoderTypeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN21RegisterConfiguration13rangeChecksumER14QueryParameter
_ZN21RegisterConfiguration6noDataER14QueryParameter
_ZN21RegisterConfiguration7rowDataER14QueryParameter
rsync_initialize

Exports

Exports

_ZN2DB10removeFileERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN2DB10searchFileERKSt5tupleIJ16FILE_SEARCH_TYPENSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES7_S7_EESt8functionIFvRKS7_EE
_ZN2DB10updateFileERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEEP21create_json_event_ctxSt8functionIFvSE_EE
_ZN2DB11pushMessageERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN2DB12DBSyncHandleEv
_ZN2DB12countEntriesERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE17COUNT_SELECT_TYPE
_ZN2DB12runIntegrityEv
_ZN2DB15createJsonEventERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEESG_18ReturnTypeCallbackP21create_json_event_ctx
_ZN2DB4initEiijjSt8functionIFvRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEESA_S0_IFv19modules_log_level_tS8_EEiibii
_ZN2DB7getFileERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt8functionIFvRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorS5_bxydSaNSA_14adl_serializerESD_IhSaIhEEEEEE
_ZN2DB8teardownEv
_ZTI10RemoteSync
_ZTI11DeleteQuery
_ZTI11InsertQuery
_ZTI11SelectQuery
_ZTI12SyncRowQuery
_ZTI13ConfigurationI21RegisterConfigurationE
_ZTI13ConfigurationI22StartSyncConfigurationE
_ZTI14QueryParameter
_ZTI21RegisterConfiguration
_ZTI22StartSyncConfiguration
_ZTI5QueryI11DeleteQueryE
_ZTI5QueryI11InsertQueryE
_ZTI5QueryI11SelectQueryE
_ZTI5QueryI12SyncRowQueryE
_ZTI6DBSync
_ZTI9DBSyncTxn
_ZTV11DeleteQuery
_ZTV11InsertQuery
_ZTV11SelectQuery
_ZTV12SyncRowQuery
_ZTV13ConfigurationI21RegisterConfigurationE
_ZTV13ConfigurationI22StartSyncConfigurationE
_ZTV14QueryParameter
_ZTV21RegisterConfiguration
_ZTV22StartSyncConfiguration
_ZTV5QueryI11DeleteQueryE
_ZTV5QueryI11InsertQueryE
_ZTV5QueryI11SelectQueryE
_ZTV5QueryI12SyncRowQueryE
fim_db_file_inode_search
fim_db_file_pattern_search
fim_db_file_update
fim_db_get_count_file_entry
fim_db_get_count_file_inode
fim_db_get_count_registry_data
fim_db_get_count_registry_key
fim_db_get_path
fim_db_init
fim_db_remove_path
fim_db_teardown
fim_db_transaction_deleted_rows
fim_db_transaction_start
fim_db_transaction_sync_row
fim_run_integrity
fim_sync_push_msg

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/libgcc_s_dw2-1.dll
.dll windows:4 windows x86 arch:x86

e29ace961c4c100b7f36b0d9cea59c9f

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:03:e2:59:d3:ca:53:bb:25:23:c1:74:ee:50:e1:8b:34:8a:54:c7:16:9c:cf:2b:8f:f5:90:95:9e:55:64:9e
Signer

Actual PE Digest

e3:03:e2:59:d3:ca:53:bb:25:23:c1:74:ee:50:e1:8b:34:8a:54:c7:16:9c:cf:2b:8f:f5:90:95:9e:55:64:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetProcAddress
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memset
realloc
strlen
strncmp
vfprintf

libwinpthread-1

pthread_getspecific
pthread_key_create
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

Exports

Exports

_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_Find_FDE
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__absvdi2
__absvsi2
__addtf3
__addvdi3
__addvsi3
__ashldi3
__ashrdi3
__bswapdi2
__bswapsi2
__clear_cache
__clrsbdi2
__clrsbsi2
__clzdi2
__clzsi2
__cmpdi2
__ctzdi2
__ctzsi2
__deregister_frame
__deregister_frame_info
__deregister_frame_info_bases
__divdc3
__divdi3
__divmoddi4
__divsc3
__divtc3
__divtf3
__divxc3
__emutls_get_address
__emutls_register_common
__enable_execute_stack
__eqtf2
__extenddftf2
__extendsftf2
__extendxftf2
__ffsdi2
__ffssi2
__fixdfdi
__fixsfdi
__fixtfdi
__fixtfsi
__fixunsdfdi
__fixunsdfsi
__fixunssfdi
__fixunssfsi
__fixunstfdi
__fixunstfsi
__fixunsxfdi
__fixunsxfsi
__fixxfdi
__floatdidf
__floatdisf
__floatditf
__floatdixf
__floatsitf
__floatundidf
__floatundisf
__floatunditf
__floatundixf
__floatunsitf
__gcc_personality_v0
__getf2
__gttf2
__letf2
__lshrdi3
__lttf2
__moddi3
__muldc3
__muldi3
__mulsc3
__multc3
__multf3
__mulvdi3
__mulvsi3
__mulxc3
__negdi2
__negtf2
__negvdi2
__negvsi2
__netf2
__paritydi2
__paritysi2
__popcountdi2
__popcountsi2
__powidf2
__powisf2
__powitf2
__powixf2
__register_frame
__register_frame_info
__register_frame_info_bases
__register_frame_info_table
__register_frame_info_table_bases
__register_frame_table
__subtf3
__subvdi3
__subvsi3
__trunctfdf2
__trunctfsf2
__trunctfxf2
__ucmpdi2
__udivdi3
__udivmoddi4
__umoddi3
__unordtf2

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 216B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/libstdc++-6.dll
.dll windows:4 windows x86 arch:x86

c792d1e47dc4883fe66d5a799c8aef2b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:4f:f4:a8:11:1d:98:70:08:08:8f:54:4e:bd:51:16:c8:88:95:1b:29:de:44:51:ef:84:f3:85:87:6f:1b:27
Signer

Actual PE Digest

93:4f:f4:a8:11:1d:98:70:08:08:8f:54:4e:bd:51:16:c8:88:95:1b:29:de:44:51:ef:84:f3:85:87:6f:1b:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgcc_s_dw2-1

_Unwind_DeleteException
_Unwind_GetDataRelBase
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__ctzdi2
__deregister_frame_info
__divdi3
__popcountsi2
__register_frame_info
__udivdi3
__umoddi3

kernel32

CloseHandle
CreateFileW
CreateHardLinkW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
FreeLibrary
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetFileType
GetFullPathNameW
GetLastError
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTempPathW
GetTimeZoneInformation
GetVolumeInformationW
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MoveFileExW
MultiByteToWideChar
RemoveDirectoryW
SetEndOfFile
SetFilePointer
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_aligned_free
_aligned_malloc
_amsg_exit
_assert
_errno
_close
_filelengthi64
_fileno
_findclose
_fstat64
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_telli64
_unlock
_wchdir
_wchmod
_wfopen
_wfullpath
_wgetcwd
_wmkdir
_wopen
abort
atoi
calloc
fclose
fflush
fgetpos
fopen
fputc
fputs
fread
free
fsetpos
fwrite
getc
getenv
getwc
isspace
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
realloc
setlocale
setvbuf
sprintf
strchr
strcmp
strcoll
strerror
strftime
strlen
strncmp
strtoul
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
_strnicmp
wcscat
wcscmp
wcscoll
wcscpy
wcsftime
wcslen
wcsxfrm
_wutime
_wstat64
_wfindnext
_wfindfirst
_write
_read
_fileno
_fdopen
_close

libwinpthread-1

clock_gettime
nanosleep
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_signal
pthread_cond_wait
pthread_create
pthread_detach
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_num_processors_np
pthread_once
pthread_rwlock_rdlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_setspecific

Exports

Exports

_ZGTtNKSt11logic_error4whatEv
_ZGTtNKSt13bad_exception4whatEv
_ZGTtNKSt13bad_exceptionD1Ev
_ZGTtNKSt13runtime_error4whatEv
_ZGTtNKSt9exception4whatEv
_ZGTtNKSt9exceptionD1Ev
_ZGTtNSt11logic_errorC1EPKc
_ZGTtNSt11logic_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt11logic_errorC2EPKc
_ZGTtNSt11logic_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt11logic_errorD0Ev
_ZGTtNSt11logic_errorD1Ev
_ZGTtNSt11logic_errorD2Ev
_ZGTtNSt11range_errorC1EPKc
_ZGTtNSt11range_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt11range_errorC2EPKc
_ZGTtNSt11range_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt11range_errorD0Ev
_ZGTtNSt11range_errorD1Ev
_ZGTtNSt11range_errorD2Ev
_ZGTtNSt12domain_errorC1EPKc
_ZGTtNSt12domain_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12domain_errorC2EPKc
_ZGTtNSt12domain_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12domain_errorD0Ev
_ZGTtNSt12domain_errorD1Ev
_ZGTtNSt12domain_errorD2Ev
_ZGTtNSt12length_errorC1EPKc
_ZGTtNSt12length_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12length_errorC2EPKc
_ZGTtNSt12length_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12length_errorD0Ev
_ZGTtNSt12length_errorD1Ev
_ZGTtNSt12length_errorD2Ev
_ZGTtNSt12out_of_rangeC1EPKc
_ZGTtNSt12out_of_rangeC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12out_of_rangeC2EPKc
_ZGTtNSt12out_of_rangeC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt12out_of_rangeD0Ev
_ZGTtNSt12out_of_rangeD1Ev
_ZGTtNSt12out_of_rangeD2Ev
_ZGTtNSt13runtime_errorC1EPKc
_ZGTtNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt13runtime_errorC2EPKc
_ZGTtNSt13runtime_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt13runtime_errorD0Ev
_ZGTtNSt13runtime_errorD1Ev
_ZGTtNSt13runtime_errorD2Ev
_ZGTtNSt14overflow_errorC1EPKc
_ZGTtNSt14overflow_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt14overflow_errorC2EPKc
_ZGTtNSt14overflow_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt14overflow_errorD0Ev
_ZGTtNSt14overflow_errorD1Ev
_ZGTtNSt14overflow_errorD2Ev
_ZGTtNSt15underflow_errorC1EPKc
_ZGTtNSt15underflow_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt15underflow_errorC2EPKc
_ZGTtNSt15underflow_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt15underflow_errorD0Ev
_ZGTtNSt15underflow_errorD1Ev
_ZGTtNSt15underflow_errorD2Ev
_ZGTtNSt16invalid_argumentC1EPKc
_ZGTtNSt16invalid_argumentC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt16invalid_argumentC2EPKc
_ZGTtNSt16invalid_argumentC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZGTtNSt16invalid_argumentD0Ev
_ZGTtNSt16invalid_argumentD1Ev
_ZGTtNSt16invalid_argumentD2Ev
_ZGVNSt10moneypunctIcLb0EE2idE
_ZGVNSt10moneypunctIcLb1EE2idE
_ZGVNSt10moneypunctIwLb0EE2idE
_ZGVNSt10moneypunctIwLb1EE2idE
_ZGVNSt11__timepunctIcE2idE
_ZGVNSt11__timepunctIwE2idE
_ZGVNSt7__cxx1110moneypunctIcLb0EE2idE
_ZGVNSt7__cxx1110moneypunctIcLb1EE2idE
_ZGVNSt7__cxx1110moneypunctIwLb0EE2idE
_ZGVNSt7__cxx1110moneypunctIwLb1EE2idE
_ZGVNSt7__cxx117collateIcE2idE
_ZGVNSt7__cxx117collateIwE2idE
_ZGVNSt7__cxx118messagesIcE2idE
_ZGVNSt7__cxx118messagesIwE2idE
_ZGVNSt7__cxx118numpunctIcE2idE
_ZGVNSt7__cxx118numpunctIwE2idE
_ZGVNSt7__cxx118time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7__cxx118time_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt7__cxx119money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7__cxx119money_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt7__cxx119money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7__cxx119money_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt7collateIcE2idE
_ZGVNSt7collateIwE2idE
_ZGVNSt7num_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7num_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt7num_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt7num_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt8messagesIcE2idE
_ZGVNSt8messagesIwE2idE
_ZGVNSt8numpunctIcE2idE
_ZGVNSt8numpunctIwE2idE
_ZGVNSt8time_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt8time_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt8time_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt8time_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt9money_getIcSt19istreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt9money_getIwSt19istreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZGVNSt9money_putIcSt19ostreambuf_iteratorIcSt11char_traitsIcEEE2idE
_ZGVNSt9money_putIwSt19ostreambuf_iteratorIwSt11char_traitsIwEEE2idE
_ZN10__cxxabiv116__enum_type_infoD0Ev
_ZN10__cxxabiv116__enum_type_infoD1Ev
_ZN10__cxxabiv116__enum_type_infoD2Ev
_ZN10__cxxabiv117__array_type_infoD0Ev
_ZN10__cxxabiv117__array_type_infoD1Ev
_ZN10__cxxabiv117__array_type_infoD2Ev
_ZN10__cxxabiv117__class_type_infoD0Ev
_ZN10__cxxabiv117__class_type_infoD1Ev
_ZN10__cxxabiv117__class_type_infoD2Ev
_ZN10__cxxabiv117__pbase_type_infoD0Ev
_ZN10__cxxabiv117__pbase_type_infoD1Ev
_ZN10__cxxabiv117__pbase_type_infoD2Ev
_ZN10__cxxabiv119__pointer_type_infoD0Ev
_ZN10__cxxabiv119__pointer_type_infoD1Ev
_ZN10__cxxabiv119__pointer_type_infoD2Ev
_ZN10__cxxabiv120__function_type_infoD0Ev
_ZN10__cxxabiv120__function_type_infoD1Ev
_ZN10__cxxabiv120__function_type_infoD2Ev
_ZN10__cxxabiv120__si_class_type_infoD0Ev
_ZN10__cxxabiv120__si_class_type_infoD1Ev
_ZN10__cxxabiv120__si_class_type_infoD2Ev
_ZN10__cxxabiv121__vmi_class_type_infoD0Ev
_ZN10__cxxabiv121__vmi_class_type_infoD1Ev
_ZN10__cxxabiv121__vmi_class_type_infoD2Ev
_ZN10__cxxabiv123__fundamental_type_infoD0Ev
_ZN10__cxxabiv123__fundamental_type_infoD1Ev
_ZN10__cxxabiv123__fundamental_type_infoD2Ev
_ZN10__cxxabiv129__pointer_to_member_type_infoD0Ev
_ZN10__cxxabiv129__pointer_to_member_type_infoD1Ev
_ZN10__cxxabiv129__pointer_to_member_type_infoD2Ev
_ZN11__gnu_debug19_Safe_iterator_base12_M_get_mutexEv
_ZN11__gnu_debug19_Safe_iterator_base16_M_attach_singleEPNS_19_Safe_sequence_baseEb
_ZN11__gnu_debug19_Safe_iterator_base16_M_detach_singleEv
_ZN11__gnu_debug19_Safe_iterator_base9_M_attachEPNS_19_Safe_sequence_baseEb
_ZN11__gnu_debug19_Safe_iterator_base9_M_detachEv
_ZN11__gnu_debug19_Safe_sequence_base12_M_get_mutexEv
_ZN11__gnu_debug19_Safe_sequence_base13_M_detach_allEv
_ZN11__gnu_debug19_Safe_sequence_base18_M_detach_singularEv
_ZN11__gnu_debug19_Safe_sequence_base22_M_revalidate_singularEv
_ZN11__gnu_debug19_Safe_sequence_base7_M_swapERS0_
_ZN11__gnu_debug25_Safe_local_iterator_base16_M_attach_singleEPNS_19_Safe_sequence_baseEb
_ZN11__gnu_debug25_Safe_local_iterator_base9_M_attachEPNS_19_Safe_sequence_baseEb
_ZN11__gnu_debug25_Safe_local_iterator_base9_M_detachEv
_ZN11__gnu_debug30_Safe_unordered_container_base13_M_detach_allEv
_ZN11__gnu_debug30_Safe_unordered_container_base7_M_swapERS0_
_ZN14__gnu_parallel9_Settings3getEv
_ZN14__gnu_parallel9_Settings3setERS0_
_ZN9__gnu_cxx12__atomic_addEPVii
_ZN9__gnu_cxx17__pool_alloc_base12_M_get_mutexEv
_ZN9__gnu_cxx17__pool_alloc_base16_M_get_free_listEj
_ZN9__gnu_cxx17__pool_alloc_base9_M_refillEj
_ZN9__gnu_cxx18__exchange_and_addEPVii
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE4fileEv
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE4syncEv
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE5uflowEv
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE6xsgetnEPci
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE6xsputnEPKci
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE7seekoffExSt12_Ios_SeekdirSt13_Ios_Openmode
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE7seekposESt4fposIiESt13_Ios_Openmode
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE8overflowEi
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE9pbackfailEi
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEE9underflowEv
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEC1EOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEC1EP6_iobuf
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEC2EOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEC2EP6_iobuf
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEED0Ev
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEED1Ev
_ZN9__gnu_cxx18stdio_sync_filebufIcSt11char_traitsIcEEaSEOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE4fileEv
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE4syncEv
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE5uflowEv
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE6xsgetnEPwi
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE6xsputnEPKwi
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE7seekoffExSt12_Ios_SeekdirSt13_Ios_Openmode
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE7seekposESt4fposIiESt13_Ios_Openmode
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE8overflowEt
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE9pbackfailEt
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEE9underflowEv
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEC1EOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEC1EP6_iobuf
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEC2EOS3_
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEC2EP6_iobuf
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEED0Ev
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEED1Ev
_ZN9__gnu_cxx18stdio_sync_filebufIwSt11char_traitsIwEEaSEOS3_
_ZN9__gnu_cxx27__verbose_terminate_handlerEv
_ZN9__gnu_cxx6__poolILb0EE10_M_destroyEv
_ZN9__gnu_cxx6__poolILb0EE13_M_initializeEv
_ZN9__gnu_cxx6__poolILb0EE16_M_reclaim_blockEPcj
_ZN9__gnu_cxx6__poolILb0EE16_M_reserve_blockEjj
_ZN9__gnu_cxx6__poolILb1EE10_M_destroyEv
_ZN9__gnu_cxx6__poolILb1EE13_M_initializeEPFvPvE
_ZN9__gnu_cxx6__poolILb1EE13_M_initializeEv
_ZN9__gnu_cxx6__poolILb1EE16_M_get_thread_idEv
_ZN9__gnu_cxx6__poolILb1EE16_M_reclaim_blockEPcj
_ZN9__gnu_cxx6__poolILb1EE16_M_reserve_blockEjj
_ZN9__gnu_cxx6__poolILb1EE21_M_destroy_thread_keyEPv
_ZN9__gnu_cxx9__freeresEv
_ZN9__gnu_cxx9free_list6_M_getEj
_ZN9__gnu_cxx9free_list8_M_clearEv
_ZNK10__cxxabiv117__class_type_info10__do_catchEPKSt9type_infoPPvj
_ZNK10__cxxabiv117__class_type_info11__do_upcastEPKS0_PKvRNS0_15__upcast_resultE
_ZNK10__cxxabiv117__class_type_info11__do_upcastEPKS0_PPv
_ZNK10__cxxabiv117__class_type_info12__do_dyncastEiNS0_10__sub_kindEPKS0_PKvS3_S5_RNS0_16__dyncast_resultE
_ZNK10__cxxabiv117__class_type_info20__do_find_public_srcEiPKvPKS0_S2_
_ZNK10__cxxabiv117__pbase_type_info10__do_catchEPKSt9type_infoPPvj
_ZNK10__cxxabiv117__pbase_type_info15__pointer_catchEPKS0_PPvj
_ZNK10__cxxabiv119__pointer_type_info14__is_pointer_pEv
_ZNK10__cxxabiv119__pointer_type_info15__pointer_catchEPKNS_17__pbase_type_infoEPPvj
_ZNK10__cxxabiv120__function_type_info15__is_function_pEv
_ZNK10__cxxabiv120__si_class_type_info11__do_upcastEPKNS_17__class_type_infoEPKvRNS1_15__upcast_resultE
_ZNK10__cxxabiv120__si_class_type_info12__do_dyncastEiNS_17__class_type_info10__sub_kindEPKS1_PKvS4_S6_RNS1_16__dyncast_resultE
_ZNK10__cxxabiv120__si_class_type_info20__do_find_public_srcEiPKvPKNS_17__class_type_infoES2_
_ZNK10__cxxabiv121__vmi_class_type_info11__do_upcastEPKNS_17__class_type_infoEPKvRNS1_15__upcast_resultE
_ZNK10__cxxabiv121__vmi_class_type_info12__do_dyncastEiNS_17__class_type_info10__sub_kindEPKS1_PKvS4_S6_RNS1_16__dyncast_resultE
_ZNK10__cxxabiv121__vmi_class_type_info20__do_find_public_srcEiPKvPKNS_17__class_type_infoES2_
_ZNK10__cxxabiv129__pointer_to_member_type_info15__pointer_catchEPKNS_17__pbase_type_infoEPPvj
_ZNK11__gnu_debug16_Error_formatter10_M_messageENS_13_Debug_msg_idE
_ZNK11__gnu_debug16_Error_formatter10_Parameter14_M_print_fieldEPKS0_PKc
_ZNK11__gnu_debug16_Error_formatter10_Parameter20_M_print_descriptionEPKS0_
_ZNK11__gnu_debug16_Error_formatter13_M_print_wordEPKc
_ZNK11__gnu_debug16_Error_formatter15_M_print_stringEPKc
_ZNK11__gnu_debug16_Error_formatter17_M_get_max_lengthEv
_ZNK11__gnu_debug16_Error_formatter8_M_errorEv
_ZNK11__gnu_debug19_Safe_iterator_base11_M_singularEv
_ZNK11__gnu_debug19_Safe_iterator_base14_M_can_compareERKS0_
_ZNKSbIwSt11char_traitsIwESaIwEE11_M_disjunctEPKw
_ZNKSbIwSt11char_traitsIwESaIwEE12find_last_ofEPKwj
_ZNKSbIwSt11char_traitsIwESaIwEE12find_last_ofEPKwjj
_ZNKSbIwSt11char_traitsIwESaIwEE12find_last_ofERKS2_j
_ZNKSbIwSt11char_traitsIwESaIwEE12find_last_ofEwj
_ZNKSbIwSt11char_traitsIwESaIwEE13find_first_ofEPKwj
_ZNKSbIwSt11char_traitsIwESaIwEE13find_first_ofEPKwjj
_ZNKSbIwSt11char_traitsIwESaIwEE13find_first_ofERKS2_j
_ZNKSbIwSt11char_traitsIwESaIwEE13find_first_ofEwj
_ZNKSbIwSt11char_traitsIwESaIwEE13get_allocatorEv
_ZNKSbIwSt11char_traitsIwESaIwEE15_M_check_lengthEjjPKc
_ZNKSbIwSt11char_traitsIwESaIwEE16find_last_not_ofEPKwj
_ZNKSbIwSt11char_traitsIwESaIwEE16find_last_not_ofEPKwjj
_ZNKSbIwSt11char_traitsIwESaIwEE16find_last_not_ofERKS2_j
_ZNKSbIwSt11char_traitsIwESaIwEE16find_last_not_ofEwj
_ZNKSbIwSt11char_traitsIwESaIwEE17find_first_not_ofEPKwj
_ZNKSbIwSt11char_traitsIwESaIwEE17find_first_not_ofEPKwjj
_ZNKSbIwSt11char_traitsIwESaIwEE17find_first_not_ofERKS2_j
_ZNKSbIwSt11char_traitsIwESaIwEE17find_first_not_ofEwj
_ZNKSbIwSt11char_traitsIwESaIwEE2atEj
_ZNKSbIwSt11char_traitsIwESaIwEE3endEv
_ZNKSbIwSt11char_traitsIwESaIwEE4_Rep12_M_is_leakedEv
_ZNKSbIwSt11char_traitsIwESaIwEE4_Rep12_M_is_sharedEv
_ZNKSbIwSt11char_traitsIwESaIwEE4backEv
_ZNKSbIwSt11char_traitsIwESaIwEE4cendEv
_ZNKSbIwSt11char_traitsIwESaIwEE4copyEPwjj
_ZNKSbIwSt11char_traitsIwESaIwEE4dataEv
_ZNKSbIwSt11char_traitsIwESaIwEE4findEPKwj
_ZNKSbIwSt11char_traitsIwESaIwEE4findEPKwjj
_ZNKSbIwSt11char_traitsIwESaIwEE4findERKS2_j
_ZNKSbIwSt11char_traitsIwESaIwEE4findEwj
_ZNKSbIwSt11char_traitsIwESaIwEE4rendEv
_ZNKSbIwSt11char_traitsIwESaIwEE4sizeEv
_ZNKSbIwSt11char_traitsIwESaIwEE5beginEv
_ZNKSbIwSt11char_traitsIwESaIwEE5c_strEv
_ZNKSbIwSt11char_traitsIwESaIwEE5crendEv
_ZNKSbIwSt11char_traitsIwESaIwEE5emptyEv
_ZNKSbIwSt11char_traitsIwESaIwEE5frontEv
_ZNKSbIwSt11char_traitsIwESaIwEE5rfindEPKwj
_ZNKSbIwSt11char_traitsIwESaIwEE5rfindEPKwjj
_ZNKSbIwSt11char_traitsIwESaIwEE5rfindERKS2_j
_ZNKSbIwSt11char_traitsIwESaIwEE5rfindEwj
_ZNKSbIwSt11char_traitsIwESaIwEE6_M_repEv
_ZNKSbIwSt11char_traitsIwESaIwEE6cbeginEv
_ZNKSbIwSt11char_traitsIwESaIwEE6lengthEv
_ZNKSbIwSt11char_traitsIwESaIwEE6rbeginEv
_ZNKSbIwSt11char_traitsIwESaIwEE6substrEjj
_ZNKSbIwSt11char_traitsIwESaIwEE7_M_dataEv
_ZNKSbIwSt11char_traitsIwESaIwEE7_M_iendEv
_ZNKSbIwSt11char_traitsIwESaIwEE7compareEPKw
_ZNKSbIwSt11char_traitsIwESaIwEE7compareERKS2_
_ZNKSbIwSt11char_traitsIwESaIwEE7compareEjjPKw
_ZNKSbIwSt11char_traitsIwESaIwEE7compareEjjPKwj
_ZNKSbIwSt11char_traitsIwESaIwEE7compareEjjRKS2_
_ZNKSbIwSt11char_traitsIwESaIwEE7compareEjjRKS2_jj
_ZNKSbIwSt11char_traitsIwESaIwEE7crbeginEv
_ZNKSbIwSt11char_traitsIwESaIwEE8_M_checkEjPKc
_ZNKSbIwSt11char_traitsIwESaIwEE8_M_limitEjj
_ZNKSbIwSt11char_traitsIwESaIwEE8capacityEv
_ZNKSbIwSt11char_traitsIwESaIwEE8max_sizeEv
_ZNKSbIwSt11char_traitsIwESaIwEE9_M_ibeginEv
_ZNKSbIwSt11char_traitsIwESaIwEEcvSt17basic_string_viewIwS0_EEv
_ZNKSbIwSt11char_traitsIwESaIwEEixEj
_ZNKSi6gcountEv
_ZNKSi6sentrycvbEv
_ZNKSo6sentrycvbEv
_ZNKSs11_M_disjunctEPKc
_ZNKSs12find_last_ofEPKcj
_ZNKSs12find_last_ofEPKcjj
_ZNKSs12find_last_ofERKSsj
_ZNKSs12find_last_ofEcj
_ZNKSs13find_first_ofEPKcj
_ZNKSs13find_first_ofEPKcjj
_ZNKSs13find_first_ofERKSsj
_ZNKSs13find_first_ofEcj
_ZNKSs13get_allocatorEv
_ZNKSs15_M_check_lengthEjjPKc
_ZNKSs16find_last_not_ofEPKcj
_ZNKSs16find_last_not_ofEPKcjj
_ZNKSs16find_last_not_ofERKSsj
_ZNKSs16find_last_not_ofEcj
_ZNKSs17find_first_not_ofEPKcj
_ZNKSs17find_first_not_ofEPKcjj
_ZNKSs17find_first_not_ofERKSsj
_ZNKSs17find_first_not_ofEcj
_ZNKSs2atEj
_ZNKSs3endEv
_ZNKSs4_Rep12_M_is_leakedEv
_ZNKSs4_Rep12_M_is_sharedEv
_ZNKSs4backEv
_ZNKSs4cendEv
_ZNKSs4copyEPcjj
_ZNKSs4dataEv
_ZNKSs4findEPKcj
_ZNKSs4findEPKcjj
_ZNKSs4findERKSsj
_ZNKSs4findEcj
_ZNKSs4rendEv
_ZNKSs4sizeEv
_ZNKSs5beginEv
_ZNKSs5c_strEv
_ZNKSs5crendEv
_ZNKSs5emptyEv
_ZNKSs5frontEv
_ZNKSs5rfindEPKcj
_ZNKSs5rfindEPKcjj
_ZNKSs5rfindERKSsj
_ZNKSs5rfindEcj
_ZNKSs6_M_repEv
_ZNKSs6cbeginEv
_ZNKSs6lengthEv
_ZNKSs6rbeginEv
_ZNKSs6substrEjj
_ZNKSs7_M_dataEv
_ZNKSs7_M_iendEv
_ZNKSs7compareEPKc
_ZNKSs7compareERKSs
_ZNKSs7compareEjjPKc
_ZNKSs7compareEjjPKcj
_ZNKSs7compareEjjRKSs
_ZNKSs7compareEjjRKSsjj
_ZNKSs7crbeginEv
_ZNKSs8_M_checkEjPKc
_ZNKSs8_M_limitEjj
_ZNKSs8capacityEv
_ZNKSs8max_sizeEv
_ZNKSs9_M_ibeginEv
_ZNKSscvSt17basic_string_viewIcSt11char_traitsIcEEEv
_ZNKSsixEj
_ZNKSt10bad_typeid4whatEv
_ZNKSt10error_code23default_error_conditionEv
_ZNKSt10filesystem16filesystem_error4whatEv
_ZNKSt10filesystem16filesystem_error5path1Ev
_ZNKSt10filesystem16filesystem_error5path2Ev
_ZNKSt10filesystem18directory_iteratordeEv
_ZNKSt10filesystem28recursive_directory_iterator17recursion_pendingEv
_ZNKSt10filesystem28recursive_directory_iterator5depthEv
_ZNKSt10filesystem28recursive_directory_iterator7optionsEv
_ZNKSt10filesystem28recursive_directory_iteratordeEv
_ZNKSt10filesystem4path11parent_pathEv
_ZNKSt10filesystem4path12has_filenameEv
_ZNKSt10filesystem4path13has_root_nameEv
_ZNKSt10filesystem4path13has_root_pathEv
_ZNKSt10filesystem4path13relative_pathEv
_ZNKSt10filesystem4path14root_directoryEv
_ZNKSt10filesystem4path15has_parent_pathEv
_ZNKSt10filesystem4path16lexically_normalEv
_ZNKSt10filesystem4path17_M_find_extensionEv
_ZNKSt10filesystem4path17has_relative_pathEv
_ZNKSt10filesystem4path18has_root_directoryEv
_ZNKSt10filesystem4path18lexically_relativeERKS0_
_ZNKSt10filesystem4path19lexically_proximateERKS0_
_ZNKSt10filesystem4path5_List13_Impl_deleterclEPNS1_5_ImplE
_ZNKSt10filesystem4path5_List3endEv
_ZNKSt10filesystem4path5_List5beginEv
_ZNKSt10filesystem4path7compareERKS0_
_ZNKSt10filesystem4path7compareESt17basic_string_viewIwSt11char_traitsIwEE
_ZNKSt10filesystem4path9root_nameEv
_ZNKSt10filesystem4path9root_pathEv
_ZNKSt10filesystem7__cxx1116filesystem_error4whatEv
_ZNKSt10filesystem7__cxx1116filesystem_error5path1Ev
_ZNKSt10filesystem7__cxx1116filesystem_error5path2Ev
_ZNKSt10filesystem7__cxx1118directory_iteratordeEv
_ZNKSt10filesystem7__cxx1128recursive_directory_iterator17recursion_pendingEv
_ZNKSt10filesystem7__cxx1128recursive_directory_iterator5depthEv
_ZNKSt10filesystem7__cxx1128recursive_directory_iterator7optionsEv
_ZNKSt10filesystem7__cxx1128recursive_directory_iteratordeEv
_ZNKSt10filesystem7__cxx114path11parent_pathEv
_ZNKSt10filesystem7__cxx114path12has_filenameEv
_ZNKSt10filesystem7__cxx114path13has_root_nameEv
_ZNKSt10filesystem7__cxx114path13has_root_pathEv
_ZNKSt10filesystem7__cxx114path13relative_pathEv
_ZNKSt10filesystem7__cxx114path14root_directoryEv
_ZNKSt10filesystem7__cxx114path15has_parent_pathEv
_ZNKSt10filesystem7__cxx114path16lexically_normalEv
_ZNKSt10filesystem7__cxx114path17_M_find_extensionEv
_ZNKSt10filesystem7__cxx114path17has_relative_pathEv
_ZNKSt10filesystem7__cxx114path18has_root_directoryEv
_ZNKSt10filesystem7__cxx114path18lexically_relativeERKS1_
_ZNKSt10filesystem7__cxx114path19lexically_proximateERKS1_
_ZNKSt10filesystem7__cxx114path5_List13_Impl_deleterclEPNS2_5_ImplE
_ZNKSt10filesystem7__cxx114path5_List3endEv
_ZNKSt10filesystem7__cxx114path5_List5beginEv
_ZNKSt10filesystem7__cxx114path7compareERKS1_
_ZNKSt10filesystem7__cxx114path7compareESt17basic_string_viewIwSt11char_traitsIwEE
_ZNKSt10filesystem7__cxx114path9root_nameEv
_ZNKSt10filesystem7__cxx114path9root_pathEv
_ZNKSt10istrstream5rdbufEv
_ZNKSt10lock_error4whatEv
_ZNKSt10moneypunctIcLb0EE10neg_formatEv
_ZNKSt10moneypunctIcLb0EE10pos_formatEv
_ZNKSt10moneypunctIcLb0EE11curr_symbolEv
_ZNKSt10moneypunctIcLb0EE11do_groupingEv
_ZNKSt10moneypunctIcLb0EE11frac_digitsEv
_ZNKSt10moneypunctIcLb0EE13decimal_pointEv
_ZNKSt10moneypunctIcLb0EE13do_neg_formatEv
_ZNKSt10moneypunctIcLb0EE13do_pos_formatEv
_ZNKSt10moneypunctIcLb0EE13negative_signEv
_ZNKSt10moneypunctIcLb0EE13positive_signEv
_ZNKSt10moneypunctIcLb0EE13thousands_sepEv
_ZNKSt10moneypunctIcLb0EE14do_curr_symbolEv
_ZNKSt10moneypunctIcLb0EE14do_frac_digitsEv
_ZNKSt10moneypunctIcLb0EE16do_decimal_pointEv
_ZNKSt10moneypunctIcLb0EE16do_negative_signEv
_ZNKSt10moneypunctIcLb0EE16do_positive_signEv
_ZNKSt10moneypunctIcLb0EE16do_thousands_sepEv
_ZNKSt10moneypunctIcLb0EE8groupingEv
_ZNKSt10moneypunctIcLb1EE10neg_formatEv
_ZNKSt10moneypunctIcLb1EE10pos_formatEv
_ZNKSt10moneypunctIcLb1EE11curr_symbolEv
_ZNKSt10moneypunctIcLb1EE11do_groupingEv
_ZNKSt10moneypunctIcLb1EE11frac_digitsEv
_ZNKSt10moneypunctIcLb1EE13decimal_pointEv
_ZNKSt10moneypunctIcLb1EE13do_neg_formatEv
_ZNKSt10moneypunctIcLb1EE13do_pos_formatEv
_ZNKSt10moneypunctIcLb1EE13negative_signEv
_ZNKSt10moneypunctIcLb1EE13positive_signEv
_ZNKSt10moneypunctIcLb1EE13thousands_sepEv
_ZNKSt10moneypunctIcLb1EE14do_curr_symbolEv
_ZNKSt10moneypunctIcLb1EE14do_frac_digitsEv
_ZNKSt10moneypunctIcLb1EE16do_decimal_pointEv
_ZNKSt10moneypunctIcLb1EE16do_negative_signEv
_ZNKSt10moneypunctIcLb1EE16do_positive_signEv
_ZNKSt10moneypunctIcLb1EE16do_thousands_sepEv
_ZNKSt10moneypunctIcLb1EE8groupingEv
_ZNKSt10moneypunctIwLb0EE10neg_formatEv
_ZNKSt10moneypunctIwLb0EE10pos_formatEv
_ZNKSt10moneypunctIwLb0EE11curr_symbolEv
_ZNKSt10moneypunctIwLb0EE11do_groupingEv
_ZNKSt10moneypunctIwLb0EE11frac_digitsEv
_ZNKSt10moneypunctIwLb0EE13decimal_pointEv
_ZNKSt10moneypunctIwLb0EE13do_neg_formatEv
_ZNKSt10moneypunctIwLb0EE13do_pos_formatEv
_ZNKSt10moneypunctIwLb0EE13negative_signEv
_ZNKSt10moneypunctIwLb0EE13positive_signEv
_ZNKSt10moneypunctIwLb0EE13thousands_sepEv
_ZNKSt10moneypunctIwLb0EE14do_curr_symbolEv
_ZNKSt10moneypunctIwLb0EE14do_frac_digitsEv
_ZNKSt10moneypunctIwLb0EE16do_decimal_pointEv
_ZNKSt10moneypunctIwLb0EE16do_negative_signEv
_ZNKSt10moneypunctIwLb0EE16do_positive_signEv
_ZNKSt10moneypunctIwLb0EE16do_thousands_sepEv
_ZNKSt10moneypunctIwLb0EE8groupingEv
_ZNKSt10moneypunctIwLb1EE10neg_formatEv
_ZNKSt10moneypunctIwLb1EE10pos_formatEv
_ZNKSt10moneypunctIwLb1EE11curr_symbolEv
_ZNKSt10moneypunctIwLb1EE11do_groupingEv
_ZNKSt10moneypunctIwLb1EE11frac_digitsEv
_ZNKSt10moneypunctIwLb1EE13decimal_pointEv
_ZNKSt10moneypunctIwLb1EE13do_neg_formatEv
_ZNKSt10moneypunctIwLb1EE13do_pos_formatEv
_ZNKSt10moneypunctIwLb1EE13negative_signEv
_ZNKSt10moneypunctIwLb1EE13positive_signEv
_ZNKSt10moneypunctIwLb1EE13thousands_sepEv
_ZNKSt10moneypunctIwLb1EE14do_curr_symbolEv
_ZNKSt10moneypunctIwLb1EE14do_frac_digitsEv
_ZNKSt10moneypunctIwLb1EE16do_decimal_pointEv
_ZNKSt10moneypunctIwLb1EE16do_negative_signEv
_ZNKSt10moneypunctIwLb1EE16do_positive_signEv
_ZNKSt10moneypunctIwLb1EE16do_thousands_sepEv
_ZNKSt10moneypunctIwLb1EE8groupingEv
_ZNKSt10ostrstream5rdbufEv
_ZNKSt10ostrstream6pcountEv
_ZNKSt11__timepunctIcE15_M_am_pm_formatEPKc

Sections

.text
Size: 1017KB - Virtual size: 1016KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 335KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/libwazuhext.dll
.dll windows:4 windows x86 arch:x86

88826c7f658af2a6815c263c2b4a6f8b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:57:50:45:78:15:0d:ed:73:11:58:e5:e5:32:d0:39:f8:fe:a9:5f:87:13:13:41:41:44:c5:48:d7:8f:3d:06
Signer

Actual PE Digest

26:57:50:45:78:15:0d:ed:73:11:58:e5:e5:32:d0:39:f8:fe:a9:5f:87:13:13:41:41:44:c5:48:d7:8f:3d:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptEnumProvidersW
CryptExportKey
CryptGenRandom
CryptGetHashParam
CryptGetProvParam
CryptGetUserKey
CryptHashData
CryptImportKey
CryptReleaseContext
CryptSetHashParam
CryptSignHashW
DeregisterEventSource
RegisterEventSourceA
RegisterEventSourceW
ReportEventA
ReportEventW

crypt32

CertAddCertificateContextToStore
CertCloseStore
CertCreateCertificateChainEngine
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFindExtension
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CertGetNameStringA
CertOpenStore
CryptDecodeObjectEx
CryptQueryObject
CryptStringToBinaryA
PFXImportCertStore

kernel32

AddVectoredExceptionHandler
AreFileApisANSI
CloseHandle
ConvertFiberToThread
ConvertThreadToFiber
CreateEventA
CreateFiber
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexA
CreateMutexW
CreateSemaphoreA
DeleteCriticalSection
DeleteFiber
DeleteFileA
DeleteFileW
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetFileType
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersion
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MoveFileExA
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadConsoleA
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetConsoleMode
SetEndOfFile
SetEvent
SetFilePointer
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
Sleep
SleepEx
SuspendThread
SwitchToFiber
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__mb_cur_max
_access
_amsg_exit
_assert
_beginthreadex
_endthreadex
_errno
_chmod
_close
_exit
_fileno
_fstati64
_initterm
_iob
_lock
_lseek
_lseeki64
_onexit
_open
_read
_setjmp3
_setmode
_sys_errlist
_sys_nerr
_ultoa
_unlock
_vsnprintf
_wfopen
_wopen
_write
abort
atoi
calloc
clearerr
exit
fclose
feof
ferror
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
isalnum
isalpha
iscntrl
isgraph
islower
isprint
ispunct
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
localtime
gmtime
perror
printf
qsort
raise
realloc
setbuf
setlocale
setvbuf
signal
sprintf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tolower
toupper
ungetc
vfprintf
time
_strdup
_stricmp
_strnicmp
wcscmp
wcscpy
wcslen
wcsstr
wcstombs
_vsnwprintf
_stat
_stati64
_fstat
longjmp
_write
_unlink
_strdup
_read
_open
_lseek
_fdopen
_close

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAIoctl
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
freeaddrinfo
getaddrinfo
getnameinfo

wsock32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Exports

Exports

ACCESS_DESCRIPTION_free
ACCESS_DESCRIPTION_it
ACCESS_DESCRIPTION_new
ADMISSIONS_free
ADMISSIONS_get0_admissionAuthority
ADMISSIONS_get0_namingAuthority
ADMISSIONS_get0_professionInfos
ADMISSIONS_it
ADMISSIONS_new
ADMISSIONS_set0_admissionAuthority
ADMISSIONS_set0_namingAuthority
ADMISSIONS_set0_professionInfos
ADMISSION_SYNTAX_free
ADMISSION_SYNTAX_get0_admissionAuthority
ADMISSION_SYNTAX_get0_contentsOfAdmissions
ADMISSION_SYNTAX_it
ADMISSION_SYNTAX_new
ADMISSION_SYNTAX_set0_admissionAuthority
ADMISSION_SYNTAX_set0_contentsOfAdmissions
AES_bi_ige_encrypt
AES_cbc_encrypt
AES_cfb128_encrypt
AES_cfb1_encrypt
AES_cfb8_encrypt
AES_decrypt
AES_ecb_encrypt
AES_encrypt
AES_ige_encrypt
AES_ofb128_encrypt
AES_options
AES_set_decrypt_key
AES_set_encrypt_key
AES_unwrap_key
AES_wrap_key
ASIdOrRange_free
ASIdOrRange_it
ASIdOrRange_new
ASIdentifierChoice_free
ASIdentifierChoice_it
ASIdentifierChoice_new
ASIdentifiers_free
ASIdentifiers_it
ASIdentifiers_new
ASN1_ANY_it
ASN1_BIT_STRING_check
ASN1_BIT_STRING_free
ASN1_BIT_STRING_get_bit
ASN1_BIT_STRING_it
ASN1_BIT_STRING_name_print
ASN1_BIT_STRING_new
ASN1_BIT_STRING_num_asc
ASN1_BIT_STRING_set
ASN1_BIT_STRING_set_asc
ASN1_BIT_STRING_set_bit
ASN1_BMPSTRING_free
ASN1_BMPSTRING_it
ASN1_BMPSTRING_new
ASN1_BOOLEAN_it
ASN1_ENUMERATED_free
ASN1_ENUMERATED_get
ASN1_ENUMERATED_get_int64
ASN1_ENUMERATED_it
ASN1_ENUMERATED_new
ASN1_ENUMERATED_set
ASN1_ENUMERATED_set_int64
ASN1_ENUMERATED_to_BN
ASN1_FBOOLEAN_it
ASN1_GENERALIZEDTIME_adj
ASN1_GENERALIZEDTIME_check
ASN1_GENERALIZEDTIME_free
ASN1_GENERALIZEDTIME_it
ASN1_GENERALIZEDTIME_new
ASN1_GENERALIZEDTIME_print
ASN1_GENERALIZEDTIME_set
ASN1_GENERALIZEDTIME_set_string
ASN1_GENERALSTRING_free
ASN1_GENERALSTRING_it
ASN1_GENERALSTRING_new
ASN1_IA5STRING_free
ASN1_IA5STRING_it
ASN1_IA5STRING_new
ASN1_INTEGER_cmp
ASN1_INTEGER_dup
ASN1_INTEGER_free
ASN1_INTEGER_get
ASN1_INTEGER_get_int64
ASN1_INTEGER_get_uint64
ASN1_INTEGER_it
ASN1_INTEGER_new
ASN1_INTEGER_set
ASN1_INTEGER_set_int64
ASN1_INTEGER_set_uint64
ASN1_INTEGER_to_BN
ASN1_ITEM_get
ASN1_ITEM_lookup
ASN1_NULL_free
ASN1_NULL_it
ASN1_NULL_new
ASN1_OBJECT_create
ASN1_OBJECT_free
ASN1_OBJECT_it
ASN1_OBJECT_new
ASN1_OCTET_STRING_NDEF_it
ASN1_OCTET_STRING_cmp
ASN1_OCTET_STRING_dup
ASN1_OCTET_STRING_free
ASN1_OCTET_STRING_it
ASN1_OCTET_STRING_new
ASN1_OCTET_STRING_set
ASN1_PCTX_free
ASN1_PCTX_get_cert_flags
ASN1_PCTX_get_flags
ASN1_PCTX_get_nm_flags
ASN1_PCTX_get_oid_flags
ASN1_PCTX_get_str_flags
ASN1_PCTX_new
ASN1_PCTX_set_cert_flags
ASN1_PCTX_set_flags
ASN1_PCTX_set_nm_flags
ASN1_PCTX_set_oid_flags
ASN1_PCTX_set_str_flags
ASN1_PRINTABLESTRING_free
ASN1_PRINTABLESTRING_it
ASN1_PRINTABLESTRING_new
ASN1_PRINTABLE_free
ASN1_PRINTABLE_it
ASN1_PRINTABLE_new
ASN1_PRINTABLE_type
ASN1_SCTX_free
ASN1_SCTX_get_app_data
ASN1_SCTX_get_flags
ASN1_SCTX_get_item
ASN1_SCTX_get_template
ASN1_SCTX_new
ASN1_SCTX_set_app_data
ASN1_SEQUENCE_ANY_it
ASN1_SEQUENCE_it
ASN1_SET_ANY_it
ASN1_STRING_TABLE_add
ASN1_STRING_TABLE_cleanup
ASN1_STRING_TABLE_get
ASN1_STRING_clear_free
ASN1_STRING_cmp
ASN1_STRING_copy
ASN1_STRING_data
ASN1_STRING_dup
ASN1_STRING_free
ASN1_STRING_get0_data
ASN1_STRING_get_default_mask
ASN1_STRING_length
ASN1_STRING_length_set
ASN1_STRING_new
ASN1_STRING_print
ASN1_STRING_print_ex
ASN1_STRING_print_ex_fp
ASN1_STRING_set
ASN1_STRING_set0
ASN1_STRING_set_by_NID
ASN1_STRING_set_default_mask
ASN1_STRING_set_default_mask_asc
ASN1_STRING_to_UTF8
ASN1_STRING_type
ASN1_STRING_type_new
ASN1_T61STRING_free
ASN1_T61STRING_it
ASN1_T61STRING_new
ASN1_TBOOLEAN_it
ASN1_TIME_adj
ASN1_TIME_check
ASN1_TIME_cmp_time_t
ASN1_TIME_compare
ASN1_TIME_diff
ASN1_TIME_free
ASN1_TIME_it
ASN1_TIME_new
ASN1_TIME_normalize
ASN1_TIME_print
ASN1_TIME_set
ASN1_TIME_set_string
ASN1_TIME_set_string_X509
ASN1_TIME_to_generalizedtime
ASN1_TIME_to_tm
ASN1_TYPE_cmp
ASN1_TYPE_free
ASN1_TYPE_get
ASN1_TYPE_get_int_octetstring
ASN1_TYPE_get_octetstring
ASN1_TYPE_new
ASN1_TYPE_pack_sequence
ASN1_TYPE_set
ASN1_TYPE_set1
ASN1_TYPE_set_int_octetstring
ASN1_TYPE_set_octetstring
ASN1_TYPE_unpack_sequence
ASN1_UNIVERSALSTRING_free
ASN1_UNIVERSALSTRING_it
ASN1_UNIVERSALSTRING_new
ASN1_UNIVERSALSTRING_to_string
ASN1_UTCTIME_adj
ASN1_UTCTIME_check
ASN1_UTCTIME_cmp_time_t
ASN1_UTCTIME_free
ASN1_UTCTIME_it
ASN1_UTCTIME_new
ASN1_UTCTIME_print
ASN1_UTCTIME_set
ASN1_UTCTIME_set_string
ASN1_UTF8STRING_free
ASN1_UTF8STRING_it
ASN1_UTF8STRING_new
ASN1_VISIBLESTRING_free
ASN1_VISIBLESTRING_it
ASN1_VISIBLESTRING_new
ASN1_add_oid_module
ASN1_add_stable_module
ASN1_bn_print
ASN1_buf_print
ASN1_check_infinite_end
ASN1_const_check_infinite_end
ASN1_d2i_bio
ASN1_d2i_fp
ASN1_digest
ASN1_dup
ASN1_generate_nconf
ASN1_generate_v3
ASN1_get_object
ASN1_i2d_bio
ASN1_i2d_fp
ASN1_item_d2i
ASN1_item_d2i_bio
ASN1_item_d2i_fp
ASN1_item_digest
ASN1_item_dup
ASN1_item_ex_d2i
ASN1_item_ex_free
ASN1_item_ex_i2d
ASN1_item_ex_new
ASN1_item_free
ASN1_item_i2d
ASN1_item_i2d_bio
ASN1_item_i2d_fp
ASN1_item_ndef_i2d
ASN1_item_new
ASN1_item_pack
ASN1_item_print
ASN1_item_sign
ASN1_item_sign_ctx
ASN1_item_unpack
ASN1_item_verify
ASN1_mbstring_copy
ASN1_mbstring_ncopy
ASN1_object_size
ASN1_parse
ASN1_parse_dump
ASN1_put_eoc
ASN1_put_object
ASN1_sign
ASN1_str2mask
ASN1_tag2bit
ASN1_tag2str
ASN1_verify
ASRange_free
ASRange_it
ASRange_new
ASYNC_WAIT_CTX_clear_fd
ASYNC_WAIT_CTX_free
ASYNC_WAIT_CTX_get_all_fds
ASYNC_WAIT_CTX_get_changed_fds
ASYNC_WAIT_CTX_get_fd
ASYNC_WAIT_CTX_new
ASYNC_WAIT_CTX_set_wait_fd
ASYNC_block_pause
ASYNC_cleanup_thread
ASYNC_get_current_job
ASYNC_get_wait_ctx
ASYNC_init_thread
ASYNC_is_capable
ASYNC_pause_job
ASYNC_start_job
ASYNC_unblock_pause
AUTHORITY_INFO_ACCESS_free
AUTHORITY_INFO_ACCESS_it
AUTHORITY_INFO_ACCESS_new
AUTHORITY_KEYID_free
AUTHORITY_KEYID_it
AUTHORITY_KEYID_new
BASIC_CONSTRAINTS_free
BASIC_CONSTRAINTS_it
BASIC_CONSTRAINTS_new
BF_cbc_encrypt
BF_cfb64_encrypt
BF_decrypt
BF_ecb_encrypt
BF_encrypt
BF_ofb64_encrypt
BF_options
BF_set_key
BIGNUM_it
BIO_ADDRINFO_address
BIO_ADDRINFO_family
BIO_ADDRINFO_free
BIO_ADDRINFO_next
BIO_ADDRINFO_protocol
BIO_ADDRINFO_sockaddr
BIO_ADDRINFO_sockaddr_size
BIO_ADDRINFO_socktype
BIO_ADDR_clear
BIO_ADDR_family
BIO_ADDR_free
BIO_ADDR_hostname_string
BIO_ADDR_make
BIO_ADDR_new
BIO_ADDR_path_string
BIO_ADDR_rawaddress
BIO_ADDR_rawmake
BIO_ADDR_rawport
BIO_ADDR_service_string
BIO_ADDR_sockaddr
BIO_ADDR_sockaddr_noconst
BIO_ADDR_sockaddr_size
BIO_CONNECT_free
BIO_CONNECT_new
BIO_accept
BIO_accept_ex
BIO_asn1_get_prefix
BIO_asn1_get_suffix
BIO_asn1_set_prefix
BIO_asn1_set_suffix
BIO_bind
BIO_callback_ctrl
BIO_clear_flags
BIO_closesocket
BIO_connect
BIO_copy_next_retry
BIO_ctrl
BIO_ctrl_get_read_request
BIO_ctrl_get_write_guarantee
BIO_ctrl_pending
BIO_ctrl_reset_read_request
BIO_ctrl_wpending
BIO_debug_callback
BIO_dgram_non_fatal_error
BIO_dump
BIO_dump_cb
BIO_dump_fp
BIO_dump_indent
BIO_dump_indent_cb
BIO_dump_indent_fp
BIO_dup_chain
BIO_f_asn1
BIO_f_base64
BIO_f_buffer
BIO_f_cipher
BIO_f_linebuffer
BIO_f_md
BIO_f_nbio_test
BIO_f_null
BIO_f_reliable
BIO_f_ssl
BIO_fd_non_fatal_error
BIO_fd_should_retry
BIO_find_type
BIO_free
BIO_free_all
BIO_get_accept_socket
BIO_get_callback
BIO_get_callback_arg
BIO_get_callback_ex
BIO_get_data
BIO_get_ex_data
BIO_get_host_ip
BIO_get_init
BIO_get_new_index
BIO_get_port
BIO_get_retry_BIO
BIO_get_retry_reason
BIO_get_shutdown
BIO_gethostbyname
BIO_gets
BIO_hex_string
BIO_indent
BIO_int_ctrl
BIO_listen
BIO_lookup
BIO_lookup_ex
BIO_meth_free
BIO_meth_get_callback_ctrl
BIO_meth_get_create
BIO_meth_get_ctrl
BIO_meth_get_destroy
BIO_meth_get_gets
BIO_meth_get_puts
BIO_meth_get_read
BIO_meth_get_read_ex
BIO_meth_get_write
BIO_meth_get_write_ex
BIO_meth_new
BIO_meth_set_callback_ctrl
BIO_meth_set_create
BIO_meth_set_ctrl
BIO_meth_set_destroy
BIO_meth_set_gets
BIO_meth_set_puts
BIO_meth_set_read
BIO_meth_set_read_ex
BIO_meth_set_write
BIO_meth_set_write_ex
BIO_method_name
BIO_method_type
BIO_new
BIO_new_CMS
BIO_new_NDEF
BIO_new_PKCS7
BIO_new_accept
BIO_new_bio_pair
BIO_new_buffer_ssl_connect
BIO_new_connect
BIO_new_dgram
BIO_new_fd
BIO_new_file
BIO_new_fp
BIO_new_mem_buf
BIO_new_socket
BIO_new_ssl
BIO_new_ssl_connect
BIO_next
BIO_nread
BIO_nread0
BIO_number_read
BIO_number_written
BIO_nwrite
BIO_nwrite0
BIO_parse_hostserv
BIO_pop
BIO_printf
BIO_ptr_ctrl
BIO_push
BIO_puts
BIO_read
BIO_read_ex
BIO_s_accept
BIO_s_bio
BIO_s_connect
BIO_s_datagram
BIO_s_fd
BIO_s_file
BIO_s_log
BIO_s_mem
BIO_s_null
BIO_s_secmem
BIO_s_socket
BIO_set_callback
BIO_set_callback_arg
BIO_set_callback_ex
BIO_set_cipher
BIO_set_data
BIO_set_ex_data
BIO_set_flags
BIO_set_init
BIO_set_next
BIO_set_retry_reason
BIO_set_shutdown
BIO_set_tcp_ndelay
BIO_snprintf
BIO_sock_error
BIO_sock_info
BIO_sock_init
BIO_sock_non_fatal_error
BIO_sock_should_retry
BIO_socket
BIO_socket_ioctl
BIO_socket_nbio
BIO_ssl_copy_session_id
BIO_ssl_shutdown
BIO_test_flags
BIO_up_ref
BIO_vfree
BIO_vprintf
BIO_vsnprintf
BIO_write
BIO_write_ex
BLAKE2b_Final
BLAKE2b_Init
BLAKE2b_Update
BLAKE2s_Final
BLAKE2s_Init
BLAKE2s_Update
BN_BLINDING_convert
BN_BLINDING_convert_ex
BN_BLINDING_create_param
BN_BLINDING_free
BN_BLINDING_get_flags
BN_BLINDING_invert
BN_BLINDING_invert_ex
BN_BLINDING_is_current_thread
BN_BLINDING_lock
BN_BLINDING_new
BN_BLINDING_set_current_thread
BN_BLINDING_set_flags
BN_BLINDING_unlock

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 743KB - Virtual size: 743KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 514KB - Virtual size: 514KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 451KB - Virtual size: 451KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/libwazuhshared.dll
.dll windows:4 windows x86 arch:x86

6389df737effd4bc32b9c1b3080645fd

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

92:ce:08:e3:1e:5d:c5:02:aa:84:05:fb:3e:38:c5:fd:a5:54:ec:49:23:75:d6:1c:54:88:f9:a0:73:48:55:cc
Signer

Actual PE Digest

92:ce:08:e3:1e:5d:c5:02:aa:84:05:fb:3e:38:c5:fd:a5:54:ec:49:23:75:d6:1c:54:88:f9:a0:73:48:55:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AllocateAndInitializeSid
CryptAcquireContextA
CryptGenRandom
FreeSid
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreatePipe
CreateProcessA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileA
ResetEvent
ResumeThread
SetEvent
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrcmpiA

msvcrt

__mb_cur_max
_amsg_exit
_beginthreadex
_endthreadex
_errno
_close
_fdopen
_filelengthi64
_fileno
_findclose
_fullpath
_get_osfhandle
_initterm
_iob
_lock
_open_osfhandle
_setjmp3
_ultoa
_unlock
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fread
free
fseek
fsetpos
ftell
fwrite
getc
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memcpy
memmove
memset
localtime
_mktemp
printf
qsort
realloc
rename
setlocale
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
ungetc
vfprintf
time
_stricmp
_strnicmp
wcslen
wcstombs
_stat
_findnext
_findfirst
longjmp
_unlink
_umask
_strdup
_rmdir
_mkdir
_getpid
_getcwd
_fdopen
_close
_chdir

shlwapi

PathFindFileNameA
PathRemoveFileSpecA

user32

GetSystemMetrics

ws2_32

freeaddrinfo
getaddrinfo

wsock32

WSAGetLastError
WSASetLastError
accept
bind
closesocket
connect
getsockopt
htonl
htons
inet_addr
inet_ntoa
listen
ntohl
recv
select
send
setsockopt
socket

libwazuhext

cJSON_AddItemToArray
cJSON_AddItemToArray@8
cJSON_AddItemToObject
cJSON_AddItemToObject@12
cJSON_AddNumberToObject
cJSON_AddNumberToObject@16
cJSON_AddStringToObject
cJSON_AddStringToObject@12
cJSON_CreateArray
cJSON_CreateArray@0
cJSON_CreateObject
cJSON_CreateObject@0
cJSON_CreateString
cJSON_CreateString@4
cJSON_Delete
cJSON_Delete@4
cJSON_GetObjectItem
cJSON_GetObjectItem@8
cJSON_IsObject
cJSON_IsObject@4
cJSON_ParseWithOpts
cJSON_ParseWithOpts@12
cJSON_Print
cJSON_Print@4
cJSON_PrintUnformatted
cJSON_PrintUnformatted@4
gzclose
gzeof
gzerror
gzopen
gzread
gzwrite
pcre2_code_free_8
pcre2_compile_8
pcre2_get_ovector_pointer_8
pcre2_match_8
pcre2_match_data_create_from_pattern_8
pcre2_match_data_free_8

Exports

Exports

DeleteState
DirSize
FileSize
FileSizeWin
File_DateofChange
File_Inode
IsDir
IsFile
MergeAppendFile
OSMatch_Compile
OSMatch_Execute
OSMatch_FreePattern
OSRegex_Compile
OSRegex_Execute
OSRegex_Execute_ex
OSRegex_FreePattern
OSRegex_free_regex_matching
OS_AcceptTCP
OS_Bindporttcp
OS_Bindportudp
OS_CIDRtoStr
OS_ClearXML
OS_CloseSocket
OS_ConnectTCP
OS_ConnectUDP
OS_ElementExist
OS_ExpandIPv6
OS_GetAttributeContent
OS_GetAttributes
OS_GetContents
OS_GetElementContent
OS_GetElements
OS_GetHost
OS_GetIPv4FromIPv6
OS_GetOneContentforElement
OS_IPFound
OS_IPFoundList
OS_IsAfterTime
OS_IsValidDay
OS_IsValidIP
OS_IsValidTime
OS_IsValidUniqueTime
OS_IsonDay
OS_IsonTime
OS_MoveFile
OS_ReadXML
OS_ReadXMLString
OS_ReadXMLString_Ex
OS_ReadXML_Ex
OS_RecvConnUDP
OS_RecvSecureClusterTCP
OS_RecvSecureTCP
OS_RecvTCP
OS_RecvTCPBuffer
OS_RecvUDP
OS_Regex
OS_RootElementExist
OS_SendSecureTCP
OS_SendSecureTCPCluster
OS_SendTCP
OS_SendTCPbySize
OS_SendUDPbySize
OS_SetKeepalive
OS_SetKeepalive_Options
OS_SetName
OS_SetRecvTimeout
OS_SetSendTimeout
OS_SetSocketSize
OS_StrBreak
ParseXML
TempFile
TestUnmergeFiles
UnmergeFiles
W_JSON_AddField
_OS_Match
__local_name
__pth_gpointer_locked
__pthread_clock_nanosleep
__pthread_shallcancel
__xl_f
_mdebug1
_mdebug2
_merror
_merror_exit
_mferror
_minfo
_mlerror_exit
_mtdebug1
_mtdebug2
_mterror
_mterror_exit
_mtferror
_mtinfo
_mtwarn
_mverror
_mvinfo
_mvwarn
_mwarn
_os_strcmp
_os_strcmp_last
_os_strmatch
_os_strncmp
_plain_mdebug1
_plain_merror
_plain_merror_exit
_plain_minfo
_plain_mwarn
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_setnobreak
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
_pthread_wait_for_multiple_objects
_pthread_wait_for_single_object
_xml_sgetc
abspath
basename_ex
charmap
checkBinaryFile
checkVista
check_path_type
cldir_ex
cldir_ex_ignore
clock_getres
clock_gettime
clock_nanosleep
clock_settime
compare_wazuh_versions
cond_print
cond_print_set
convert_windows_string
csv_list_to_json_str_array
decode_hex_buffer_2_ascii_buffer
do_sema_b_wait_intern
expand_win32_wildcards
external_socket_connect
filter_special_chars
find_string_in_array
free_osinfo
free_strarray
getDefine_Int
getLoggingConfig
get_UTC_modification_time
get_creation_date
get_fp_inode
get_fp_size
get_ip_from_resolved_hostname
get_ipv4_numeric
get_ipv4_string
get_ipv6_numeric
get_ipv6_string
get_nproc
get_release_from_build
get_win_version
get_windows_file_time_epoch
get_windows_time_epoch
gettime
getuname
getunameJSON
hostname_map
in6addr_any
in6addr_loopback
isChroot
isDebug
isVista
is_ascii_utf8
is_leap_year
is_usc2
isabspath
mkdir_ex
mkstemp_ex
nanosleep
nowChroot
nowDaemon
nowDebug
os_logging_config
os_random
os_recv_waitall
os_shell_escape
os_snprintf
os_strcnt
os_strip_char
os_substr
os_trimcrlf
print_hex_string
print_out
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_delay_np_ms
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
randombytes
regexmap
rename_ex
resolve_hostname
rmdir_ex
rwl_print
rwl_print_set
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait
srandom_init
strarray_size
strcspn_escaped
thread_print
thread_print_set
time_diff
time_sub
trail_path_separator
w_calloc_expression_t
w_ch_exec_dir
w_compare_str
w_compress_gzfile
w_copy_file
w_descriptor_cloexec
w_expression_PCRE2_fill_regex_match
w_expression_add_osip
w_expression_compile
w_expression_get_regex_pattern
w_expression_get_regex_type
w_expression_match
w_file_cloexec
w_fopen_r
w_free_expression
w_free_expression_match
w_free_expression_t
w_fseek
w_ftell
w_get_attr_val_by_name
w_get_file_content
w_get_file_pointer
w_get_timestamp
w_is_compressed_bz2_file
w_is_compressed_gz_file
w_is_str_in_array
w_logging_init
w_parse_bool
w_parse_size
w_parse_time
w_ref_parent_folder
w_remove_substr
w_remove_zero_dec
w_seconds_to_time_unit
w_seconds_to_time_value
w_sleep_until
w_str_in_array
w_strarray_append
w_strcat
w_strcat_list
w_string_split
w_strndup
w_strtok
w_strtok_r_str_delim
w_strtrim
w_time_delay
w_tolower_str
w_uncompress_gzfile
w_validate_bytes
w_validate_interval
w_validate_time
w_validate_wday
wfopen
win_path_backslash
win_strerror
wm_strcat
wnet_order
wnet_order_big
wnet_select
wpclose
wpopenl
wpopenv
wreaddir
wstr_chr
wstr_chr_escape
wstr_delete_repeated_groups
wstr_end
wstr_escape
wstr_escape_json
wstr_replace
wstr_split
wstr_unescape
wstr_unescape_json

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 517KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/libwinpthread-1.dll
.dll windows:4 windows x86 arch:x86

dfa03f634f304a7a59afa9eb4bda4fd9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:ef:a7:e1:57:5e:94:41:27:f1:cf:db:bd:22:2a:7b:2b:1b:b1:db:d9:31:1b:46:83:51:af:c2:c5:65:0d:d9
Signer

Actual PE Digest

ac:ef:a7:e1:57:5e:94:41:27:f1:cf:db:bd:22:2a:7b:2b:1b:b1:db:d9:31:1b:46:83:51:af:c2:c5:65:0d:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateSemaphoreA
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetHandleInformation
GetLastError
GetProcessAffinityMask
GetProcessTimes
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
InitializeCriticalSection
IsDebuggerPresent
LeaveCriticalSection
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_setjmp3
_ultoa
_unlock
abort
calloc
exit
fprintf
free
fwrite
malloc
memmove
memset
printf
realloc
strlen
strncmp
vfprintf
longjmp
_strdup

Exports

Exports

__pth_gpointer_locked
__pthread_clock_nanosleep
_pthread_cleanup_dest
_pthread_get_state
_pthread_invoke_cancel
_pthread_key_dest
_pthread_rel_time_in_ms
_pthread_set_state
_pthread_time_in_ms
_pthread_time_in_ms_from_timespec
_pthread_tryjoin
clock_getres
clock_gettime
clock_nanosleep
clock_settime
nanosleep
pthread_attr_destroy
pthread_attr_getdetachstate
pthread_attr_getinheritsched
pthread_attr_getschedparam
pthread_attr_getschedpolicy
pthread_attr_getscope
pthread_attr_getstackaddr
pthread_attr_getstacksize
pthread_attr_init
pthread_attr_setdetachstate
pthread_attr_setinheritsched
pthread_attr_setschedparam
pthread_attr_setschedpolicy
pthread_attr_setscope
pthread_attr_setstackaddr
pthread_attr_setstacksize
pthread_barrier_destroy
pthread_barrier_init
pthread_barrier_wait
pthread_barrierattr_destroy
pthread_barrierattr_getpshared
pthread_barrierattr_init
pthread_barrierattr_setpshared
pthread_cancel
pthread_cond_broadcast
pthread_cond_destroy
pthread_cond_init
pthread_cond_signal
pthread_cond_timedwait
pthread_cond_timedwait_relative_np
pthread_cond_wait
pthread_condattr_destroy
pthread_condattr_getclock
pthread_condattr_getpshared
pthread_condattr_init
pthread_condattr_setclock
pthread_condattr_setpshared
pthread_create
pthread_create_wrapper
pthread_delay_np
pthread_detach
pthread_equal
pthread_exit
pthread_get_concurrency
pthread_getclean
pthread_getconcurrency
pthread_getevent
pthread_gethandle
pthread_getname_np
pthread_getschedparam
pthread_getspecific
pthread_join
pthread_key_create
pthread_key_delete
pthread_kill
pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_timedlock
pthread_mutex_trylock
pthread_mutex_unlock
pthread_mutexattr_destroy
pthread_mutexattr_getprioceiling
pthread_mutexattr_getprotocol
pthread_mutexattr_getpshared
pthread_mutexattr_gettype
pthread_mutexattr_init
pthread_mutexattr_setprioceiling
pthread_mutexattr_setprotocol
pthread_mutexattr_setpshared
pthread_mutexattr_settype
pthread_num_processors_np
pthread_once
pthread_rwlock_destroy
pthread_rwlock_init
pthread_rwlock_rdlock
pthread_rwlock_timedrdlock
pthread_rwlock_timedwrlock
pthread_rwlock_tryrdlock
pthread_rwlock_trywrlock
pthread_rwlock_unlock
pthread_rwlock_wrlock
pthread_rwlockattr_destroy
pthread_rwlockattr_getpshared
pthread_rwlockattr_init
pthread_rwlockattr_setpshared
pthread_self
pthread_set_concurrency
pthread_set_num_processors_np
pthread_setcancelstate
pthread_setcanceltype
pthread_setconcurrency
pthread_setname_np
pthread_setschedparam
pthread_setspecific
pthread_spin_destroy
pthread_spin_init
pthread_spin_lock
pthread_spin_trylock
pthread_spin_unlock
pthread_testcancel
pthread_timechange_handler_np
pthread_tls_init
sched_get_priority_max
sched_get_priority_min
sched_getscheduler
sched_setscheduler
sched_yield
sem_close
sem_destroy
sem_getvalue
sem_init
sem_open
sem_post
sem_post_multiple
sem_timedwait
sem_trywait
sem_unlink
sem_wait

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 172B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 311KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/local_internal_options.conf
ossec-agent/logs/2024/Apr/ossec-07.log.gz
.gz
ossec-07.log
ossec-agent/logs/2024/Apr/ossec-09.log.gz
.gz
ossec-09.log
ossec-agent/logs/2024/Apr/ossec-10.log.gz
.gz
ossec-10.log
ossec-agent/logs/2024/Apr/ossec-11.log.gz
.gz
ossec-11.log
ossec-agent/logs/2024/Apr/ossec-12.log.gz
.gz
ossec-12.log
ossec-agent/logs/2024/Apr/ossec-13.log.gz
.gz
ossec-13.log
ossec-agent/logs/2024/Apr/ossec-14.log.gz
.gz
ossec-14.log
ossec-agent/logs/2024/Apr/ossec-15.log.gz
.gz
ossec-15.log
ossec-agent/manage_agents.exe
.exe windows:4 windows x86 arch:x86

7c9b5ae5bf63c9aa6bfd0939e941709b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:c1:38:89:74:87:f6:98:85:9e:91:bd:de:a8:a2:2a:7a:23:c6:d0:f1:20:00:c5:7b:9c:2e:0c:04:50:bd:bd
Signer

Actual PE Digest

0e:c1:38:89:74:87:f6:98:85:9e:91:bd:de:a8:a2:2a:7a:23:c6:d0:f1:20:00:c5:7b:9c:2e:0c:04:50:bd:bd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
CryptAcquireContextA
CryptGenRandom
DeleteService
FreeSid
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringA
CertOpenSystemStoreA

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableW
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileA
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrcmpiA

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p___argv
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_findclose
_fullpath
_get_osfhandle
_initterm
_iob
_lock
_onexit
_open_osfhandle
_setjmp3
_ultoa
_unlock
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
isalnum
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memcpy
memmove
memset
mktime
localtime
_mktemp
perror
printf
qsort
realloc
rename
setlocale
signal
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
ungetc
vfprintf
time
_stricmp
_strnicmp
wcslen
wcstombs
_stat
_findnext
_findfirst
longjmp
_unlink
_umask
_strdup
_rmdir
_putenv
_mkdir
_getpid
_getcwd
_fdopen
_close
_chdir

psapi

EnumProcessModules
GetModuleFileNameExW

shlwapi

PathFindFileNameA
PathRemoveFileSpecA

user32

GetSystemMetrics

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust

ws2_32

freeaddrinfo
getaddrinfo

wsock32

WSAGetLastError
WSASetLastError
accept
bind
closesocket
connect
getsockopt
htonl
htons
inet_addr
inet_ntoa
listen
ntohl
recv
select
send
setsockopt
socket

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/ossec.conf
ossec-agent/ossec.log
ossec-agent/ossec1.txt
ossec-agent/profile-10.template
ossec-agent/queue/fim/db/fim.db
ossec-agent/queue/logcollector/file_status.json
ossec-agent/queue/syscollector/db/local.db
ossec-agent/queue/syscollector/norm_config.json
ossec-agent/rids/003
ossec-agent/rids/sender_counter
ossec-agent/rsync.dll
.dll windows:4 windows x86 arch:x86

b69076ec4d2add21e7df3f2b840930f1

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:8e:99:00:1f:20:d4:a4:ad:f8:1a:2f:78:8c:0c:55:db:39:99:41:90:37:ed:eb:d2:27:25:06:72:00:a1:7a
Signer

Actual PE Digest

80:8e:99:00:1f:20:d4:a4:ad:f8:1a:2f:78:8c:0c:55:db:39:99:41:90:37:ed:eb:d2:27:25:06:72:00:a1:7a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_assert
_errno
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
fputc
free
fwrite
islower
isspace
isupper
localeconv
malloc
memcmp
memcpy
memmove
memset
realloc
setlocale
strchr
strerror
strlen
strncmp
vfprintf
time
wcslen

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__divdi3
__moddi3
__register_frame_info
__udivdi3
__umoddi3

libstdc++-6

_ZNKSt13runtime_error4whatEv
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEcj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt8__detail20_Prime_rehash_policy14_M_need_rehashEjjj
_ZNKSt9type_infoeqERKS_
_ZNSo3putEc
_ZNSo5flushEv
_ZNSo9_M_insertImEERSoT_
_ZNSt11logic_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt11logic_errorC2ERKS_
_ZNSt12future_errorD1Ev
_ZNSt13__future_base12_Result_baseC2Ev
_ZNSt13__future_base12_Result_baseD2Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC1ERKS_
_ZNSt13runtime_errorD1Ev
_ZNSt15__exception_ptr13exception_ptr4swapERS0_
_ZNSt15__exception_ptr13exception_ptrD1Ev
_ZNSt18condition_variable10notify_allEv
_ZNSt18condition_variable10notify_oneEv
_ZNSt18condition_variable4waitERSt11unique_lockISt5mutexE
_ZNSt18condition_variableC1Ev
_ZNSt18condition_variableD1Ev
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6thread15_M_start_threadESt10unique_ptrINS_6_StateESt14default_deleteIS1_EEPFvvE
_ZNSt6thread4joinEv
_ZNSt6thread6_StateD2Ev
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6resizeEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERjj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_mutateEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9push_backEc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9exceptionD2Ev
_ZSt11_Hash_bytesPKvjj
_ZSt14__once_functor
_ZSt15future_categoryv
_ZSt16__get_once_mutexv
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_i
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt17current_exceptionv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt20__throw_future_errori
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt20__throw_system_errori
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt27__set_once_functor_lock_ptrPSt11unique_lockISt5mutexE
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt4cerr
_ZSt9terminatev
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZTTNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSt12future_error
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZdaPv
_ZdlPvj
_Znaj
_Znwj
__cxa_allocate_exception
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__gxx_personality_v0
__once_proxy

dbsync

_ZN6DBSync10selectRowsERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEESt8functionIFv18ReturnTypeCallbackSG_EE
_ZN6DBSyncC1EPv
_ZN6DBSyncD1Ev

Exports

Exports

_ZN10RemoteSync10initializeESt8functionIFvRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEE
_ZN10RemoteSync11pushMessageERKSt6vectorIhSaIhEE
_ZN10RemoteSync14registerSyncIDERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEPvRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorS5_bxydSaNSA_14adl_serializerESD_IhSaIhEEEESt8functionIFvS7_EE
_ZN10RemoteSync25initializeFullLogFunctionEPFvPKcS1_iS1_S1_zES3_S3_S3_S3_
_ZN10RemoteSync8teardownEv
_ZN10RemoteSync9startSyncEPvRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEESt8functionIFvRKSB_EE
_ZN10RemoteSyncC1EPv
_ZN10RemoteSyncC1Ejj
_ZN10RemoteSyncC2EPv
_ZN10RemoteSyncC2Ejj
_ZN10RemoteSyncD0Ev
_ZN10RemoteSyncD1Ev
_ZN10RemoteSyncD2Ev
_ZN14QueryParameter10columnListERKSt6vectorINSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESaIS6_EE
_ZN14QueryParameter10orderByOptERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN14QueryParameter11distinctOptEb
_ZN14QueryParameter14countFieldNameERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN14QueryParameter8countOptEj
_ZN14QueryParameter9rowFilterERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN21RegisterConfiguration10countRangeER14QueryParameter
_ZN21RegisterConfiguration11decoderTypeERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN21RegisterConfiguration13rangeChecksumER14QueryParameter
_ZN21RegisterConfiguration6noDataER14QueryParameter
_ZN21RegisterConfiguration7rowDataER14QueryParameter
_ZN22StartSyncConfiguration13rangeChecksumER14QueryParameter
_ZN22StartSyncConfiguration4lastER14QueryParameter
_ZN22StartSyncConfiguration5firstER14QueryParameter
_ZTI10RemoteSync
_ZTI11DeleteQuery
_ZTI11InsertQuery
_ZTI11SelectQuery
_ZTI12SyncRowQuery
_ZTI13ConfigurationI21RegisterConfigurationE
_ZTI13ConfigurationI22StartSyncConfigurationE
_ZTI14QueryParameter
_ZTI21RegisterConfiguration
_ZTI22StartSyncConfiguration
_ZTI5QueryI11DeleteQueryE
_ZTI5QueryI11InsertQueryE
_ZTI5QueryI11SelectQueryE
_ZTI5QueryI12SyncRowQueryE
_ZTI6DBSync
_ZTI9DBSyncTxn
_ZTV10RemoteSync
_ZTV11DeleteQuery
_ZTV11InsertQuery
_ZTV11SelectQuery
_ZTV12SyncRowQuery
_ZTV13ConfigurationI21RegisterConfigurationE
_ZTV13ConfigurationI22StartSyncConfigurationE
_ZTV14QueryParameter
_ZTV21RegisterConfiguration
_ZTV22StartSyncConfiguration
_ZTV5QueryI11DeleteQueryE
_ZTV5QueryI11InsertQueryE
_ZTV5QueryI11SelectQueryE
_ZTV5QueryI12SyncRowQueryE
rsync_close
rsync_create
rsync_initialize
rsync_initialize_full_log_function
rsync_push_message
rsync_register_sync_id
rsync_start_sync
rsync_teardown

Sections

.text
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/ruleset/sca/cis_win11_enterprise.yml
ossec-agent/shared/agent.conf
ossec-agent/shared/ar.conf
ossec-agent/shared/cis_apache2224_rcl.txt
ossec-agent/shared/cis_debian_linux_rcl.txt
ossec-agent/shared/cis_mysql5-6_community_rcl.txt
ossec-agent/shared/cis_mysql5-6_enterprise_rcl.txt
ossec-agent/shared/cis_rhel5_linux_rcl.txt
ossec-agent/shared/cis_rhel6_linux_rcl.txt
ossec-agent/shared/cis_rhel7_linux_rcl.txt
ossec-agent/shared/cis_rhel_linux_rcl.txt
ossec-agent/shared/cis_sles11_linux_rcl.txt
ossec-agent/shared/cis_sles12_linux_rcl.txt
ossec-agent/shared/cis_win2012r2_domainL1_rcl.txt
ossec-agent/shared/cis_win2012r2_domainL2_rcl.txt
ossec-agent/shared/cis_win2012r2_memberL1_rcl.txt
ossec-agent/shared/cis_win2012r2_memberL2_rcl.txt
ossec-agent/shared/merged.mg
ossec-agent/shared/rootkit_files.txt
ossec-agent/shared/rootkit_trojans.txt
ossec-agent/shared/system_audit_rcl.txt
ossec-agent/shared/system_audit_ssh.txt
ossec-agent/shared/win_applications_rcl.txt
ossec-agent/shared/win_audit_rcl.txt
ossec-agent/shared/win_malware_rcl.txt
ossec-agent/syscollector.dll
.dll windows:4 windows x86 arch:x86

30f2d8ab2d01b6d6f5a55bf584a9cf8a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:0c:6d:38:e4:13:97:bc:25:32:92:34:20:67:21:49:56:95:d1:cd:51:5a:5a:a5:18:3e:c5:eb:5a:12:0f:51
Signer

Actual PE Digest

07:0c:6d:38:e4:13:97:bc:25:32:92:34:20:67:21:49:56:95:d1:cd:51:5a:5a:a5:18:3e:c5:eb:5a:12:0f:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
RaiseException
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_assert
_errno
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
fputc
free
fwrite
islower
isspace
isupper
localeconv
malloc
memcmp
memcpy
memmove
memset
gmtime
realloc
setlocale
strchr
strerror
strlen
strncmp
vfprintf
time
wcslen

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__divdi3
__moddi3
__register_frame_info
__udivdi3
__umoddi3

libstdc++-6

_ZNKSt12__basic_fileIcE7is_openEv
_ZNKSt13runtime_error4whatEv
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt6locale2id5_M_idEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEjjRKS4_
_ZNKSt9type_infoeqERKS_
_ZNSi10_M_extractIlEERSiRT_
_ZNSo9_M_insertImEERSoT_
_ZNSt11regex_errorD1Ev
_ZNSt12__basic_fileIcED1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEE4openEPKcSt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_filebufIcSt11char_traitsIcEEC1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKS_
_ZNSt13runtime_errorC2EPKc
_ZNSt13runtime_errorD1Ev
_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev
_ZNSt18condition_variable10notify_allEv
_ZNSt18condition_variableC1Ev
_ZNSt18condition_variableD1Ev
_ZNSt5ctypeIcE2idE
_ZNSt6chrono3_V212steady_clock3nowEv
_ZNSt6chrono3_V212system_clock3nowEv
_ZNSt6localeC1ERKS_
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6localeaSERKS_
_ZNSt6thread20hardware_concurrencyEv
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE14_M_replace_auxEjjjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6resizeEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERjj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_mutateEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9push_backEc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_
_ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE7_M_syncEPcjj
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZNSt9exceptionD2Ev
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_i
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_regex_errorNSt15regex_constants10error_typeE
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt20__throw_system_errori
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt9terminatev
_ZSt9use_facetINSt7__cxx117collateIcEEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIcEERKT_RKSt6locale
_ZTTNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTTNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTTSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSt11regex_error
_ZTVSt13basic_filebufIcSt11char_traitsIcEE
_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZdaPv
_ZdlPvj
_Znaj
_Znwj
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__dynamic_cast
__gxx_personality_v0

sysinfo

_ZTV7SysInfo

dbsync

_ZN6DBSync10initializeESt8functionIFvRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEE
_ZN6DBSyncC1E8HostType12DbEngineTypeRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES9_
_ZN9DBSyncTxn10syncTxnRowERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS1_14adl_serializerES4_IhSaIhEEEE
_ZN9DBSyncTxn14getDeletedRowsESt8functionIFv18ReturnTypeCallbackRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS3_14adl_serializerES6_IhSaIhEEEEEE
_ZN9DBSyncTxnC1EPvRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEEjjSt8functionIFv18ReturnTypeCallbackSH_EE
_ZN9DBSyncTxnD1Ev

rsync

_ZN10RemoteSyncC1Ejj

Exports

Exports

_ZN12Syscollector11scanNetworkEv
_ZN12Syscollector11syncNetworkEv
_ZN12Syscollector12getPortsDataB5cxx11Ev
_ZN12Syscollector12notifyChangeE18ReturnTypeCallbackRKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEERKSB_
_ZN12Syscollector12scanHardwareEv
_ZN12Syscollector12scanHotfixesEv
_ZN12Syscollector12scanPackagesEv
_ZN12Syscollector12syncHardwareEv
_ZN12Syscollector12syncHotfixesEv
_ZN12Syscollector12syncPackagesEv
_ZN12Syscollector13scanProcessesEv
_ZN12Syscollector13syncProcessesEv
_ZN12Syscollector13updateChangesERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorS5_bxydSaNS9_14adl_serializerESC_IhSaIhEEEE
_ZN12Syscollector14getNetworkDataB5cxx11Ev
_ZN12Syscollector15getHardwareDataB5cxx11Ev
_ZN12Syscollector17registerWithRsyncEv
_ZN12Syscollector4initERKSt10shared_ptrI8ISysInfoESt8functionIFvRKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEEESF_S5_IFv19modules_log_level_tSD_EESD_SD_SD_jbbbbbbbbbb
_ZN12Syscollector4pushERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZN12Syscollector4scanEv
_ZN12Syscollector4syncEv
_ZN12Syscollector6scanOsEv
_ZN12Syscollector6syncOsEv
_ZN12Syscollector7destroyEv
_ZN12Syscollector8syncLoopERSt11unique_lockISt5mutexE
_ZN12Syscollector9getOSDataB5cxx11Ev
_ZN12Syscollector9scanPortsEv
_ZN12Syscollector9syncPortsEv
_ZN12SyscollectorC1Ev
_ZN12SyscollectorC2Ev
_ZNK12Syscollector18getCreateStatementB5cxx11Ev
_ZTI10RemoteSync
_ZTI11DeleteQuery
_ZTI11InsertQuery
_ZTI11SelectQuery
_ZTI12SyncRowQuery
_ZTI13ConfigurationI21RegisterConfigurationE
_ZTI13ConfigurationI22StartSyncConfigurationE
_ZTI14QueryParameter
_ZTI21RegisterConfiguration
_ZTI22StartSyncConfiguration
_ZTI5QueryI11DeleteQueryE
_ZTI5QueryI11InsertQueryE
_ZTI5QueryI11SelectQueryE
_ZTI5QueryI12SyncRowQueryE
_ZTI6DBSync
_ZTI7SysInfo
_ZTI9DBSyncTxn
_ZTV11DeleteQuery
_ZTV11InsertQuery
_ZTV11SelectQuery
_ZTV12SyncRowQuery
_ZTV13ConfigurationI21RegisterConfigurationE
_ZTV13ConfigurationI22StartSyncConfigurationE
_ZTV14QueryParameter
_ZTV21RegisterConfiguration
_ZTV22StartSyncConfiguration
_ZTV5QueryI11DeleteQueryE
_ZTV5QueryI11InsertQueryE
_ZTV5QueryI11SelectQueryE
_ZTV5QueryI12SyncRowQueryE
syscollector_start
syscollector_stop
syscollector_sync_message

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/sysinfo.dll
.dll windows:4 windows x86 arch:x86

82dd17f2f5e461161e78ccc0e1cf6716

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:74:af:66:3b:c7:f3:2f:24:50:ef:36:c3:d0:bc:c7:27:c5:fe:8e:22:bb:11:bf:72:83:a8:ef:d0:e8:e9:46
Signer

Actual PE Digest

52:74:af:66:3b:c7:f3:2f:24:50:ef:36:c3:d0:bc:c7:27:c5:fe:8e:22:bb:11:bf:72:83:a8:ef:d0:e8:e9:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetExtendedTcpTable
GetExtendedUdpTable
GetIfEntry

kernel32

CloseHandle
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetLogicalDriveStringsA
GetModuleHandleA
GetModuleHandleW
GetNativeSystemInfo
GetProcAddress
GetProcessHeap
GetProcessTimes
GetSystemInfo
GetVersionExA
GlobalMemoryStatusEx
HeapAlloc
HeapFree
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
ProcessIdToSessionId
QueryDosDeviceA
RaiseException
Sleep
TlsGetValue
VerSetConditionMask
VerifyVersionInfoW
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_assert
_errno
_initterm
_iob
_lock
_pclose
_popen
_unlock
abort
atoi
calloc
fgets
fputc
free
fwrite
islower
isspace
isupper
localeconv
malloc
memcmp
memcpy
memmove
memset
mktime
localtime
gmtime
realloc
setlocale
strchr
strerror
strftime
strlen
strncmp
strtol
toupper
vfprintf
wcslen

psapi

GetProcessImageFileNameA
GetProcessMemoryInfo

user32

GetSystemMetrics

ws2_32

inet_ntoa
ntohs

libgcc_s_dw2-1

_Unwind_Resume
__deregister_frame_info
__divdi3
__moddi3
__register_frame_info
__udivdi3
__umoddi3

libstdc++-6

_ZNKSt10filesystem7__cxx1118directory_iteratordeEv
_ZNKSt10filesystem7__cxx114path5_List13_Impl_deleterclEPNS2_5_ImplE
_ZNKSt10filesystem7__cxx114path5_List3endEv
_ZNKSt12__basic_fileIcE7is_openEv
_ZNKSt13runtime_error4whatEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE10do_unshiftERiPcS2_RS2_
_ZNKSt25__codecvt_utf8_utf16_baseIwE11do_encodingEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE13do_max_lengthEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE16do_always_noconvEv
_ZNKSt25__codecvt_utf8_utf16_baseIwE5do_inERiPKcS3_RS3_PwS5_RS5_
_ZNKSt25__codecvt_utf8_utf16_baseIwE6do_outERiPKwS3_RS3_PcS5_RS5_
_ZNKSt25__codecvt_utf8_utf16_baseIwE9do_lengthERiPKcS3_j
_ZNKSt5ctypeIcE13_M_widen_initEv
_ZNKSt6locale2id5_M_idEv
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE16find_last_not_ofEPKcjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE17find_first_not_ofEPKcjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEPKcjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE4findEcj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE5rfindEcj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6substrEjj
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEPKc
_ZNKSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7compareEjjRKS4_
_ZNKSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE3strEv
_ZNKSt7codecvtIwciE10do_unshiftERiPcS2_RS2_
_ZNKSt7codecvtIwciE11do_encodingEv
_ZNKSt7codecvtIwciE13do_max_lengthEv
_ZNKSt7codecvtIwciE16do_always_noconvEv
_ZNKSt7codecvtIwciE5do_inERiPKcS3_RS3_PwS5_RS5_
_ZNKSt7codecvtIwciE6do_outERiPKwS3_RS3_PcS5_RS5_
_ZNKSt7codecvtIwciE9do_lengthERiPKcS3_j
_ZNKSt9type_infoeqERKS_
_ZNSi10_M_extractIlEERSiRT_
_ZNSo3putEc
_ZNSo5flushEv
_ZNSo9_M_insertImEERSoT_
_ZNSolsEi
_ZNSt10filesystem6statusERKNS_7__cxx114pathE
_ZNSt10filesystem7__cxx1116filesystem_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEESt10error_code
_ZNSt10filesystem7__cxx1116filesystem_errorD1Ev
_ZNSt10filesystem7__cxx1118directory_iteratorC1ERKNS0_4pathENS_17directory_optionsEPSt10error_code
_ZNSt10filesystem7__cxx1118directory_iteratorppEv
_ZNSt10filesystem7__cxx114path14_M_split_cmptsEv
_ZNSt10filesystem7__cxx114path5_ListC1ERKS2_
_ZNSt10filesystem7__cxx114path5_ListC1Ev
_ZNSt10filesystem7__cxx114pathdVERKS1_
_ZNSt11regex_errorD1Ev
_ZNSt12__basic_fileIcED1Ev
_ZNSt12system_errorD1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEE4openEPKwSt13_Ios_Openmode
_ZNSt13basic_filebufIcSt11char_traitsIcEE5closeEv
_ZNSt13basic_filebufIcSt11char_traitsIcEEC1Ev
_ZNSt13basic_filebufIcSt11char_traitsIcEED1Ev
_ZNSt13runtime_errorC1EPKc
_ZNSt13runtime_errorC1ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorC1ERKS_
_ZNSt13runtime_errorC2EPKc
_ZNSt13runtime_errorC2ERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEE
_ZNSt13runtime_errorD1Ev
_ZNSt14basic_ifstreamIcSt11char_traitsIcEEC1EPKwSt13_Ios_Openmode
_ZNSt14basic_ifstreamIcSt11char_traitsIcEED1Ev
_ZNSt25__codecvt_utf8_utf16_baseIwED2Ev
_ZNSt3_V215system_categoryEv
_ZNSt3_V216generic_categoryEv
_ZNSt5ctypeIcE2idE
_ZNSt6localeC1ERKS_
_ZNSt6localeC1Ev
_ZNSt6localeD1Ev
_ZNSt6localeaSERKS_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE10_M_replaceEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE12_M_constructEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE14_M_replace_auxEjjjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6appendEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6assignEPKc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE6resizeEjc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE7reserveEj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_appendEPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_assignERKS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_createERjj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9_M_mutateEjjPKcj
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEE9push_backEc
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEC1EOS4_
_ZNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEaSEOS4_
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE10_M_replaceEjjPKwj
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE6resizeEjw
_ZNSt7__cxx1112basic_stringIwSt11char_traitsIwESaIwEE9_M_createERjj
_ZNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEE7_M_syncEPcjj
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEC1Ev
_ZNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEED1Ev
_ZNSt7codecvtIwciEC2Ej
_ZNSt7codecvtIwciED2Ev
_ZNSt8ios_base4InitC1Ev
_ZNSt8ios_base4InitD1Ev
_ZNSt8ios_baseC2Ev
_ZNSt8ios_baseD2Ev
_ZNSt9basic_iosIcSt11char_traitsIcEE4initEPSt15basic_streambufIcS1_E
_ZNSt9basic_iosIcSt11char_traitsIcEE5clearESt12_Ios_Iostate
_ZNSt9exceptionD2Ev
_ZSt16__ostream_insertIcSt11char_traitsIcEERSt13basic_ostreamIT_T0_ES6_PKS3_i
_ZSt16__throw_bad_castv
_ZSt17__throw_bad_allocv
_ZSt18_Rb_tree_decrementPSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPKSt18_Rb_tree_node_base
_ZSt18_Rb_tree_incrementPSt18_Rb_tree_node_base
_ZSt19__throw_logic_errorPKc
_ZSt19__throw_regex_errorNSt15regex_constants10error_typeE
_ZSt20__throw_length_errorPKc
_ZSt20__throw_out_of_rangePKc
_ZSt24__throw_invalid_argumentPKc
_ZSt24__throw_out_of_range_fmtPKcz
_ZSt25__throw_bad_function_callv
_ZSt28_Rb_tree_rebalance_for_erasePSt18_Rb_tree_node_baseRS_
_ZSt29_Rb_tree_insert_and_rebalancebPSt18_Rb_tree_node_baseS0_RS_
_ZSt4cerr
_ZSt7getlineIcSt11char_traitsIcESaIcEERSt13basic_istreamIT_T0_ES7_RNSt7__cxx1112basic_stringIS4_S5_T1_EES4_
_ZSt9terminatev
_ZSt9use_facetINSt7__cxx117collateIcEEERKT_RKSt6locale
_ZSt9use_facetISt5ctypeIcEERKT_RKSt6locale
_ZStlsISt11char_traitsIcEERSt13basic_ostreamIcT_ES5_PKc
_ZTTNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTTNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTTSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVN10__cxxabiv117__class_type_infoE
_ZTVN10__cxxabiv120__si_class_type_infoE
_ZTVN10__cxxabiv121__vmi_class_type_infoE
_ZTVNSt7__cxx1115basic_stringbufIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1118basic_stringstreamIcSt11char_traitsIcESaIcEEE
_ZTVNSt7__cxx1119basic_istringstreamIcSt11char_traitsIcESaIcEEE
_ZTVSt11regex_error
_ZTVSt12system_error
_ZTVSt13basic_filebufIcSt11char_traitsIcEE
_ZTVSt14basic_ifstreamIcSt11char_traitsIcEE
_ZTVSt15basic_streambufIcSt11char_traitsIcEE
_ZTVSt9basic_iosIcSt11char_traitsIcEE
_ZdaPv
_ZdlPvj
_Znaj
_Znwj
__cxa_allocate_exception
__cxa_bad_cast
__cxa_begin_catch
__cxa_end_catch
__cxa_free_exception
__cxa_guard_abort
__cxa_guard_acquire
__cxa_guard_release
__cxa_rethrow
__cxa_throw
__cxa_throw_bad_array_new_length
__dynamic_cast
__gxx_personality_v0

Exports

Exports

_ZN7SysInfo2osB5cxx11Ev
_ZN7SysInfo5portsB5cxx11Ev
_ZN7SysInfo8hardwareB5cxx11Ev
_ZN7SysInfo8hotfixesB5cxx11Ev
_ZN7SysInfo8networksB5cxx11Ev
_ZN7SysInfo8packagesB5cxx11Ev
_ZN7SysInfo8packagesESt8functionIFvRN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEEEE
_ZN7SysInfo9processesB5cxx11Ev
_ZN7SysInfo9processesESt8functionIFvRN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEEEE
_ZNK7SysInfo11getHardwareB5cxx11Ev
_ZNK7SysInfo11getHotfixesB5cxx11Ev
_ZNK7SysInfo11getNetworksB5cxx11Ev
_ZNK7SysInfo11getPackagesB5cxx11Ev
_ZNK7SysInfo11getPackagesESt8functionIFvRN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEEEE
_ZNK7SysInfo16getProcessesInfoB5cxx11Ev
_ZNK7SysInfo16getProcessesInfoESt8functionIFvRN8nlohmann16json_abi_v3_11_210basic_jsonISt3mapSt6vectorNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEEbxydSaNS2_14adl_serializerES5_IhSaIhEEEEEE
_ZNK7SysInfo8getPortsB5cxx11Ev
_ZNK7SysInfo9getOsInfoB5cxx11Ev
_ZTI7SysInfo
_ZTV7SysInfo
sysinfo_free_result
sysinfo_hardware
sysinfo_hotfixes
sysinfo_networks
sysinfo_os
sysinfo_packages
sysinfo_packages_cb
sysinfo_ports
sysinfo_processes
sysinfo_processes_cb

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/vista_sec.txt
ossec-agent/wazuh-agent.exe
.exe windows:4 windows x86 arch:x86

36deaa9400de44b83f70455512fac6c9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:8a:c7:2f:cb:a2:5e:a1:22:e8:7a:e3:ef:9b:53:86:1b:eb:eb:1b:05:28:b3:27:62:d1:d9:dd:76:a9:be:57
Signer

Actual PE Digest

7f:8a:c7:2f:cb:a2:5e:a1:22:e8:7a:e3:ef:9b:53:86:1b:eb:eb:1b:05:28:b3:27:62:d1:d9:dd:76:a9:be:57

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AddAce
AdjustTokenPrivileges
AllocateAndInitializeSid
AuditEnumerateSubCategories
AuditLookupCategoryGuidFromCategoryId
AuditQuerySystemPolicy
ChangeServiceConfig2A
CloseEventLog
CloseServiceHandle
ControlService
ConvertSidToStringSidA
CopySid
CreateServiceA
CryptAcquireContextA
CryptGenRandom
DeleteAce
DeleteService
EqualSid
FreeSid
GetAce
GetAclInformation
GetFileSecurityA
GetLengthSid
GetNamedSecurityInfoA
GetNumberOfEventLogRecords
GetOldestEventLogRecord
GetSecurityDescriptorDacl
GetSecurityInfo
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
IsValidSid
LookupAccountSidA
LookupPrivilegeValueA
LsaClose
LsaFreeMemory
LsaNtStatusToWinError
LsaOpenPolicy
LsaQueryInformationPolicy
OpenEventLogA
OpenProcessToken
OpenSCManagerA
OpenServiceA
OpenThreadToken
QueryServiceStatus
ReadEventLogA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegGetKeySecurity
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegisterServiceCtrlHandlerA
SetEntriesInAclA
SetNamedSecurityInfoA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringA
CertOpenSystemStoreA

kernel32

AddVectoredExceptionHandler
BackupRead
BackupSeek
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateMutexA
CreatePipe
CreateProcessA
CreateSemaphoreA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstVolumeW
FindNextFileA
FindNextVolumeW
FindVolumeClose
FormatMessageA
FreeLibrary
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessHeap
GetProcessTimes
GetStartupInfoA
GetSystemTime
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersionExA
GetVolumePathNamesForVolumeNameW
HeapAlloc
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LocalAlloc
LocalFree
Module32First
MultiByteToWideChar
OpenProcess
OutputDebugStringA
Process32First
Process32Next
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadDirectoryChangesW
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileA
ResetEvent
ResumeThread
SetEvent
SetHandleInformation
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
lstrcmpiA

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_close
_fdopen
_filelengthi64
_fileno
_findclose
_fullpath
_get_osfhandle
_initterm
_iob
_lock
_onexit
_open_osfhandle
_pclose
_popen
_putenv
_setjmp3
fwprintf
_ultoa
_unlink
_unlock
abort
atoi
atol
calloc
clearerr
clock
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fgetws
fopen
fprintf
fputc
fputs
fputwc
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
isalnum
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memchr
memcpy
memmove
memset
mktime
localtime
gmtime
difftime
_mkdir
_mktemp
printf
qsort
realloc
remove
rename
setlocale
signal
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
system
tolower
toupper
ungetc
vfprintf
time
_stricmp
_strnicmp
wcslen
wcsrchr
wcstombs
_stat
_fstat
_findnext
_findfirst
longjmp
_unlink
_umask
_strdup
_rmdir
_mkdir
_getpid
_getcwd
_fileno
_fdopen
_close
_chmod
_chdir
_access

psapi

EnumProcessModules
GetModuleFileNameExW

shlwapi

PathFileExistsA
PathFindFileNameA
PathMatchSpecA
PathRemoveFileSpecA

user32

GetSystemMetrics

wevtapi

EvtClose
EvtCreateBookmark
EvtCreateRenderContext
EvtFormatMessage
EvtOpenPublisherMetadata
EvtRender
EvtSubscribe
EvtUpdateBookmark

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust

ws2_32

freeaddrinfo
getaddrinfo

wsock32

WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
recv
select
send
setsockopt
socket

Sections

.text
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 235KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 637KB - Virtual size: 637KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/wazuh-agent.state
ossec-agent/wazuh-logcollector.state
ossec-agent/win32ui.exe
.exe windows:4 windows x86 arch:x86

4fc1904ce20390d338727c93dec6c7af

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/06/2023, 00:00

Not After

17/06/2026, 23:59

Subject

SERIALNUMBER=5714547,CN=Wazuh\, Inc,O=Wazuh\, Inc,L=San Jose,ST=California,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:49:c5:d8:31:78:92:15:3b:a9:52:87:8f:ec:89:bf:cf:f6:7e:dd:92:fc:56:12:64:b6:91:bd:2d:07:62:e3
Signer

Actual PE Digest

56:49:c5:d8:31:78:92:15:3b:a9:52:87:8f:ec:89:bf:cf:f6:7e:dd:92:fc:56:12:64:b6:91:bd:2d:07:62:e3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
ChangeServiceConfig2A
CloseServiceHandle
ControlService
CreateServiceA
CryptAcquireContextA
CryptGenRandom
DeleteService
FreeSid
InitializeSecurityDescriptor
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegisterServiceCtrlHandlerA
SetEntriesInAclA
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

comctl32

InitCommonControls

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertGetNameStringA
CertOpenSystemStoreA

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateFileW
CreateProcessA
CreateSemaphoreA
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FormatMessageA
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFullPathNameW
GetHandleInformation
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetVersionExA
GlobalAlloc
GlobalFree
InitializeCriticalSection
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReleaseSemaphore
RemoveVectoredExceptionHandler
ReplaceFileA
ResetEvent
ResumeThread
SetEvent
SetLastError
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
lstrcmpiA

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_beginthreadex
_cexit
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_findclose
_fullpath
_get_osfhandle
_initterm
_iob
_lock
_onexit
_open_osfhandle
_setjmp3
_spawnlp
_ultoa
_unlock
abort
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fopen
fprintf
fputc
fread
free
fseek
fsetpos
ftell
fwrite
getc
isalpha
islower
isspace
isupper
isxdigit
localeconv
malloc
mbstowcs
memcpy
memmove
memset
localtime
_mktemp
printf
qsort
realloc
rename
setlocale
setvbuf
signal
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
ungetc
vfprintf
time
_stricmp
_strnicmp
wcslen
wcstombs
_stat
_findnext
_findfirst
longjmp
_unlink
_umask
_strdup
_rmdir
_mkdir
_getpid
_getcwd
_fdopen
_close
_chdir

psapi

EnumProcessModules
GetModuleFileNameExW

shlwapi

PathFindFileNameA
PathRemoveFileSpecA

user32

AppendMenuA
CreateMenu
CreatePopupMenu
CreateWindowExA
DialogBoxParamA
EndDialog
GetDlgItem
GetDlgItemTextA
GetSystemMetrics
GetWindowTextLengthA
LoadIconA
MessageBoxA
PostMessageA
SendMessageA
SetDlgItemTextA
SetMenu

wintrust

CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
WinVerifyTrust

ws2_32

freeaddrinfo
getaddrinfo

wsock32

WSAGetLastError
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
getsockopt
htonl
htons
inet_addr
inet_ntoa
listen
ntohl
recv
select
send
setsockopt
socket

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/14
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/29
Size: 595KB - Virtual size: 595KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/41
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/55
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/91
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/102
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ossec-agent/win32ui.exe.manifest
ossec-agent/wpk_root.pem

Sharing

General

Malware Config

Signatures

Files

4ce980453bf7989a62f48ead41b68215

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

be:44:5b:ea:55:f9:6f:e4:ed:15:79:ae:ea:9e:b4:cc:bb:6c:23:59:50:ff:d0:34:f8:ee:29:e3:8e:31:e4:deSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

psapi

shlwapi

user32

wintrust

Sections

.text Size: 131KB - Virtual size: 130KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 19KB - Virtual size: 18KB

.eh_fram Size: 8KB - Virtual size: 8KB

.bss Size: - Virtual size: 8KB

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 56B

.tls Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 6KB - Virtual size: 5KB

f0386a019ccd410900a0447d003a35ad

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

54:5c:43:d0:d0:ad:64:5c:26:c2:20:47:98:5f:fb:0e:31:0c:1f:b6:69:3a:30:8d:5a:1e:df:bc:70:78:c8:abSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

kernel32

msvcrt

psapi

shlwapi

user32

wintrust

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 512B - Virtual size: 192B

.rdata Size: 18KB - Virtual size: 18KB

.eh_fram Size: 8KB - Virtual size: 8KB

.bss Size: - Virtual size: 8KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

be:44:5b:ea:55:f9:6f:e4:ed:15:79:ae:ea:9e:b4:cc:bb:6c:23:59:50:ff:d0:34:f8:ee:29:e3:8e:31:e4:de
Signer

.text
Size: 131KB - Virtual size: 130KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 19KB - Virtual size: 18KB

.eh_fram
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 8KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

54:5c:43:d0:d0:ad:64:5c:26:c2:20:47:98:5f:fb:0e:31:0c:1f:b6:69:3a:30:8d:5a:1e:df:bc:70:78:c8:ab
Signer

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 512B - Virtual size: 192B

.rdata
Size: 18KB - Virtual size: 18KB

.eh_fram
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 8KB

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

98:b8:8d:c9:9d:00:45:21:c4:55:2d:01:c5:e9:eb:a1:de:4d:24:e8:7c:74:4e:7e:ef:76:10:1d:1b:ce:48:16
Signer

.text
Size: 231KB - Virtual size: 231KB

.data
Size: 512B - Virtual size: 220B

.rdata
Size: 42KB - Virtual size: 41KB

/4
Size: 25KB - Virtual size: 24KB

.bss
Size: - Virtual size: 8KB

.idata
Size: 10KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 56B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 11KB - Virtual size: 10KB

/14
Size: 2KB - Virtual size: 2KB

/29
Size: 599KB - Virtual size: 599KB

/41
Size: 38KB - Virtual size: 37KB

/55
Size: 92KB - Virtual size: 91KB

/67
Size: 18KB - Virtual size: 18KB

/80
Size: 5KB - Virtual size: 4KB

/91
Size: 116KB - Virtual size: 115KB

/102
Size: 5KB - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:2c:50:f7:92:54:7a:00:7d:19:d3:be:01:d3:3b:a9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate