C:\Users\Joseph\Source\Repos\AsyncBridge\src\AsyncBridge\obj\Release\net35-client\AsyncBridge.Net35.pdb
Overview
overview
6Static
static
3AsyncBridge.Net35.dll
windows10-2004-x64
1AsyncBridge.Net35.dll
windows11-21h2-x64
1Countly.dll
windows10-2004-x64
1Countly.dll
windows11-21h2-x64
1Gh.Common.dll
windows10-2004-x64
1Gh.Common.dll
windows11-21h2-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows11-21h2-x64
1SharpRaven.dll
windows10-2004-x64
1SharpRaven.dll
windows11-21h2-x64
1System.Threading.dll
windows10-2004-x64
1System.Threading.dll
windows11-21h2-x64
1TaskbarSystem.exe
windows10-2004-x64
6TaskbarSystem.exe
windows11-21h2-x64
6TaskbarSystem.exe.xml
windows10-2004-x64
1TaskbarSystem.exe.xml
windows11-21h2-x64
1countly/device.xml
windows10-2004-x64
1countly/device.xml
windows11-21h2-x64
1countly/sessions.xml
windows10-2004-x64
1countly/sessions.xml
windows11-21h2-x64
1sdk.dll
windows10-2004-x64
1sdk.dll
windows11-21h2-x64
1unins000.dat
windows10-2004-x64
3unins000.dat
windows11-21h2-x64
3unins000.msg
windows10-2004-x64
3unins000.msg
windows11-21h2-x64
3Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
AsyncBridge.Net35.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
AsyncBridge.Net35.dll
Resource
win11-20240412-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral3
Sample
Countly.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
Countly.dll
Resource
win11-20240412-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
Gh.Common.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
Gh.Common.dll
Resource
win11-20240412-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
Newtonsoft.Json.dll
Resource
win11-20240412-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
SharpRaven.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
SharpRaven.dll
Resource
win11-20240412-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
System.Threading.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
System.Threading.dll
Resource
win11-20240412-en
windows11-21h2-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
TaskbarSystem.exe
Resource
win10v2004-20240412-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral14
Sample
TaskbarSystem.exe
Resource
win11-20240412-en
windows11-21h2-x64
6 signatures
150 seconds
Behavioral task
behavioral15
Sample
TaskbarSystem.exe.xml
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
TaskbarSystem.exe.xml
Resource
win11-20240412-en
windows11-21h2-x64
2 signatures
150 seconds
Behavioral task
behavioral17
Sample
countly/device.xml
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral18
Sample
countly/device.xml
Resource
win11-20240412-en
windows11-21h2-x64
2 signatures
150 seconds
Behavioral task
behavioral19
Sample
countly/sessions.xml
Resource
win10v2004-20240412-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
countly/sessions.xml
Resource
win11-20240412-en
windows11-21h2-x64
2 signatures
150 seconds
Behavioral task
behavioral21
Sample
sdk.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral22
Sample
sdk.dll
Resource
win11-20240412-en
windows11-21h2-x64
1 signatures
150 seconds
Behavioral task
behavioral23
Sample
unins000.dat
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral24
Sample
unins000.dat
Resource
win11-20240412-en
windows11-21h2-x64
3 signatures
150 seconds
Behavioral task
behavioral25
Sample
unins000.msg
Resource
win10v2004-20240412-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral26
Sample
unins000.msg
Resource
win11-20240412-en
windows11-21h2-x64
3 signatures
150 seconds
General
-
Target
Virus.zip from Wormhole.zip
-
Size
3.2MB
-
MD5
10f29e5b1f782af8c6d4f51c22ef7b27
-
SHA1
adb6273ba26762a3eba938ad7bf807565e3cfacb
-
SHA256
2cc7204edea8af5bed40a9896894b5483fdf110ab23326481bd3816b8262c8d9
-
SHA512
27c87c1023074b92938f01a9195763fb2151512c6cfc15b255f81040352f8c7e200eca08d6a26d0e2a54c8dd8dad1bb1e6ec70a8d6543fa44ccc2130078064e2
-
SSDEEP
98304:tx0gIhlNpFXnEeo+kSQDzI6LgsHLoKeYm9T:tmhlNp9hozSQDz3gsYYmV
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/AsyncBridge.Net35.dll unpack001/Countly.dll unpack001/Newtonsoft.Json.dll unpack001/SharpRaven.dll
Files
-
Virus.zip from Wormhole.zip.zip
-
AsyncBridge.Net35.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Countly.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Countly.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 126KB - Virtual size: 125KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1000B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Gh.Common.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
49:14:5a:0c:2a:16:ed:6e:95:b0:15:75:6a:b3:c8:33Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before13/12/2021, 00:00Not After13/12/2023, 23:59SubjectSERIALNUMBER=11478657,CN=Cleversort FZ-LLC,O=Cleversort FZ-LLC,ST=Ra’s al Khaymah,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
49:14:5a:0c:2a:16:ed:6e:95:b0:15:75:6a:b3:c8:33Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before13/12/2021, 00:00Not After13/12/2023, 23:59SubjectSERIALNUMBER=11478657,CN=Cleversort FZ-LLC,O=Cleversort FZ-LLC,ST=Ra’s al Khaymah,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
c2:7b:7e:6d:da:29:af:56:76:76:1e:13:8d:42:b9:94:60:2d:a9:9c:72:1f:a9:10:fe:76:41:4d:fc:4f:97:05Signer
Actual PE Digestc2:7b:7e:6d:da:29:af:56:76:76:1e:13:8d:42:b9:94:60:2d:a9:9c:72:1f:a9:10:fe:76:41:4d:fc:4f:97:05Digest Algorithmsha256PE Digest Matchestrue3b:6d:a6:c9:69:87:5d:80:be:24:b4:f2:90:da:28:48:c0:50:9c:70Signer
Actual PE Digest3b:6d:a6:c9:69:87:5d:80:be:24:b4:f2:90:da:28:48:c0:50:9c:70Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\dev\gh-apps\Common\obj\Release\Gh.Common.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 34KB - Virtual size: 33KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 880B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Newtonsoft.Json.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net35\Newtonsoft.Json.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 461KB - Virtual size: 461KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
SharpRaven.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\projects\raven-csharp\build\obj\Release\net35\SharpRaven.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 70KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
System.Threading.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
61:08:77:5f:00:00:00:00:00:4aCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19/07/2010, 22:53Not After19/10/2011, 22:53SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:04:b3:f5:00:00:00:00:00:0dCertificate
IssuerCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:13Not After25/07/2011, 19:23SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
61:16:68:34:00:00:00:00:00:1cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before03/04/2007, 12:53Not After03/04/2021, 13:03SubjectCN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:15:08:27:00:00:00:00:00:0cCertificate
IssuerCN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6dNot Before25/01/2006, 23:22Not After25/01/2017, 23:32SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign
a6:e9:10:6c:8a:b6:b5:78:02:56:c2:cf:c8:c4:e9:27:bb:ec:f4:fcSigner
Actual PE Digesta6:e9:10:6c:8a:b6:b5:78:02:56:c2:cf:c8:c4:e9:27:bb:ec:f4:fcDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\cp\main\built\Release\Temp\86167f787584e42c25873494b6be9c\System.Threading.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 369KB - Virtual size: 369KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1024B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TaskbarSystem.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
49:14:5a:0c:2a:16:ed:6e:95:b0:15:75:6a:b3:c8:33Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before13/12/2021, 00:00Not After13/12/2023, 23:59SubjectSERIALNUMBER=11478657,CN=Cleversort FZ-LLC,O=Cleversort FZ-LLC,ST=Ra’s al Khaymah,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
49:14:5a:0c:2a:16:ed:6e:95:b0:15:75:6a:b3:c8:33Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before13/12/2021, 00:00Not After13/12/2023, 23:59SubjectSERIALNUMBER=11478657,CN=Cleversort FZ-LLC,O=Cleversort FZ-LLC,ST=Ra’s al Khaymah,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
f9:29:88:ad:9f:59:68:9e:93:f0:1b:3c:d3:2a:31:4f:5c:d2:4e:ff:6b:13:ac:35:98:91:88:07:14:a0:46:e6Signer
Actual PE Digestf9:29:88:ad:9f:59:68:9e:93:f0:1b:3c:d3:2a:31:4f:5c:d2:4e:ff:6b:13:ac:35:98:91:88:07:14:a0:46:e6Digest Algorithmsha256PE Digest Matchestrue7e:94:64:9c:43:44:7d:bb:5e:df:fb:52:51:0f:f1:1a:dc:14:2a:58Signer
Actual PE Digest7e:94:64:9c:43:44:7d:bb:5e:df:fb:52:51:0f:f1:1a:dc:14:2a:58Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
D:\dev\gh-apps\TaskbarSystem\obj\x86\Release\TaskbarSystem.pdb
Imports
mscoree
_CorExeMain
Sections
.text Size: 583KB - Virtual size: 582KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 283KB - Virtual size: 283KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TaskbarSystem.exe.config.xml
-
countly/device.xml
-
countly/sessions.xml
-
sdk.dll.dll windows:6 windows x86 arch:x86
ef2950805cfd017c3b005284a639e584
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
49:14:5a:0c:2a:16:ed:6e:95:b0:15:75:6a:b3:c8:33Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before13/12/2021, 00:00Not After13/12/2023, 23:59SubjectSERIALNUMBER=11478657,CN=Cleversort FZ-LLC,O=Cleversort FZ-LLC,ST=Ra’s al Khaymah,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
49:14:5a:0c:2a:16:ed:6e:95:b0:15:75:6a:b3:c8:33Certificate
IssuerCN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GBNot Before13/12/2021, 00:00Not After13/12/2023, 23:59SubjectSERIALNUMBER=11478657,CN=Cleversort FZ-LLC,O=Cleversort FZ-LLC,ST=Ra’s al Khaymah,C=AE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024145Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before21/09/2022, 00:00Not After21/11/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
b2:c8:2c:67:b3:d8:26:49:f3:60:95:e1:a9:89:1d:2c:df:65:18:8d:fc:ef:c8:9f:ba:4c:5e:0e:95:20:02:f0Signer
Actual PE Digestb2:c8:2c:67:b3:d8:26:49:f3:60:95:e1:a9:89:1d:2c:df:65:18:8d:fc:ef:c8:9f:ba:4c:5e:0e:95:20:02:f0Digest Algorithmsha256PE Digest Matchestrueee:7e:1b:6c:06:1f:c4:b2:63:69:f2:2a:38:d5:c4:c7:96:58:fa:7aSigner
Actual PE Digestee:7e:1b:6c:06:1f:c4:b2:63:69:f2:2a:38:d5:c4:c7:96:58:fa:7aDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
PostQueuedCompletionStatus
QueryPerformanceCounter
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile
msvcrt
_amsg_exit
_beginthread
_errno
_initterm
_iob
_lock
_unlock
abort
calloc
fprintf
free
fwrite
malloc
realloc
strlen
strncmp
vfprintf
Exports
Exports
Init
InitWithUid
Start
Stop
_cgo_dummy_export
Sections
.text Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 134KB - Virtual size: 133KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 3.3MB - Virtual size: 3.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 193KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 144B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 151KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
unins000.dat
-
unins000.msg