Ping+[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ping+.zip
Size

3.9MB
MD5

48a54c9b428f2522513840590deee0ad
SHA1

833761188826929e9ecc799109094b4cdcd6e7d5
SHA256

98a7f3099d0f90d75b43c35e145c332894e06468c9ddc86d51f310dde1fee714
SHA512

064530c6bef4013279625f5206babc4792758ccc28476b8c9a2920db9e9fc2322ec8dae1bf4d51034ecaae48daacef0d9e9e6890141d32d0216090de1af8c8cc
SSDEEP

98304:wVmWAb4J/Lo9eGeOO9WMdcK4axQF/AipdrJR:woLKo9LkwMdCoA4ipdb

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ping+/SQLite.Interop.dll
unpack001/Ping+/Setup.exe
unpack001/Ping+/SharpRaven.dll
unpack001/Ping+/System.Data.SQLite.dll
unpack001/Ping+/System.Windows.Interactivity.dll
unpack003/x64/AdguardNetLib.dll
unpack003/x86/AdguardNetLib.dll

Files

Ping+.zip
.zip
Ping+/AGIpHelperClose.dll
.dll windows:6 windows x86 arch:x86

d75e28e95315ad872c1c816e98caee7e

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:38:e6:66:0d:ca:7c:c3:77:cb:2f:6f:60:27:f6:16
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2023, 00:00

Not After

12/01/2026, 23:59

Subject

CN=Adguard Software Limited,O=Adguard Software Limited,ST=Lefkosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:cf:27:8a:d2:bb:1d:d8:43:48:41:53:92:cf:cb:c9:47:38:d4:9c:cf:91:4e:4e:8b:cd:e5:e8:c1:96:f3:35
Signer

Actual PE Digest

7a:cf:27:8a:d2:bb:1d:d8:43:48:41:53:92:cf:cb:c9:47:38:d4:9c:cf:91:4e:4e:8b:cd:e5:e8:c1:96:f3:35

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Bamboo\bamboo-agent-home\xml-data\build-dir\WIN-BWU-JOB1\AdGuard.Commons\build\bin\Release\AGIpHelperClose.pdb

Imports

kernel32

GetNamedPipeInfo
OpenProcess
GetFileType
GetCurrentProcess
CloseHandle
WriteConsoleW
GetModuleHandleW
GetProcAddress
DuplicateHandle
LoadLibraryA
CreateFileW
SetFilePointerEx
GetConsoleMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
MultiByteToWideChar
LCMapStringW
DeleteFileW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
DecodePointer

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

ws2_32

getpeername
getsockopt
WSACleanup
WSAStartup
WSAGetLastError
shutdown

Exports

Exports

CloseSocketsByPid
SetTcpEntry6

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/Google.Protobuf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

02/07/2021, 00:00

Not After

10/07/2024, 23:59

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:2e:fe:84:14:8b:ae:03:0f:cd:7f:3f:9c:78:27:de:34:10:54:0d:94:1e:1c:c4:e6:3d:5a:61:0b:7e:dc:43
Signer

Actual PE Digest

10:2e:fe:84:14:8b:ae:03:0f:cd:7f:3f:9c:78:27:de:34:10:54:0d:94:1e:1c:c4:e6:3d:5a:61:0b:7e:dc:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/csharp/src/Google.Protobuf/obj/Release/net45/Google.Protobuf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/SQLite.Interop.dll
.dll windows:6 windows x86 arch:x86

ae94e7e35747470c61bf70e22ccd5d26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dev\sqlite\dotnet\bin\2012\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb

Imports

kernel32

UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
GetVersionExW
HeapDestroy
GetFileAttributesA
LeaveCriticalSection
HeapCreate
MapViewOfFile
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetCurrentThreadId
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
HeapValidate
GetFullPathNameW
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetTimeZoneInformation
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
GetModuleFileNameW
RtlUnwind
GetStringTypeW
CompareStringW
LCMapStringW
SetEnvironmentVariableA
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW

advapi32

CryptDestroyHash
CryptDecrypt
CryptDestroyKey
CryptCreateHash
CryptEncrypt
CryptDuplicateKey
CryptDeriveKey
CryptAcquireContextW
CryptHashData

Exports

Exports

_interop_compileoption_get@4
_interop_compileoption_used@4
_interop_libversion@0
_interop_sourceid@0
_sqlite3_backup_finish_interop@4
_sqlite3_bind_double_interop@12
_sqlite3_bind_int64_interop@12
_sqlite3_bind_parameter_name_interop@12
_sqlite3_blob_close_interop@4
_sqlite3_changes_interop@4
_sqlite3_close_interop@4
_sqlite3_column_database_name16_interop@12
_sqlite3_column_database_name_interop@12
_sqlite3_column_decltype16_interop@12
_sqlite3_column_decltype_interop@12
_sqlite3_column_double_interop@12
_sqlite3_column_int64_interop@12
_sqlite3_column_name16_interop@12
_sqlite3_column_name_interop@12
_sqlite3_column_origin_name16_interop@12
_sqlite3_column_origin_name_interop@12
_sqlite3_column_table_name16_interop@12
_sqlite3_column_table_name_interop@12
_sqlite3_column_text16_interop@12
_sqlite3_column_text_interop@12
_sqlite3_context_collcompare_interop@20
_sqlite3_context_collseq_interop@16
_sqlite3_create_disposable_module_interop@112
_sqlite3_create_function_interop@36
_sqlite3_cursor_rowid_interop@12
_sqlite3_errmsg_interop@8
_sqlite3_finalize_interop@4
_sqlite3_index_column_info_interop@32
_sqlite3_last_insert_rowid_interop@8
_sqlite3_malloc_size_interop@4
_sqlite3_memory_highwater_interop@8
_sqlite3_memory_used_interop@4
_sqlite3_open16_interop@20
_sqlite3_open_interop@20
_sqlite3_prepare16_interop@24
_sqlite3_prepare_interop@24
_sqlite3_reset_interop@4
_sqlite3_result_double_interop@8
_sqlite3_result_int64_interop@8
_sqlite3_table_column_metadata_interop@44
_sqlite3_table_cursor_interop@12
_sqlite3_value_double_interop@8
_sqlite3_value_int64_interop@8
_sqlite3_value_text16_interop@8
_sqlite3_value_text_interop@8
sqlite3_activate_see
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_disposable_module
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_dispose_module
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_json_init
sqlite3_key
sqlite3_key_v2
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_percentile_init
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_preupdate_count
sqlite3_preupdate_depth
sqlite3_preupdate_hook
sqlite3_preupdate_new
sqlite3_preupdate_old
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_regexp_init
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_sha_init
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_totype_init
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_vtshim_init
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_compact_heap
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_reset_heap
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug
sqlite3changegroup_add
sqlite3changegroup_add_strm
sqlite3changegroup_delete
sqlite3changegroup_new
sqlite3changegroup_output
sqlite3changegroup_output_strm
sqlite3changeset_apply
sqlite3changeset_apply_strm
sqlite3changeset_concat
sqlite3changeset_concat_strm
sqlite3changeset_conflict
sqlite3changeset_finalize
sqlite3changeset_fk_conflicts
sqlite3changeset_invert
sqlite3changeset_invert_strm
sqlite3changeset_new
sqlite3changeset_next
sqlite3changeset_old
sqlite3changeset_op
sqlite3changeset_pk
sqlite3changeset_start
sqlite3changeset_start_strm
sqlite3session_attach
sqlite3session_changeset
sqlite3session_changeset_strm
sqlite3session_create
sqlite3session_delete
sqlite3session_diff
sqlite3session_enable
sqlite3session_indirect
sqlite3session_isempty
sqlite3session_patchset
sqlite3session_patchset_strm
sqlite3session_table_filter

Sections

.text
Size: 983KB - Virtual size: 983KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/Setup.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.`lL
Size: - Virtual size: 672B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.<*:
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.$J/
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/SharpRaven.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\raven\build\obj\Release\net45\SharpRaven.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/System.Data.SQLite.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dev\sqlite\dotnet\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/System.Memory.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:08:a2:f9:49:3a:c0:bc:e9:58:00:00:00:00:01:08
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:A841-4BB4-CA93,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:0a:dc:5e:c5:b0:68:7d:34:6b:3f:55:ca:68:74:f4:3b:fa:41:fb:23:b3:aa:f5:81:60:b0:51:c2:59:57:36
Signer

Actual PE Digest

09:0a:dc:5e:c5:b0:68:7d:34:6b:3f:55:ca:68:74:f4:3b:fa:41:fb:23:b3:aa:f5:81:60:b0:51:c2:59:57:36

Digest Algorithm

sha256

PE Digest Matches

true

ad:8c:47:6b:98:db:54:14:ae:46:db:a2:40:72:bb:19:ad:42:27:32
Signer

Actual PE Digest

ad:8c:47:6b:98:db:54:14:ae:46:db:a2:40:72:bb:19:ad:42:27:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\A\_work\89\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/System.Runtime.CompilerServices.Unsafe.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:01:14:96:9a:0d:f8:95:e4:71:49:00:00:00:00:01:14
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:C3B0-0F6A-4111,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:11

Not After

26/07/2019, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/07/2018, 20:08

Not After

26/07/2019, 20:08

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:15:f3:ec:47:d6:3f:1e:62:0c:22:50:47:d3:2a:0b:cf:5c:82:a9:23:c2:0b:01:b8:d7:db:e4:7b:27:d1:f9
Signer

Actual PE Digest

ea:15:f3:ec:47:d6:3f:1e:62:0c:22:50:47:d3:2a:0b:cf:5c:82:a9:23:c2:0b:01:b8:d7:db:e4:7b:27:d1:f9

Digest Algorithm

sha256

PE Digest Matches

true

78:0c:40:a3:44:24:46:f5:79:56:2f:42:d5:63:fa:32:ab:fa:36:6e
Signer

Actual PE Digest

78:0c:40:a3:44:24:46:f5:79:56:2f:42:d5:63:fa:32:ab:fa:36:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/System.Runtime.InteropServices.RuntimeInformation.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/09/2016, 17:58

Not After

07/09/2018, 17:58

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/08/2016, 20:17

Not After

02/11/2017, 20:17

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:db:74:2f:88:32:73:ab:f9:54:bf:23:c7:95:38:b8:ec:aa:28:fd:f2:85:57:f2:b9:b4:98:f1:5d:1d:a3:59
Signer

Actual PE Digest

05:db:74:2f:88:32:73:ab:f9:54:bf:23:c7:95:38:b8:ec:aa:28:fd:f2:85:57:f2:b9:b4:98:f1:5d:1d:a3:59

Digest Algorithm

sha256

PE Digest Matches

true

56:92:ab:b2:b2:ea:e2:5f:1d:7d:b4:40:b3:91:8f:25:ff:d3:35:1d
Signer

Actual PE Digest

56:92:ab:b2:b2:ea:e2:5f:1d:7d:b4:40:b3:91:8f:25:ff:d3:35:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\A\_work\39\s\bin\obj\Windows_NT.AnyCPU.Release\System.Runtime.InteropServices.RuntimeInformation\net45\System.Runtime.InteropServices.RuntimeInformation.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/System.Windows.Interactivity.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\ExpressionRTM\Sparkle\SDK\BlendWPFSDK\Build\Intermediate\Release\Libraries\System.Windows.Interactivity\Win32\Release\System.Windows.Interactivity.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/default.adg
.zip
settings.json
Ping+/drivers.bin
.zip
win10/arm64/adgvpnnetworkwfpdrv.sys
win10/x64/adgvpnnetworktdidrv.sys
.sys windows:6 windows x64 arch:x64

cbf47800d303868761e2034f1321176c

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a5:c1:4a:b3:72:9a:9e:3e:d5:bf:0b:8f:d9:c6:50:c9:18:ac:e8:36:4d:84:4b:85:23:c2:5e:f3:ab:bf:b3:c4
Signer

Actual PE Digest

a5:c1:4a:b3:72:9a:9e:3e:d5:bf:0b:8f:d9:c6:50:c9:18:ac:e8:36:4d:84:4b:85:23:c2:5e:f3:ab:bf:b3:c4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\0bb\nfsdk\netfiltersdk\nfsdk-src\driver_tdi\std\objfre_wnet_amd64\amd64\netfilter2.pdb

Imports

ntoskrnl.exe

KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoDeleteSymbolicLink
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
ZwClose
IofCompleteRequest
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
ObOpenObjectByPointer
ProbeForWrite
IoDetachDevice
IofCallDriver
IoBuildDeviceIoControlRequest
RtlDowncaseUnicodeString
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoFreeMdl
KeInsertQueueDpc
KeWaitForSingleObject
PsGetCurrentProcessId
ExFreePoolWithTag
ObReferenceObjectByHandle
IoFreeIrp
IoReleaseCancelSpinLock
MmMapLockedPagesSpecifyCache
IoAllocateIrp
RtlAppendUnicodeToString
KeInitializeDpc
KeInitializeTimer
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
MmUnmapLockedPages
MmAllocatePagesForMdl
KeSetTimer
MmFreePagesFromMdl
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
ZwQueryValueKey
ZwSetSecurityObject
SeExports
RtlLengthSid
RtlCreateSecurityDescriptor
ZwOpenKey
KeBugCheckEx
IoAllocateMdl
ExAllocatePoolWithTag
__C_specific_handler

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win10/x64/adgvpnnetworkwfpdrv.sys
.sys windows:10 windows x64 arch:x64

077094715544389bf54e310c8b11c707

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:ed:a5:64:9c:06:c0:be:c5:39:91:27:78:5d:ee:c6:f6:02:6d:cc:fa:4c:8f:fd:bd:51:74:4b:0d:be:54:ac
Signer

Actual PE Digest

e0:ed:a5:64:9c:06:c0:be:c5:39:91:27:78:5d:ee:c6:f6:02:6d:cc:fa:4c:8f:fd:bd:51:74:4b:0d:be:54:ac

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\0bb\nfsdk\netFilterSdk\nfsdk-src\driver_wfp\msvc\Win8ReleaseDemo\x64\netfilter2.pdb

Imports

fwpkclnt.sys

FwpsFreeNetBufferList0

ndis.sys

NdisFreeGenericObject
NdisFreeNetBufferListPool
NdisRetreatNetBufferDataStart
NdisAdvanceNetBufferDataStart
NdisGetDataBuffer
NdisAllocateGenericObject
NdisWaitEvent
NdisInitializeEvent
NdisAllocateNetBufferListPool

ntoskrnl.exe

RtlCompareMemory
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExUuidCreate
swprintf_s
__C_specific_handler
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExFreePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
SeExports
RtlGetVersion
_stricmp
ZwQuerySystemInformation
RtlValidSid
KeBugCheckEx

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win10/x86/adgvpnnetworktdidrv.sys
.sys windows:6 windows x86 arch:x86

1d3203cb7d9080b27cd9f8223f02e9e1

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:fb:79:d8:4b:4d:fd:e1:8e:30:49:a0:1f:b2:ea:ad:e7:30:09:8f:65:ee:28:b3:54:95:c7:ea:d1:d7:2b:08
Signer

Actual PE Digest

a3:fb:79:d8:4b:4d:fd:e1:8e:30:49:a0:1f:b2:ea:ad:e7:30:09:8f:65:ee:28:b3:54:95:c7:ea:d1:d7:2b:08

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\0bb\nfsdk\netfiltersdk\nfsdk-src\driver_tdi\std\objfre_wxp_x86\i386\netfilter2.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest
ZwClose
ObfDereferenceObject
ObOpenObjectByPointer
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDetachDevice
IofCallDriver
ProbeForWrite
IoFreeMdl
memcpy
MmBuildMdlForNonPagedPool
IoBuildDeviceIoControlRequest
IoAllocateMdl
RtlDowncaseUnicodeString
PsGetCurrentProcessId
KeWaitForSingleObject
KeInitializeEvent
KeInsertQueueDpc
IoReleaseCancelSpinLock
IoDeleteDevice
IoFreeIrp
MmMapLockedPagesSpecifyCache
IoAllocateIrp
KeInitializeTimer
KeInitializeDpc
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IoGetDeviceObjectPointer
KeSetTimer
MmUnmapLockedPages
MmFreePagesFromMdl
MmAllocatePagesForMdl
ZwQueryValueKey
ZwOpenKey
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
SeExports
RtlLengthSid
KeTickCount
KeBugCheckEx
_aullrem
ExFreePoolWithTag
memset
ObReferenceObjectByHandle
ExAllocatePoolWithTag
RtlUnwind

hal

KfAcquireSpinLock
KfReleaseSpinLock

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win10/x86/adgvpnnetworkwfpdrv.sys
.sys windows:10 windows x86 arch:x86

c0a82f589a0d0b6fb1643b7b9884c370

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:2e:54:23:15:05:86:36:9d:c6:d1:a4:37:ec:3e:08:d9:59:7f:e7:e6:04:70:7b:6b:1d:51:2a:58:ec:e3:98
Signer

Actual PE Digest

ec:2e:54:23:15:05:86:36:9d:c6:d1:a4:37:ec:3e:08:d9:59:7f:e7:e6:04:70:7b:6b:1d:51:2a:58:ec:e3:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\0bb\nfsdk\netFilterSdk\nfsdk-src\driver_wfp\msvc\Win8ReleaseDemo\Win32\netfilter2.pdb

Imports

fwpkclnt.sys

FwpsFreeNetBufferList0

ndis.sys

NdisGetDataBuffer
NdisAllocateGenericObject
NdisFreeGenericObject
NdisAdvanceNetBufferDataStart
NdisWaitEvent
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisRetreatNetBufferDataStart
NdisInitializeEvent

ntoskrnl.exe

memcpy
memset
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExFreePoolWithTag
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
ExUuidCreate
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
SeExports
RtlGetVersion
_stricmp
ZwQuerySystemInformation
KeQuerySystemTime
_allmul
_aulldiv
_aullrem
RtlValidSid
swprintf_s
RtlUnwind
KeBugCheckEx
ExAllocatePoolWithTag
RtlCompareMemory
PsTerminateSystemThread

hal

KeGetCurrentIrql
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/AdguardNetLib.dll
.dll windows:6 windows x64 arch:x64

160dec295202d5687e2ce3f8bd37db14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\0bb\nfsdk\netFilterSdk\nfsdk-src\nfapi\Release_c_api_VPN\x64\AdguardNetLib.pdb

Imports

kernel32

SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetCurrentProcessId
DeleteCriticalSection
GetSystemInfo
GetTickCount
GetModuleHandleA
GetProcAddress
CreateFileA
GetVersionExA
WriteConsoleW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CancelIo
GetOverlappedResult
DeviceIoControl
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
GetDriveTypeW
CreateFileW
SetFilePointerEx
GetConsoleMode
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
GetACP
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceW
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Exports

Exports

nf_addBindingRule
nf_addFlowCtl
nf_addRule
nf_addRuleEx
nf_adjustProcessPriviledges
nf_completeTCPConnectRequest
nf_completeUDPConnectRequest
nf_deleteBindingRules
nf_deleteFlowCtl
nf_deleteRules
nf_free
nf_getConnCount
nf_getDriverType
nf_getFlowCtlStat
nf_getProcessNameA
nf_getProcessNameFromKernel
nf_getProcessNameW
nf_getTCPConnInfo
nf_getTCPStat
nf_getUDPConnInfo
nf_getUDPStat
nf_init
nf_ipPostReceive
nf_ipPostSend
nf_modifyFlowCtl
nf_registerDriver
nf_registerDriverEx
nf_setIPEventHandler
nf_setOptions
nf_setRules
nf_setRulesEx
nf_setTCPFlowCtl
nf_setTCPTimeout
nf_setUDPFlowCtl
nf_tcpClose
nf_tcpDisableFiltering
nf_tcpIsProxy
nf_tcpPostReceive
nf_tcpPostSend
nf_tcpSetConnectionState
nf_tcpSetSockOpt
nf_udpDisableFiltering
nf_udpPostReceive
nf_udpPostSend
nf_udpSetConnectionState
nf_unRegisterDriver

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/AdguardNetReg.exe
.exe windows:6 windows x64 arch:x64

26e34ece1f736427d823c5d6f6dc8231

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:38:e6:66:0d:ca:7c:c3:77:cb:2f:6f:60:27:f6:16
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2023, 00:00

Not After

12/01/2026, 23:59

Subject

CN=Adguard Software Limited,O=Adguard Software Limited,ST=Lefkosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:8c:98:80:87:34:5a:b9:df:8c:e1:46:0e:67:e8:dc:76:b0:52:cf:37:52:eb:a7:1e:c0:c9:5e:95:da:7d:0e
Signer

Actual PE Digest

7d:8c:98:80:87:34:5a:b9:df:8c:e1:46:0e:67:e8:dc:76:b0:52:cf:37:52:eb:a7:1e:c0:c9:5e:95:da:7d:0e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\0bb\nfsdk\netFilterSdk\nfsdk-src\nfregdrv\Release_c_api_VPN\x64\AdguardNetReg.pdb

Imports

adguardnetlib

nf_unRegisterDriver
nf_registerDriver

user32

MessageBoxA
CharNextA

kernel32

WriteConsoleW
SetFilePointerEx
ReadConsoleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
CreateFileW
CloseHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetEndOfFile
ReadFile

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/adgvpnnetworktdidrv.sys
.sys windows:6 windows x64 arch:x64

cbf47800d303868761e2034f1321176c

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:41:c3:8e:6e:be:7a:07:4c:4d:90:03:f2:95:1f:4a:ca:7e:56:10:0c:32:b4:d2:07:fb:1d:d0:4b:70:3b:46
Signer

Actual PE Digest

4f:41:c3:8e:6e:be:7a:07:4c:4d:90:03:f2:95:1f:4a:ca:7e:56:10:0c:32:b4:d2:07:fb:1d:d0:4b:70:3b:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\0bb\nfsdk\netfiltersdk\nfsdk-src\driver_tdi\std\objfre_wnet_amd64\amd64\netfilter2.pdb

Imports

ntoskrnl.exe

KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
IoDeleteSymbolicLink
PsLookupProcessByProcessId
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
ZwClose
IofCompleteRequest
IoCreateSymbolicLink
ObfDereferenceObject
IoCreateDevice
ObOpenObjectByPointer
ProbeForWrite
IoDetachDevice
IofCallDriver
IoBuildDeviceIoControlRequest
RtlDowncaseUnicodeString
KeInitializeEvent
MmBuildMdlForNonPagedPool
IoFreeMdl
KeInsertQueueDpc
KeWaitForSingleObject
PsGetCurrentProcessId
ExFreePoolWithTag
ObReferenceObjectByHandle
IoFreeIrp
IoReleaseCancelSpinLock
MmMapLockedPagesSpecifyCache
IoAllocateIrp
RtlAppendUnicodeToString
KeInitializeDpc
KeInitializeTimer
IoGetDeviceObjectPointer
IoAttachDeviceToDeviceStack
MmUnmapLockedPages
MmAllocatePagesForMdl
KeSetTimer
MmFreePagesFromMdl
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
ZwQueryValueKey
ZwSetSecurityObject
SeExports
RtlLengthSid
RtlCreateSecurityDescriptor
ZwOpenKey
KeBugCheckEx
IoAllocateMdl
ExAllocatePoolWithTag
__C_specific_handler

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/adgvpnnetworkwfpdrv.sys
.sys windows:10 windows x64 arch:x64

0fd6894d0de85d75397d3b75aaf01ba4

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:85:ac:92:2f:f2:c6:e7:70:4b:fb:5f:da:74:1b:78:1c:99:d9:4b:bc:05:ac:4f:a5:96:7c:90:80:25:8b:16
Signer

Actual PE Digest

c2:85:ac:92:2f:f2:c6:e7:70:4b:fb:5f:da:74:1b:78:1c:99:d9:4b:bc:05:ac:4f:a5:96:7c:90:80:25:8b:16

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\0bb\nfsdk\netFilterSdk\nfsdk-src\driver_wfp\msvc\Win7Release\x64\netfilter2.pdb

Imports

fwpkclnt.sys

FwpsFreeNetBufferList0

ndis.sys

NdisFreeGenericObject
NdisFreeNetBufferListPool
NdisRetreatNetBufferDataStart
NdisAdvanceNetBufferDataStart
NdisGetDataBuffer
NdisAllocateGenericObject
NdisWaitEvent
NdisInitializeEvent
NdisAllocateNetBufferListPool

ntoskrnl.exe

RtlCompareMemory
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAllocatePoolWithTag
ExUuidCreate
swprintf_s
__C_specific_handler
RtlInitUnicodeString
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExFreePoolWithTag
ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmGetSystemRoutineAddress
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
PsTerminateSystemThread
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
SeExports
_stricmp
ZwQuerySystemInformation
RtlValidSid
KeBugCheckEx

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/AdguardNetLib.dll
.dll windows:6 windows x86 arch:x86

488fefdeb53d07f4d420d2dc3d286c20

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\0bb\nfsdk\netFilterSdk\nfsdk-src\nfapi\Release_c_api_VPN\Win32\AdguardNetLib.pdb

Imports

kernel32

SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
WaitForMultipleObjects
GetCurrentProcessId
DeleteCriticalSection
GetSystemInfo
GetTickCount
GetModuleHandleA
GetProcAddress
CreateFileA
GetVersionExA
CreateFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CancelIo
GetOverlappedResult
DeviceIoControl
SetLastError
GetLastError
CloseHandle
WriteFile
ReadFile
QueryDosDeviceW
GetLogicalDriveStringsW
OpenProcess
GetDriveTypeW
DecodePointer
SetFilePointerEx
GetConsoleMode
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
GetACP
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
WriteConsoleW

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceW
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

psapi

GetModuleFileNameExA
GetModuleFileNameExW

Exports

Exports

nf_addBindingRule
nf_addFlowCtl
nf_addRule
nf_addRuleEx
nf_adjustProcessPriviledges
nf_completeTCPConnectRequest
nf_completeUDPConnectRequest
nf_deleteBindingRules
nf_deleteFlowCtl
nf_deleteRules
nf_free
nf_getConnCount
nf_getDriverType
nf_getFlowCtlStat
nf_getProcessNameA
nf_getProcessNameFromKernel
nf_getProcessNameW
nf_getTCPConnInfo
nf_getTCPStat
nf_getUDPConnInfo
nf_getUDPStat
nf_init
nf_ipPostReceive
nf_ipPostSend
nf_modifyFlowCtl
nf_registerDriver
nf_registerDriverEx
nf_setIPEventHandler
nf_setOptions
nf_setRules
nf_setRulesEx
nf_setTCPFlowCtl
nf_setTCPTimeout
nf_setUDPFlowCtl
nf_tcpClose
nf_tcpDisableFiltering
nf_tcpIsProxy
nf_tcpPostReceive
nf_tcpPostSend
nf_tcpSetConnectionState
nf_tcpSetSockOpt
nf_udpDisableFiltering
nf_udpPostReceive
nf_udpPostSend
nf_udpSetConnectionState
nf_unRegisterDriver

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/AdguardNetReg.exe
.exe windows:6 windows x86 arch:x86

472e9e70d7ef69c5adcff44a47e03e32

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:38:e6:66:0d:ca:7c:c3:77:cb:2f:6f:60:27:f6:16
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/01/2023, 00:00

Not After

12/01/2026, 23:59

Subject

CN=Adguard Software Limited,O=Adguard Software Limited,ST=Lefkosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:84:31:4d:3e:f0:3e:2b:a8:8b:37:e3:32:ca:34:40:07:6a:0d:53:0b:6a:5c:44:bd:12:46:db:92:ff:7f:24
Signer

Actual PE Digest

0a:84:31:4d:3e:f0:3e:2b:a8:8b:37:e3:32:ca:34:40:07:6a:0d:53:0b:6a:5c:44:bd:12:46:db:92:ff:7f:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\0bb\nfsdk\netFilterSdk\nfsdk-src\nfregdrv\Release_c_api_VPN\Win32\AdguardNetReg.pdb

Imports

adguardnetlib

nf_unRegisterDriver
nf_registerDriver

user32

MessageBoxA
CharNextA

kernel32

WriteConsoleW
DecodePointer
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap
CreateFileW
CloseHandle
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetEndOfFile
ReadFile
ReadConsoleW

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/adgvpnnetworktdidrv.sys
.sys windows:6 windows x86 arch:x86

1d3203cb7d9080b27cd9f8223f02e9e1

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:05:f3:b8:42:6d:fa:99:b1:98:c2:31:54:4f:2c:01:14:f7:90:bb:95:73:03:3f:60:c1:7e:0b:ec:21:5c:8d
Signer

Actual PE Digest

77:05:f3:b8:42:6d:fa:99:b1:98:c2:31:54:4f:2c:01:14:f7:90:bb:95:73:03:3f:60:c1:7e:0b:ec:21:5c:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\0bb\nfsdk\netfiltersdk\nfsdk-src\driver_tdi\std\objfre_wxp_x86\i386\netfilter2.pdb

Imports

ntoskrnl.exe

IoCreateSymbolicLink
IoCreateDevice
IoDeleteSymbolicLink
IofCompleteRequest
ZwClose
ObfDereferenceObject
ObOpenObjectByPointer
PsLookupProcessByProcessId
MmGetSystemRoutineAddress
RtlInitUnicodeString
IoDetachDevice
IofCallDriver
ProbeForWrite
IoFreeMdl
memcpy
MmBuildMdlForNonPagedPool
IoBuildDeviceIoControlRequest
IoAllocateMdl
RtlDowncaseUnicodeString
PsGetCurrentProcessId
KeWaitForSingleObject
KeInitializeEvent
KeInsertQueueDpc
IoReleaseCancelSpinLock
IoDeleteDevice
IoFreeIrp
MmMapLockedPagesSpecifyCache
IoAllocateIrp
KeInitializeTimer
KeInitializeDpc
RtlAppendUnicodeToString
IoAttachDeviceToDeviceStack
IoGetDeviceObjectPointer
KeSetTimer
MmUnmapLockedPages
MmFreePagesFromMdl
MmAllocatePagesForMdl
ZwQueryValueKey
ZwOpenKey
ZwSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
SeExports
RtlLengthSid
KeTickCount
KeBugCheckEx
_aullrem
ExFreePoolWithTag
memset
ObReferenceObjectByHandle
ExAllocatePoolWithTag
RtlUnwind

hal

KfAcquireSpinLock
KfReleaseSpinLock

tdi.sys

TdiMapUserRequest

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/adgvpnnetworkwfpdrv.sys
.sys windows:10 windows x86 arch:x86

97bf97936903442b69e15810dcd7d19b

Code Sign

33:00:00:00:62:f4:5c:f9:9e:58:a9:6a:89:00:00:00:00:00:62
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:18:08:0d:4e:51:ae:91:b8:7b:6d:b8:58:5e:02:f5:31:8b:38:de:25:e7:18:c5:ba:ed:c2:65:66:83:1f:3b
Signer

Actual PE Digest

48:18:08:0d:4e:51:ae:91:b8:7b:6d:b8:58:5e:02:f5:31:8b:38:de:25:e7:18:c5:ba:ed:c2:65:66:83:1f:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\0bb\nfsdk\netFilterSdk\nfsdk-src\driver_wfp\msvc\Win7Release\Win32\netfilter2.pdb

Imports

fwpkclnt.sys

FwpsFreeNetBufferList0

ndis.sys

NdisGetDataBuffer
NdisAllocateGenericObject
NdisFreeGenericObject
NdisAdvanceNetBufferDataStart
NdisWaitEvent
NdisAllocateNetBufferListPool
NdisFreeNetBufferListPool
NdisRetreatNetBufferDataStart
NdisInitializeEvent

ntoskrnl.exe

memcpy
memset
RtlInitUnicodeString
RtlAppendUnicodeToString
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
ExFreePoolWithTag
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
MmBuildMdlForNonPagedPool
MmGetSystemRoutineAddress
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
MmFreePagesFromMdl
PsCreateSystemThread
ExUuidCreate
IoAllocateMdl
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoFreeMdl
IoReleaseCancelSpinLock
ObReferenceObjectByHandle
ObfDereferenceObject
ZwClose
ZwOpenKey
ZwQueryValueKey
PsGetCurrentProcessId
ZwSetInformationThread
RtlLengthSid
RtlCreateAcl
RtlAddAccessAllowedAce
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwSetSecurityObject
SeExports
_stricmp
ZwQuerySystemInformation
KeQuerySystemTime
_allmul
_aulldiv
_aullrem
RtlValidSid
swprintf_s
RtlUnwind
KeBugCheckEx
ExAllocatePoolWithTag
RtlCompareMemory
PsTerminateSystemThread

hal

KeGetCurrentIrql
KeReleaseInStackQueuedSpinLock
KeAcquireInStackQueuedSpinLock

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ping+/wintun.dll
.dll windows:6 windows x86 arch:x86

85d06bb8dccb5014c9a7a3146af5ef48

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:63:d5:fc:a7:28:88:2f:36:ff:1b:df:5d:85:f0:ba
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/12/2018, 00:00

Not After

14/12/2021, 12:00

Subject

SERIALNUMBER=4227913,CN=WireGuard LLC,O=WireGuard LLC,L=Boulder,ST=Colorado,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13044f68696f,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:08:7b:e6:e4:6f:97:89:4a:6c:3c:14:6c:cb:ca:a9:c4:46:23:57:4e:a7:6b:cc:2c:f8:a4:7c:b8:9a:8f:17
Signer

Actual PE Digest

43:08:7b:e6:e4:6f:97:89:4a:6c:3c:14:6c:cb:ca:a9:c4:46:23:57:4e:a7:6b:cc:2c:f8:a4:7c:b8:9a:8f:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Jason A. Donenfeld\Projects\wintun\Release\x86\wintun.pdb

Imports

kernel32

HeapCreate
GetCurrentProcess
LoadLibraryExA
CloseHandle
HeapDestroy
GetProcAddress
LocalFree
GetModuleHandleW
IsWow64Process
HeapFree
SetLastError
WaitForSingleObject
CreateFileW
OpenProcess
QueueUserWorkItem
CreateEventW
Sleep
GetLastError
SetEvent
HeapAlloc
GetCurrentProcessId
GetProcessTimes
RemoveDirectoryW
DeleteFileW
FormatMessageW
EnterCriticalSection
CreatePrivateNamespaceW
OpenPrivateNamespaceW
LeaveCriticalSection
InitializeCriticalSection
CreateBoundaryDescriptorW
CreateMutexW
ReleaseMutex
ClosePrivateNamespace
AddSIDToBoundaryDescriptor
DeleteCriticalSection
DeleteBoundaryDescriptor
ExpandEnvironmentStringsW
HeapReAlloc
CreateDirectoryW
SizeofResource
WriteFile
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryW
VirtualFree
DeviceIoControl
VirtualAlloc
InitializeCriticalSectionAndSpinCount
ReadFile
SetHandleInformation
CreatePipe
GetExitCodeThread
CreateThread
CreateProcessW
DecodePointer
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapSize
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStringTypeW
SetFilePointerEx
SetStdHandle
WriteConsoleW

ntdll

NtQuerySystemInformation
RtlNtStatusToDosError
RtlGetNtVersionNumbers
NtQueryKey
NtQuerySystemTime

Exports

Exports

WintunAllocateSendPacket
WintunCloseAdapter
WintunCreateAdapter
WintunDeleteDriver
WintunEndSession
WintunGetAdapterLUID
WintunGetReadWaitEvent
WintunGetRunningDriverVersion
WintunOpenAdapter
WintunReceivePacket
WintunReleaseReceivePacket
WintunSendPacket
WintunSetLogger
WintunStartSession

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d75e28e95315ad872c1c816e98caee7e

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

b1:38:e6:66:0d:ca:7c:c3:77:cb:2f:6f:60:27:f6:16Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

7a:cf:27:8a:d2:bb:1d:d8:43:48:41:53:92:cf:cb:c9:47:38:d4:9c:cf:91:4e:4e:8b:cd:e5:e8:c1:96:f3:35Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

dae02f32a21e03ce65412f6e56942daa

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

10:2e:fe:84:14:8b:ae:03:0f:cd:7f:3f:9c:78:27:de:34:10:54:0d:94:1e:1c:c4:e6:3d:5a:61:0b:7e:dc:43Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 388KB - Virtual size: 388KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

ae94e7e35747470c61bf70e22ccd5d26

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Exports

Exports

Sections

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

b1:38:e6:66:0d:ca:7c:c3:77:cb:2f:6f:60:27:f6:16
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

7a:cf:27:8a:d2:bb:1d:d8:43:48:41:53:92:cf:cb:c9:47:38:d4:9c:cf:91:4e:4e:8b:cd:e5:e8:c1:96:f3:35
Signer

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0e:44:18:e2:de:de:36:dd:29:74:c3:44:3a:fb:5c:e5
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

10:2e:fe:84:14:8b:ae:03:0f:cd:7f:3f:9c:78:27:de:34:10:54:0d:94:1e:1c:c4:e6:3d:5a:61:0b:7e:dc:43
Signer

.text
Size: 388KB - Virtual size: 388KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 983KB - Virtual size: 983KB

.rdata
Size: 182KB - Virtual size: 182KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 38KB - Virtual size: 37KB

.text
Size: - Virtual size: 1.2MB

.`lL
Size: - Virtual size: 672B

.<*:
Size: 512B - Virtual size: 8B

.$J/
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 94KB - Virtual size: 93KB

.rsrc
Size: 1024B - Virtual size: 996B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 335KB - Virtual size: 334KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:08:a2:f9:49:3a:c0:bc:e9:58:00:00:00:00:01:08
Certificate

33:00:00:01:b1:dd:ed:ba:54:e9:65:b8:5f:00:01:00:00:01:b1
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

33:00:00:01:03:5e:25:1c:99:1f:a3:1e:b8:00:00:00:00:01:03
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

09:0a:dc:5e:c5:b0:68:7d:34:6b:3f:55:ca:68:74:f4:3b:fa:41:fb:23:b3:aa:f5:81:60:b0:51:c2:59:57:36
Signer

ad:8c:47:6b:98:db:54:14:ae:46:db:a2:40:72:bb:19:ad:42:27:32
Signer

.text
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:01:14:96:9a:0d:f8:95:e4:71:49:00:00:00:00:01:14
Certificate