POSCON-Launcher-Setup-1[.]0[.]8[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

POSCON-Launcher-Setup-1.0.8.exe
Size

77.1MB
MD5

4fc8ecef84aa32aedf2cd71527d15ac7
SHA1

c273c6e960a561b56b19720aca2c49fda8cebfd6
SHA256

1d8bb30fab4c98b28c2d53203d786418d5a533745a2c1dae481ffbb7e5cec4b6
SHA512

ab3b3a97f146e6ea75e4c878e257581f84988073a4da3880118712fdf76df3f7cffe4b2300d272776584c76414f4143e6c98693846d9ea222e30e955eee33634
SSDEEP

1572864:nUykIJIcue7AcqtiW68G1buqAW3Ox6KDzvnkIj53hla5:nUGJHu5ck6F1jA0C3vnku5x85

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PosCon.Launcher.exe
unpack001/XPL/win.xpl
unpack001/e_sqlite3.dll
unpack001/x64/opus.dll
unpack001/x64/speexdsp.dll

Files

POSCON-Launcher-Setup-1.0.8.exe
.exe windows:4 windows x86 arch:x86

6e7f9a29f2c85394521a08b9f31f6275

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 15:43

Not After

07/11/2030, 16:13

Subject

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

Issuer

CN=Entrust Code Signing Root Certification Authority - CSBR1,O=Entrust\, Inc.,C=US

Not Before

07/05/2021, 19:20

Not After

29/12/2040, 23:59

Subject

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

46:50:01:54:81:70:95:cd:2a:18:3f:e0:54:63:02:c0
Certificate

Issuer

CN=Entrust Code Signing CA - OVCS2,O=Entrust\, Inc.,C=US

Not Before

05/12/2021, 20:37

Not After

05/12/2022, 20:37

Subject

CN=Positive Control LLC,O=Positive Control LLC,L=Philadelphia,ST=Pennsylvania,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:38:73:fc:c7:b6:1e:ab:cd:e8:e0:7f:2c:25:41:5a:b7:34:f1:7f:36:b5:5a:6b:05:55:2f:3f:21:a9:0b:53
Signer

Actual PE Digest

b3:38:73:fc:c7:b6:1e:ab:cd:e8:e0:7f:2c:25:41:5a:b7:34:f1:7f:36:b5:5a:6b:05:55:2f:3f:21:a9:0b:53

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
SetWindowPos
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersion
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
ExitProcess
CopyFileW
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
D3DCompiler_47_cor3.dll
.dll windows:10 windows x64 arch:x64

dc71769f237c0a3ba38879380c54a4e6

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:24

Not After

02/12/2021, 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b7:94:27:a2:50:36:cb:85:64:a2:66:3a:42:85:af:dc:54:0c:6a:fe:73:c2:fa:df:4a:19:fa:e9:e9:27:b8:06
Signer

Actual PE Digest

b7:94:27:a2:50:36:cb:85:64:a2:66:3a:42:85:af:dc:54:0c:6a:fe:73:c2:fa:df:4a:19:fa:e9:e9:27:b8:06

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_47.pdb

Imports

kernel32

WriteFile
FreeLibrary
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
GetSystemInfo
GetProcAddress
LoadLibraryExW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleW
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetStringTypeW
SetStdHandle
ReadFile
FreeEnvironmentStringsW
SetEnvironmentVariableW
RaiseException
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
ReadConsoleW
HeapSize
HeapReAlloc
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionEx
RtlPcToFileHeader
LocalAlloc
LocalFree
GetFileSizeEx
GetLastError
CreateFileW
HeapFree
GetProcessHeap
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetFileAttributesW
SetFileAttributesW
DeleteFileW
SetEndOfFile
DeviceIoControl
MapViewOfFileEx
CreateFileMappingA
ExpandEnvironmentStringsW
HeapAlloc
OutputDebugStringA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
HeapCreate
GetModuleFileNameA
CreateFileA
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetCurrentDirectoryW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
MultiByteToWideChar
GetEnvironmentStringsW
DisableThreadLibraryCalls

advapi32

CryptDestroyHash
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
CryptGetHashParam
CryptCreateHash
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 912KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PenImc_cor3.dll
.dll regsvr32 windows:6 windows x64 arch:x64

a00c864398b373b450ef34f00fe7b707

Code Sign

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/10/2021, 18:45

Not After

13/10/2022, 18:45

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:81:d4:dc:9e:da:3b:a7:b3:be:66:4f:46:86:17:fd:54:f3:75:fd:3b:b3:77:0e:d2:da:3c:6d:f8:05:2a:38
Signer

Actual PE Digest

9c:81:d4:dc:9e:da:3b:a7:b3:be:66:4f:46:86:17:fd:54:f3:75:fd:3b:b3:77:0e:d2:da:3c:6d:f8:05:2a:38

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\bin\PenImc\x64\Release\PenImc_cor3.pdb

Imports

kernel32

GetThreadLocale
SetThreadLocale
DeleteCriticalSection
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
CreateEventW
GetCurrentProcessId
OpenEventW
OpenMutexW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEvent
LocalFree
SignalObjectAndWait
IsWow64Process
GetCurrentProcess
OutputDebugStringW
CreateMutexW
CreateThread
QueueUserAPC
SetWaitableTimer
CancelWaitableTimer
CreateActCtxW
ActivateActCtx
VerSetConditionMask
LoadLibraryW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
ResetEvent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
RtlPcToFileHeader
InterlockedFlushSList
TlsFree
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
CreateWaitableTimerW
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwindEx
RtlLookupFunctionEntry
GetCurrentThreadId

user32

GetDesktopWindow
MonitorFromWindow
IsWindow
GetMonitorInfoW
GetSystemMetrics
MsgWaitForMultipleObjectsEx
GetWindow
EqualRect
GetWindowRect
CharNextW
CallNextHookEx
PeekMessageW
GetWindowThreadProcessId
SetWindowsHookExW
GetParent
UnhookWindowsHookEx

advapi32

ConvertSidToStringSidW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

ShellExecuteExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoLockObjectExternal
CoGetApartmentType
CoCreateInstance

oleaut32

UnRegisterTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
LoadTypeLi
SysFreeString
RegisterTypeLi

api-ms-win-crt-string-l1-1-0

wcscpy_s
wcsncmp
strcpy_s
wcsncpy_s
wcscat_s

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_recalloc
realloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_errno
abort
_initterm_e
terminate
_initterm
_invalid_parameter_noinfo
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

rpcrt4

NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
NdrDllUnregisterProxy
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke

Exports

Exports

CreateResetEvent
DestroyResetEvent
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetLastSystemEventData
GetPenEvent
GetPenEventMultiple
GetProxyDllInfo
LockWispObjectFromGit
RaiseResetEvent
RegisterDllForSxSCOM
UnlockWispObjectFromGit

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 197B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PosCon.Launcher.exe
.exe windows:6 windows x64 arch:x64

59e1615e45c8f3ab210e3df16d200414

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\Corehost.Static\singlefilehost.pdb

Imports

kernel32

MultiByteToWideChar
GetTickCount
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleW
FlushInstructionCache
RtlLookupFunctionEntry
RtlDeleteFunctionTable
InterlockedPushEntrySList
InterlockedFlushSList
InitializeSListHead
GetTickCount64
DuplicateHandle
QueueUserAPC
WaitForSingleObjectEx
SetThreadPriority
GetThreadPriority
ResumeThread
GetCurrentThreadId
Sleep
TlsAlloc
GetCurrentThread
CreateThread
WaitForMultipleObjectsEx
SignalObjectAndWait
RtlCaptureContext
SetThreadStackGuarantee
VirtualQuery
GetStdHandle
WideCharToMultiByte
GetConsoleOutputCP
MapViewOfFileEx
UnmapViewOfFile
GetStringTypeExW
SetEvent
GetCurrentProcessorNumber
GlobalMemoryStatusEx
CreateIoCompletionPort
PostQueuedCompletionStatus
SleepEx
GetQueuedCompletionStatus
InterlockedPopEntrySList
GetCurrentProcessorNumberEx
ExitProcess
CreateMemoryResourceNotification
GetProcessAffinityMask
SetThreadIdealProcessorEx
GetThreadIdealProcessorEx
GetLargePageMinimum
VirtualUnlock
GetLogicalProcessorInformation
SetThreadGroupAffinity
SetThreadAffinityMask
IsProcessInJob
QueryInformationJobObject
K32GetProcessMemoryInfo
VirtualAlloc
VirtualFree
VirtualProtect
SwitchToThread
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
GetFileSize
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateEventW
ResetEvent
CreateSemaphoreExW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
GetThreadContext
SuspendThread
SetThreadContext
GetEnabledXStateFeatures
InitializeContext
SetXStateFeaturesMask
RtlInstallFunctionTableCallback
GetSystemDefaultLCID
GetUserDefaultLCID
RtlUnwind
LoadLibraryExW
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
FormatMessageW
OutputDebugStringA
GetACP
LCMapStringEx
LocalFree
VerSetConditionMask
VerifyVersionInfoW
FindClose
GetModuleFileNameW
FindNextFileW
QueryThreadCycleTime
VirtualAllocExNuma
GetNumaProcessorNodeEx
GetNumaHighestNodeNumber
GetLogicalProcessorInformationEx
GetThreadGroupAffinity
GetSystemTimes
GetSystemTimeAsFileTime
CreateFileMappingW
CreateProcessW
GetCPInfo
CreateFileW
GetFileAttributesExW
GetTempPathW
GetCurrentDirectoryW
FindFirstFileExW
GetFullPathNameW
OpenProcess
LoadLibraryExA
OpenEventW
ExitThread
HeapReAlloc
CreateNamedPipeA
WaitForMultipleObjects
DisconnectNamedPipe
CreateFileA
CancelIoEx
GetOverlappedResult
ConnectNamedPipe
FlushFileBuffers
MapViewOfFile
GetActiveProcessorGroupCount
GetSystemTime
SetConsoleCtrlHandler
GetLocaleInfoEx
GetUserDefaultLocaleName
RtlAddFunctionTable
CreateDirectoryW
RemoveDirectoryW
GetFileSizeEx
LoadLibraryA
IsWow64Process
InitializeCriticalSectionAndSpinCount
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
RaiseFailFastException
FreeLibrary
RaiseException
WaitForSingleObject
TlsSetValue
TlsGetValue
GetSystemInfo
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WriteFile
GetProcessTimes
GetCommandLineW
ReadFile
SetFilePointer
GetProcAddress
GetModuleHandleExW
SetErrorMode
CloseHandle
GetCurrentProcess
FlushProcessWriteBuffers
SetLastError
GetLastError
OutputDebugStringW
RtlRestoreContext
DebugBreak
DecodePointer
GetStringTypeW
RtlVirtualUnwind
IsProcessorFeaturePresent
RtlUnwindEx
EncodePointer
TlsFree
RtlPcToFileHeader
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
TryEnterCriticalSection
GetExitCodeThread
CreateFileMappingA

advapi32

RegGetValueW
SetKernelObjectSecurity
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
EventRegister
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
SetThreadToken
RevertToSelf
OpenThreadToken
EventWriteTransfer
EventWrite

ole32

CoTaskMemAlloc
CoTaskMemFree
CoWaitForMultipleHandles
IIDFromString
CLSIDFromProgID
CoGetMarshalSizeMax
CoMarshalInterface
CoCreateGuid
CoGetObjectContext
CoRegisterInitializeSpy
CoGetContextToken
CoGetClassObject
CoCreateFreeThreadedMarshaler
CreateStreamOnHGlobal
StringFromGUID2
CoInitializeEx
CoUninitialize
CoUnmarshalInterface
CoRevokeInitializeSpy
CoReleaseMarshalData

oleaut32

SafeArrayAllocData
SafeArrayGetElemsize
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayPutElement
LoadRegTypeLi
CreateErrorInfo
SafeArrayAllocDescriptorEx
VarCyFromDec
VariantInit
VariantClear
SafeArraySetRecordInfo
VariantChangeType
SafeArrayGetVartype
LoadTypeLibEx
QueryPathOfRegTypeLi
SafeArrayDestroy
SafeArrayGetLBound
SafeArrayGetDim
SysAllocStringLen
SysStringLen
SysAllocString
SetErrorInfo
GetErrorInfo
SysFreeString
VariantChangeTypeEx
GetRecordInfoFromTypeInfo

user32

MessageBoxW
LoadStringW

version

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

shell32

ShellExecuteW

api-ms-win-crt-string-l1-1-0

strncmp
wcsncmp
iswupper
towlower
isalpha
isdigit
wcstok_s
strnlen
iswascii
towupper
wcscat_s
strcspn
wcscpy_s
_stricmp
strlen
isupper
strcmp
_wcsnicmp
_wcsdup
wcsncpy_s
tolower
islower
strtok_s
isspace
_strdup
__strncnt
strncpy_s
strcpy_s
wcsncat_s
strncat_s
strcat_s
iswspace
wcsnlen
_strnicmp
_wcsicmp

api-ms-win-crt-stdio-l1-1-0

fwrite
__stdio_common_vswprintf_s
__p__commode
_set_fmode
__stdio_common_vsnprintf_s
__stdio_common_vfwprintf
_flushall
_wfopen
_wfsopen
fseek
__stdio_common_vfprintf
ftell
__stdio_common_vsprintf_s
fputws
__acrt_iob_func
fflush
_fileno
_dup
_setmode
setvbuf
fputwc
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
fgetpos
fgetc
fputc
__stdio_common_vswprintf
fclose
fgets
__stdio_common_vsscanf
fopen
fputs
__stdio_common_vsnwprintf_s
_putws

api-ms-win-crt-runtime-l1-1-0

terminate
_errno
_beginthreadex
abort
exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_invalid_parameter_noinfo_noreturn
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
_exit
_controlfp_s
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo
_wcserror

api-ms-win-crt-convert-l1-1-0

atol
_ltow_s
strtoull
_atoi64
strtoul
wcstoul
_wtoi
_wcstoui64
_itow_s

api-ms-win-crt-heap-l1-1-0

calloc
free
_set_new_mode
malloc
realloc

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

ceil
atanf
atan2f
atan2
atan
asinf
asin
acosf
modff
cos
powf
pow
floorf
log2
atanh
acosh
cosf
cbrt
asinh
asinhf
ilogbf
atanhf
cbrtf
acoshf
log2f
fma
fmaf
fmod
cosh
coshf
modf
exp
expf
_fdopen
floor
_copysign
_copysignf
_isnanf
__setusermatherr
_isnan
ceilf
fmodf
ilogb
frexp
log
log10
log10f
logf
_finite
sin
sinf
sinh
sinhf
sqrt
sqrtf
tan
tanf
tanh
acos
tanhf

api-ms-win-crt-time-l1-1-0

_time64
wcsftime
_gmtime64_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_lock_locales
_unlock_locales
setlocale
__pctype_func
___lc_locale_name_func
___lc_codepage_func
___mb_cur_max_func
localeconv

api-ms-win-crt-filesystem-l1-1-0

_wrename
_wremove
_unlock_file
_lock_file

Exports

Exports

CLRJitAttachState
DotNetRuntimeInfo
MetaDataGetDispenser
g_CLREngineMetrics

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.CLR_UEF
Size: 512B - Virtual size: 271B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Section
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PresentationNative_cor3.dll
.dll windows:6 windows x64 arch:x64

ebf1d700138a4ac0667ea02c157b00e2

Code Sign

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/10/2021, 18:45

Not After

13/10/2022, 18:45

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:02:c4:15:96:87:d2:7c:93:09:6e:96:d6:6e:62:ea:b6:96:a2:24:5a:83:b0:ed:e0:75:a7:61:49:ae:0f:ec
Signer

Actual PE Digest

38:02:c4:15:96:87:d2:7c:93:09:6e:96:d6:6e:62:ea:b6:96:a2:24:5a:83:b0:ed:e0:75:a7:61:49:ae:0f:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\bin\PresentationNative\x64\Release\PresentationNative_cor3.pdb

Imports

kernel32

UnhandledExceptionFilter
TerminateThread
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetCurrentThread
GetProcAddress
VerSetConditionMask
FreeLibrary
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
OutputDebugStringW
DeleteCriticalSection
DisableThreadLibraryCalls
LoadLibraryW
InitializeCriticalSection
InitializeCriticalSectionEx
GlobalDeleteAtom
DebugBreak
OutputDebugStringA
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
EncodePointer
SetLastError
GetLastError

ntdll

NtQuerySystemInformation
RtlVirtualUnwind
RtlPcToFileHeader
DbgBreakPoint
RtlCaptureContext
RtlUnwindEx
DbgPrintEx
RtlLookupFunctionEntry
DbgPrompt

api-ms-win-crt-runtime-l1-1-0

abort
terminate
_cexit
_register_onexit_function
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

iswpunct
strcpy_s
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

user32

GetKeyboardLayoutList
SetWindowLongPtrW
SetWindowLongW
SetScrollPos
SetFocus
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
GetWindowLongPtrW
GetWindowLongW
GetWindow
GetParent
GetMenuBarInfo
GetAncestor
FindWindowExW
EnableWindow

gdi32

GetTextExtentPoint32W

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear

Exports

Exports

CreateDocContext
CreateInstalledObjectsInfo
CreateTextAnalysisSink
CreateTextAnalysisSource
DestroyDocContext
DestroyInstalledObjectsInfo
EnableWindowWrapper
FindWindowExWrapper
FsAddFigureObstacle
FsClearUpdateInfoInPage
FsClearUpdateInfoInSubpage
FsClearUpdateInfoInSubtrack
FsClearUpdateInfoInTableSrv
FsCommitFilledRectangle
FsCompareSubpages
FsCompareSubtrack
FsCompareTableSrv
FsCreateDocContext
FsCreateDummyFootnoteRejector
FsCreatePageBottomless
FsCreatePageFinite
FsCreateSubpageBottomless
FsCreateSubpageFinite
FsDestroyDocContext
FsDestroyFootnoteRejector
FsDestroyPage
FsDestroyPageBreakRecord
FsDestroySubpage
FsDestroySubpageBreakRecord
FsDestroySubtrack
FsDestroySubtrackBreakRecord
FsDestroyTableSrv
FsDestroyTableSrvBreakRecord
FsDuplicateGeometry
FsDuplicatePageBreakRecord
FsDuplicateSubpageBreakRecord
FsDuplicateSubtrackBreakRecord
FsDuplicateTableSrvBreakRecord
FsFAllFootnotesAllowed
FsFFootnoteAllowed
FsFormatSubtrackBottomless
FsFormatSubtrackFinite
FsFormatTableSrvBottomless
FsFormatTableSrvFinite
FsGetClientHandle
FsGetColumnRectangle
FsGetEmptySpaces
FsGetFigureObstacleData
FsGetFloaterFsimethods
FsGetIntervals
FsGetMaxNumberEmptySpaces
FsGetMaxNumberIntervals
FsGetNextTick
FsGetNumberSubpageFootnotes
FsGetNumberSubtrackFootnotes
FsGetPageRectangle
FsGetShiftOffset
FsGetSubpageColumnBalancingInfo
FsGetSubpageFootnoteInfo
FsGetSubtrackColumnBalancingInfo
FsGetSubtrackFootnoteInfo
FsGetTableObjFsimethods
FsGetTableSrvColumnBalancingInfo
FsGetTableSrvFootnoteInfo
FsGetTableSrvNumberFootnotes
FsJustifySubpage
FsQueryAttachedObjectList
FsQueryCompositeColumnDetails
FsQueryCompositeColumnFootnoteList
FsQueryDcpLineVariantsFromCachedTextPara
FsQueryEndnoteColumnDetails
FsQueryFigureObjectDetails
FsQueryFloaterDetails
FsQueryFootnoteColumnDetails
FsQueryFootnoteColumnTrackList
FsQueryHeightDefinedColumnSpanAreaList
FsQueryLineCompositeElementList
FsQueryLineListComposite
FsQueryLineListSingle
FsQueryPageDetails
FsQueryPageFootnoteColumnList
FsQueryPageSectionList
FsQuerySectionBasicColumnList
FsQuerySectionCompositeColumnList
FsQuerySectionDetails
FsQuerySectionEndnoteColumnList
FsQuerySegmentDefinedColumnSpanAreaList
FsQuerySubpageBasicColumnList
FsQuerySubpageDetails
FsQuerySubpageHeightDefinedColumnSpanAreaList
FsQuerySubpageSegmentDefinedColumnSpanAreaList
FsQuerySubtrackDetails
FsQuerySubtrackParaList
FsQueryTableObjCellList
FsQueryTableObjDetails
FsQueryTableObjFigureCountWord
FsQueryTableObjFigureListWord
FsQueryTableObjRowDetails
FsQueryTableObjRowList
FsQueryTableObjTableProperDetails
FsQueryTableSrvCellList
FsQueryTableSrvRowDetails
FsQueryTableSrvRowList
FsQueryTableSrvTableDetails
FsQueryTextDetails
FsQueryTrackDetails
FsQueryTrackParaList
FsRegisterFloatObstacle
FsReleaseGeometry
FsResolveOverlap
FsRestoreGeometry
FsShiftSubtrackVertical
FsSynchronizeBottomlessSubtrack
FsTransferDisplayInfoSubpage
FsTransferDisplayInfoSubtrack
FsTransferDisplayInfoTableSrv
FsTransformBbox
FsTransformPoint
FsTransformRectangle
FsTransformVector
FsUpdateBottomlessPage
FsUpdateBottomlessSubpage
FsUpdateBottomlessSubtrack
FsUpdateBottomlessTableSrv
FsUpdateFinitePage
GetAncestorWrapper
GetFloaterHandlerInfo
GetKeyboardLayoutListWrapper
GetMenuBarInfoWrapper
GetNumberSubstitutionList
GetParentWrapper
GetScriptAnalysisList
GetTableObjHandlerInfo
GetTextExtentPoint32Wrapper
GetWindowLongPtrWrapper
GetWindowLongWrapper
GetWindowTextLengthWrapper
GetWindowTextWrapper
GetWindowWrapper
GlobalDeleteAtomWrapper
IsPrintPackageTargetSupported
IsStartXpsPrintJobSupported
IsWindows10OrGreater
IsWindows10RS1OrGreater
IsWindows10RS2OrGreater
IsWindows10RS3OrGreater
IsWindows10RS4OrGreater
IsWindows10RS5OrGreater
IsWindows10TH1OrGreater
IsWindows10TH2OrGreater
IsWindows7OrGreater
IsWindows7SP1OrGreater
IsWindows8OrGreater
IsWindows8Point1OrGreater
IsWindowsServer
IsWindowsVistaOrGreater
IsWindowsVistaSP1OrGreater
IsWindowsVistaSP2OrGreater
IsWindowsXPOrGreater
IsWindowsXPSP1OrGreater
IsWindowsXPSP2OrGreater
IsWindowsXPSP3OrGreater
LateBoundStartXpsPrintJob
LoAcquireBreakRecord
LoAcquirePenaltyModule
LoCloneBreakRecord
LoCreateBreaks
LoCreateContext
LoCreateLine
LoCreateParaBreakingSession
LoDestroyContext
LoDisplayLine
LoDisposeBreakRecord
LoDisposeLine
LoDisposeParaBreakingSession
LoDisposePenaltyModule
LoEnumLine
LoGetEscString
LoGetPenaltyModuleInternalHandle
LoQueryLineCpPpoint
LoQueryLinePointPcp
LoRelievePenaltyResource
LoSetBreaking
LoSetDoc
LoSetTabs
LocbkGetObjectHandlerInfo
MILGetClassificationTables
MapWindowPointsWrapper
NlCreateHyphenator
NlDestroyHyphenator
NlGetClassObject
NlHyphenate
NlLoad
NlUnload
PrintToPackageTarget
SetFocusWrapper
SetScrollPosWrapper
SetWindowLongPtrWrapper
SetWindowLongWrapper

Sections

.text
Size: 941KB - Virtual size: 941KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
XPL/win.xpl
.dll windows:6 windows x64 arch:x64

964bb9d5584d500156162c604eaeb43d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

S:\repos\poscon\flightnet-core\src\FlightNetXPL\bin\Release\net6.0\win-x64\native\FlightNetXPL.pdb

Imports

xplm_64

XPLMGetPluginInfo
XPLMFindPluginBySignature
XPLMRegisterCommandHandler
XPLMUnregisterCommandHandler
XPLMCreateCommand
XPLMGetVersions
XPLMDebugString
XPLMSendMessageToPlugin
XPLMDestroyFlightLoop
XPLMCreateFlightLoop
XPLMGetDatab
XPLMGetDataf
XPLMGetDatad
XPLMGetDatai
XPLMSetDatai
XPLMIsPluginEnabled
XPLMScheduleFlightLoop
XPLMRegisterDataAccessor
XPLMUnregisterDataAccessor
XPLMFindDataRef

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
EventEnabled
EventRegister
EventWrite
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
GetWindowsAccountDomainSid
CreateWellKnownSid
GetTokenInformation
OpenProcessToken

bcrypt

BCryptGenRandom

kernel32

GetFileType
GetProcessHeap
GetStringTypeW
LCMapStringW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
GetThreadContext
SetLastError
FormatMessageW
GetLastError
CloseThreadpoolIo
GetStdHandle
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTime
GetTickCount64
GetCurrentProcessorNumber
GetCurrentProcess
GetCurrentThread
WaitForSingleObject
Sleep
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
InitializeCriticalSection
InitializeConditionVariable
DeleteCriticalSection
LocalFree
EnterCriticalSection
LeaveCriticalSection
WakeConditionVariable
WaitForMultipleObjectsEx
GetProcAddress
LocalAlloc
GetConsoleOutputCP
WideCharToMultiByte
RaiseFailFastException
CreateThreadpoolIo
StartThreadpoolIo
CancelThreadpoolIo
SleepConditionVariableCS
FreeLibrary
GetFullPathNameW
GetLongPathNameW
LoadLibraryExW
QueryUnbiasedInterruptTime
CloseHandle
SetEvent
ResetEvent
CreateEventExW
WriteFile
CreateThread
ResumeThread
DuplicateHandle
GetThreadPriority
SetThreadPriority
VerSetConditionMask
ConnectNamedPipe
CancelIoEx
ReadFile
CreateNamedPipeW
FlushProcessWriteBuffers
GetCurrentThreadId
WaitForSingleObjectEx
VirtualQuery
RtlVirtualUnwind
AddVectoredExceptionHandler
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
TerminateProcess
SwitchToThread
SuspendThread
GetSystemInfo
VirtualAlloc
VirtualFree
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
InitializeCriticalSectionEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetEnvironmentVariableW
GetSystemTimeAsFileTime
DebugBreak
SleepEx
GlobalMemoryStatusEx
GetTickCount
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
GetWriteWatch
ResetWriteWatch
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
K32GetProcessMemoryInfo
FlsFree
FreeEnvironmentStringsW
GetEnvironmentStringsW
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
GetCurrentProcessId
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoGetApartmentType
CoCreateGuid
CoWaitForMultipleHandles

Exports

Exports

DotNetRuntimeDebugHeader
XPluginDisable
XPluginEnable
XPluginReceiveMessage
XPluginStart
XPluginStop

Sections

.text
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.managed
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 381KB - Virtual size: 381KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e_sqlite3.dll
.dll windows:6 windows x64 arch:x64

c984fbc3eb2fd6f90b9b09139444370f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\cb\cb\cb\bld\bin\e_sqlite3\win\v142\plain\x64\e_sqlite3.pdb

Imports

kernel32

FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
GetProcAddress
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
WriteConsoleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetTimeZoneInformation
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_filename
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_data_directory
sqlite3_database_file_object
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_drop_modules
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_filename_database
sqlite3_filename_journal
sqlite3_filename_wal
sqlite3_finalize
sqlite3_free
sqlite3_free_filename
sqlite3_free_table
sqlite3_fts3_may_be_corrupt
sqlite3_fts5_may_be_corrupt
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_hard_heap_limit64
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_key_v2
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_rekey
sqlite3_rekey_v2
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snapshot_cmp
sqlite3_snapshot_free
sqlite3_snapshot_get
sqlite3_snapshot_open
sqlite3_snapshot_recover
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_txn_state
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_key
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vcruntime140_cor3.dll
.dll windows:6 windows x64 arch:x64

7f07fd94e5bb907093556781cc464017

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

71:f4:6e:77:5c:30:41:e0:e3:df:bb:07:e1:63:9c:14:eb:d4:98:cc:e1:b1:43:ec:84:ef:f4:96:a1:85:dc:9f
Signer

Actual PE Digest

71:f4:6e:77:5c:30:41:e0:e3:df:bb:07:e1:63:9c:14:eb:d4:98:cc:e1:b1:43:ec:84:ef:f4:96:a1:85:dc:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\a01\_work\43\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
GetModuleFileNameW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wpfgfx_cor3.dll
.dll windows:6 windows x64 arch:x64

b73260cca7d15b74e4378cc8542732aa

Code Sign

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/10/2021, 18:45

Not After

13/10/2022, 18:45

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:03:e7:1d:82:89:a6:19:1a:69:98:07:e2:1f:ff:55:61:1e:68:1c:01:0e:fe:16:f0:fd:27:7f:77:35:c5:10
Signer

Actual PE Digest

39:03:e7:1d:82:89:a6:19:1a:69:98:07:e2:1f:ff:55:61:1e:68:1c:01:0e:fe:16:f0:fd:27:7f:77:35:c5:10

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\bin\wpfgfx\x64\Release\wpfgfx_cor3.pdb

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateEventW
CreateThread
GetCurrentThreadId
ResetEvent
TryEnterCriticalSection
MulDiv
QueryPerformanceCounter
Sleep
FindResourceW
LoadResource
LockResource
GlobalUnlock
QueryPerformanceFrequency
InitializeSListHead
InterlockedPushEntrySList
QueryDepthSList
InterlockedFlushSList
SleepEx
RtlCaptureStackBackTrace
IsDebuggerPresent
ExitProcess
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
TerminateThread
LoadLibraryExW
GetCurrentProcessId
SetThreadPriority
InitializeCriticalSectionEx
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
WaitForSingleObjectEx
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
FindClose
FindFirstFileW
GetSystemDirectoryW
SystemTimeToFileTime
LoadLibraryA
LoadLibraryExA
GetVersionExW
DebugBreak
GetModuleFileNameW
FreeLibrary
OutputDebugStringW
LoadLibraryW
LeaveCriticalSection
SetEvent
EnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
GetLastError
DisableThreadLibraryCalls
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
EncodePointer
GetModuleHandleW
GetProcAddress
GetCurrentThread
GetSystemInfo
WaitForMultipleObjects
VirtualProtect
GetTickCount
SizeofResource
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
VirtualFree
VirtualAlloc
VerSetConditionMask
VirtualQuery

advapi32

UnregisterTraceGuids
RegQueryValueExW
RegCloseKey
AllocateLocallyUniqueId
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
TraceEvent
RegOpenKeyExW

ntdll

RtlVirtualUnwind
RtlFindClearBitsAndSet
RtlCaptureContext
NtQuerySystemInformation
RtlClearBits
RtlUnwindEx
RtlPcToFileHeader
RtlSetBits
DbgPrintEx
DbgPrompt
DbgBreakPoint
RtlLookupFunctionEntry
RtlInterlockedFlushSList
RtlInitializeBitMap

user32

EnumDisplayMonitors
GetMonitorInfoW
InvalidateRect
ClientToScreen
OffsetRect
SystemParametersInfoW
MonitorFromWindow
EnumDisplayDevicesW
ReleaseDC
GetDC
GetWindowDC
GetClientRect
SetLayeredWindowAttributes
WindowFromDC
GetWindowRect
EnumDisplaySettingsW
GetGuiResources
EqualRect
IntersectRect
SetRect
IsRectEmpty
PostMessageW
RegisterWindowMessageW
GetDesktopWindow
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
IsWindow
UpdateLayeredWindow
ScreenToClient
GetParent
GetWindowLongW

gdi32

GetRandomRgn
RealizePalette
CreatePalette
CreateCompatibleBitmap
SelectPalette
OffsetRgn
GetSystemPaletteEntries
CreateCompatibleDC
GetDIBits
CombineRgn
GetRgnBox
SetRectRgn
CreateRectRgn
GetRegionData
RectInRegion
CreateRectRgnIndirect
SelectObject
CreateDIBSection
DeleteObject
CreateICW
GetDeviceCaps
DeleteDC
BitBlt
SetLayout

ole32

CoCreateInstance
CoInitialize
CoUninitialize
PropVariantCopy
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

d3dcompiler_47_cor3

D3DCompile

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_initterm_e
_initterm
_invalid_parameter_noinfo_noreturn
terminate
_cexit
abort

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-math-l1-1-0

sqrtf
sqrt
sinf
sin
pow
logf
fmodf
fmod
floor
exp
modf
cosf
cos
ceilf
atan2f
nextafterf
_isnan
_copysign
floorf
_finite
tan

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

wcsncmp
strcpy_s

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

GetNextPerfElementId
IWICColorContext_GetExifColorSpace_Proxy
IWICColorContext_GetProfileBytes_Proxy
IWICColorContext_GetType_Proxy
InteropDeviceBitmap_AddDirtyRect
InteropDeviceBitmap_Create
InteropDeviceBitmap_Detach
InteropDeviceBitmap_GetAsSoftwareBitmap
MIL3DCalcProjected2DBounds
MILAddRef
MILCreateEventProxy
MILCreateFactory
MILCreateStreamFromStreamDescriptor
MILFactoryCreateBitmapRenderTarget
MILFactoryCreateMediaPlayer
MILFactoryCreateSWRenderTargetForBitmap
MILIStreamWrite
MILLoadResource
MILMediaCanPause
MILMediaClose
MILMediaGetBufferingProgress
MILMediaGetDownloadProgress
MILMediaGetMediaLength
MILMediaGetNaturalHeight
MILMediaGetNaturalWidth
MILMediaGetPosition
MILMediaHasAudio
MILMediaHasVideo
MILMediaIsBuffering
MILMediaNeedUIFrameUpdate
MILMediaOpen
MILMediaProcessExitHandler
MILMediaSetBalance
MILMediaSetIsScrubbingEnabled
MILMediaSetPosition
MILMediaSetRate
MILMediaSetVolume
MILMediaShutdown
MILMediaStop
MILQueryInterface
MILRelease
MILRenderTargetBitmapClear
MILRenderTargetBitmapGetBitmap
MILSwDoubleBufferedBitmapAddDirtyRect
MILSwDoubleBufferedBitmapCreate
MILSwDoubleBufferedBitmapGetBackBuffer
MILSwDoubleBufferedBitmapProtectBackBuffer
MILUpdateSystemParametersInfo
MilChannel_AppendCommandData
MilChannel_BeginCommand
MilChannel_CloseBatch
MilChannel_CommitChannel
MilChannel_EndCommand
MilChannel_GetMarshalType
MilChannel_SetNotificationWindow
MilChannel_SetReceiveBroadcastMessages
MilCompositionEngine_DeinitializePartitionManager
MilCompositionEngine_EnterCompositionEngineLock
MilCompositionEngine_ExitCompositionEngineLock
MilCompositionEngine_GetComposedEventId
MilCompositionEngine_InitializePartitionManager
MilCompositionEngine_UpdateSchedulerSettings
MilComposition_PeekNextMessage
MilComposition_SyncFlush
MilComposition_WaitForNextMessage
MilConnection_CreateChannel
MilConnection_DestroyChannel
MilContent_AttachToHwnd
MilContent_DetachFromHwnd
MilGlyphRun_GetGlyphOutline
MilGlyphRun_ReleasePathGeometryData
MilPlayer_Create
MilPlayer_Process
MilResource_CreateCWICWrapperBitmap
MilResource_CreateOrAddRefOnChannel
MilResource_DuplicateHandle
MilResource_GetRefCountOnChannel
MilResource_ReleaseOnChannel
MilResource_SendCommand
MilResource_SendCommandBitmapSource
MilResource_SendCommandMedia
MilUtility_ArcToBezier
MilUtility_CopyPixelBuffer
MilUtility_GeometryGetArea
MilUtility_GetPointAtLengthFraction
MilUtility_GetTileBrushMapping
MilUtility_PathGeometryBounds
MilUtility_PathGeometryCombine
MilUtility_PathGeometryFlatten
MilUtility_PathGeometryHitTest
MilUtility_PathGeometryHitTestPathGeometry
MilUtility_PathGeometryOutline
MilUtility_PathGeometryWiden
MilUtility_PolygonBounds
MilUtility_PolygonHitTest
MilVersionCheck
MilVisualTarget_AttachToHwnd
MilVisualTarget_DetachFromHwnd
RenderOptions_ForceSoftwareRenderingModeForProcess
RenderOptions_IsSoftwareRenderingForcedForProcess
SetMilPerfInstrumentationFlags
WgxConnection_Create
WgxConnection_Disconnect
WgxConnection_SameThreadPresent
WgxConnection_ShouldForceSoftwareForGraphicsStreamClient

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/msquic.dll
.dll windows:6 windows x64 arch:x64

4e89b3526ae6bf9c5f012772cea5ae95

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:9f:5b:61:f9:ed:7e:ff:1f:a6:10:c2:49:e0:64:2b:82:1d:71:e5:20:08:1f:40:ae:0c:96:8a:47:eb:1d:8c
Signer

Actual PE Digest

7c:9f:5b:61:f9:ed:7e:ff:1f:a6:10:c2:49:e0:64:2b:82:1d:71:e5:20:08:1f:40:ae:0c:96:8a:47:eb:1d:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\__w\1\s\artifacts\bin\windows\x64_Release_schannel\msquic.pdb

Imports

secur32

FreeCredentialsHandle
SetCredentialsAttributesW
QueryContextAttributesW
DeleteSecurityContext
AcceptSecurityContext
AcquireCredentialsHandleW
InitializeSecurityContextW

ws2_32

setsockopt
htonl
getsockopt
WSARecv
GetAddrInfoW
connect
socket
getsockname
WSAStartup
WSASocketW
shutdown
WSASend
closesocket
WSAIoctl
bind
FreeAddrInfoW
WSACleanup
WSAGetLastError

ntdll

RtlNtStatusToDosError
NtSetInformationThread
RtlInitUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx

bcrypt

BCryptGenRandom
BCryptDecrypt
BCryptGenerateSymmetricKey
BCryptEncrypt
BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptHashData
BCryptSetProperty
BCryptCreateHash

crypt32

CertFindCertificateInStore
CertGetNameStringA
CertGetCertificateContextProperty
CertOpenStore
CertFreeCertificateContext
CertCloseStore

iphlpapi

GetCurrentThreadCompartmentId
SetCurrentThreadCompartmentId

advapi32

RegNotifyChangeKeyValue
RegQueryValueExA
RegOpenKeyExA
EventRegister
EventUnregister
EventWriteTransfer
RegCloseKey

kernel32

LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCommandLineW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
GetProcessHeap
SetFilePointerEx
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
WriteConsoleW
CreateFileW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
CreateEventA
TlsFree
GetCommandLineA
GetCurrentProcessorNumberEx
EnterCriticalSection
GetSystemTimeAdjustment
LeaveCriticalSection
InitializeCriticalSection
GetActiveProcessorCount
DeleteCriticalSection
GetModuleHandleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
InitializeSListHead
InterlockedPopEntrySList
InitializeSRWLock
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InterlockedPushEntrySList
QueryDepthSList
WaitForSingleObject
CloseHandle
InterlockedFlushSList
GetCurrentThreadId
SetThreadPriority
GetLastError
CreateThread
SetThreadIdealProcessor
SetThreadGroupAffinity
HeapCreate
HeapFree
MultiByteToWideChar
GetLogicalProcessorInformationEx
QueryPerformanceFrequency
HeapAlloc
HeapDestroy
GlobalMemoryStatusEx
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CancelIo
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIoEx
GetCurrentProcessorNumber
CreateIoCompletionPort
SetFileCompletionNotificationModes
GetStartupInfoW
ExitProcess
RaiseException
LoadLibraryExW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
IsDebuggerPresent
FreeLibrary

Exports

Exports

MsQuicClose
MsQuicOpen
MsQuicOpenVersion

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/o/msquic.dll
.dll windows:6 windows x64 arch:x64

775d317bd916b7f13f01084580907cbb

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:31

Not After

02/12/2021, 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:93:1f:ab:76:0b:86:66:ca:3b:d5:75:7d:f9:bc:9a:96:84:9a:7c:cb:c8:16:c3:28:a7:ea:8d:99:af:c5:e4
Signer

Actual PE Digest

7a:93:1f:ab:76:0b:86:66:ca:3b:d5:75:7d:f9:bc:9a:96:84:9a:7c:cb:c8:16:c3:28:a7:ea:8d:99:af:c5:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\__w\1\s\artifacts\bin\windows\x64_Release_openssl\msquic.pdb

Imports

ws2_32

WSASetLastError
send
recv
WSACleanup
WSAGetLastError
bind
WSAIoctl
closesocket
WSASend
shutdown
WSASocketW
WSAStartup
getsockname
socket
connect
GetAddrInfoW
WSARecv
getsockopt
htonl
setsockopt
FreeAddrInfoW

ntdll

RtlLookupFunctionEntry
RtlUnwindEx
RtlCaptureContext
RtlVirtualUnwind
NtSetInformationThread
RtlInitUnicodeString

bcrypt

BCryptGenRandom

ncrypt

NCryptFreeObject
NCryptGetProperty

crypt32

CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertGetNameStringA
CertGetCertificateContextProperty
CertFindCertificateInStore
CryptAcquireCertificatePrivateKey
CertCreateCertificateChainEngine
CertVerifyCertificateChainPolicy
CertOpenStore
CertFreeCertificateChain
CertSetCertificateContextProperty
PFXExportCertStoreEx
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CertFreeCertificateContext
CertGetCertificateChain
CertCreateContext

iphlpapi

GetCurrentThreadCompartmentId
SetCurrentThreadCompartmentId

advapi32

CryptReleaseContext
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
EventWriteTransfer
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegNotifyChangeKeyValue
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
EventRegister
EventUnregister

kernel32

IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetStringTypeW
FindFirstFileExW
HeapSize
WriteConsoleW
SetEndOfFile
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
FreeLibrary
GetFileSizeEx
FlushFileBuffers
SetFilePointerEx
GetConsoleCP
GetTimeZoneInformation
LoadLibraryExW
RaiseException
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ReadFile
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
GetModuleFileNameW
CompareStringW
LCMapStringW
CloseHandle
GetCurrentProcessorNumberEx
EnterCriticalSection
GetSystemTimeAdjustment
LeaveCriticalSection
InitializeCriticalSection
GetActiveProcessorCount
DeleteCriticalSection
GetModuleHandleW
GetSystemTimeAsFileTime
QueryPerformanceCounter
InitializeSListHead
InterlockedPopEntrySList
InitializeSRWLock
ReleaseSRWLockExclusive
SetEvent
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
InterlockedPushEntrySList
QueryDepthSList
WaitForSingleObject
GetCurrentProcess
CreateEventA
GetCurrentThreadId
SetThreadPriority
GetLastError
CreateThread
SetThreadIdealProcessor
SetThreadGroupAffinity
HeapCreate
HeapFree
MultiByteToWideChar
GetLogicalProcessorInformationEx
QueryPerformanceFrequency
HeapAlloc
HeapDestroy
GlobalMemoryStatusEx
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CancelIo
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CancelIoEx
GetCurrentProcessorNumber
CreateIoCompletionPort
SetFileCompletionNotificationModes
FileTimeToSystemTime
GetProcessHeap
SystemTimeToFileTime
GetSystemTime
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
GetProcAddress
ConvertFiberToThread
ConvertThreadToFiber
GetCurrentProcessId
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
HeapReAlloc

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW

Exports

Exports

MsQuicClose
MsQuicOpen
MsQuicOpenVersion

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/opus.dll
.dll windows:6 windows x64 arch:x64

8d35633937fc3a4062660f2689a48f0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

S:\repos\Microsoft\vcpkg\buildtrees\opus\x64-windows-rel\opus.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memmove
memcpy
memset

api-ms-win-crt-math-l1-1-0

sqrt
floor
cos
exp
log10
pow
log
lrintf

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_initialize_narrow_environment
abort
_cexit
_execute_onexit_table
_configure_narrow_argv
_initialize_onexit_table
_seh_filter_dll

kernel32

GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
RtlCaptureContext
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent

Exports

Exports

opus_decode
opus_decode_float
opus_decoder_create
opus_decoder_ctl
opus_decoder_destroy
opus_decoder_get_nb_samples
opus_decoder_get_size
opus_decoder_init
opus_encode
opus_encode_float
opus_encoder_create
opus_encoder_ctl
opus_encoder_destroy
opus_encoder_get_size
opus_encoder_init
opus_get_version_string
opus_multistream_decode
opus_multistream_decode_float
opus_multistream_decoder_create
opus_multistream_decoder_ctl
opus_multistream_decoder_destroy
opus_multistream_decoder_get_size
opus_multistream_decoder_init
opus_multistream_encode
opus_multistream_encode_float
opus_multistream_encoder_create
opus_multistream_encoder_ctl
opus_multistream_encoder_destroy
opus_multistream_encoder_get_size
opus_multistream_encoder_init
opus_multistream_packet_pad
opus_multistream_packet_unpad
opus_multistream_surround_encoder_create
opus_multistream_surround_encoder_get_size
opus_multistream_surround_encoder_init
opus_packet_get_bandwidth
opus_packet_get_nb_channels
opus_packet_get_nb_frames
opus_packet_get_nb_samples
opus_packet_get_samples_per_frame
opus_packet_pad
opus_packet_parse
opus_packet_unpad
opus_pcm_soft_clip
opus_projection_ambisonics_encoder_create
opus_projection_ambisonics_encoder_get_size
opus_projection_ambisonics_encoder_init
opus_projection_decode
opus_projection_decode_float
opus_projection_decoder_create
opus_projection_decoder_ctl
opus_projection_decoder_destroy
opus_projection_decoder_get_size
opus_projection_decoder_init
opus_projection_encode
opus_projection_encode_float
opus_projection_encoder_ctl
opus_projection_encoder_destroy
opus_repacketizer_cat
opus_repacketizer_create
opus_repacketizer_destroy
opus_repacketizer_get_nb_frames
opus_repacketizer_get_size
opus_repacketizer_init
opus_repacketizer_out
opus_repacketizer_out_range
opus_strerror

Sections

.text
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/speexdsp.dll
.dll windows:6 windows x64 arch:x64

29fbc50057c222761f8c75eb30b4d55f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

S:\repos\Microsoft\vcpkg\buildtrees\speexdsp\x64-windows-rel\speexdsp.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memmove
memset
memcpy

api-ms-win-crt-heap-l1-1-0

realloc
free
calloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-math-l1-1-0

exp
sqrt
log
pow
cos
atan
sin
floor

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initterm
_initialize_onexit_table
_cexit
_execute_onexit_table
exit
_configure_narrow_argv
_initterm_e
_seh_filter_dll

api-ms-win-crt-utility-l1-1-0

rand

kernel32

GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
RtlCaptureContext
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent

Exports

Exports

jitter_buffer_destroy
jitter_buffer_get
jitter_buffer_get_pointer_timestamp
jitter_buffer_init
jitter_buffer_put
jitter_buffer_reset
jitter_buffer_tick
jitter_buffer_update_delay
speex_buffer_destroy
speex_buffer_get_available
speex_buffer_init
speex_buffer_read
speex_buffer_resize
speex_buffer_write
speex_buffer_writezeros
speex_decorrelate
speex_decorrelate_destroy
speex_decorrelate_new
speex_echo_cancel
speex_echo_cancellation
speex_echo_capture
speex_echo_ctl
speex_echo_playback
speex_echo_state_destroy
speex_echo_state_init
speex_echo_state_init_mc
speex_echo_state_reset
speex_preprocess
speex_preprocess_ctl
speex_preprocess_estimate_update
speex_preprocess_run
speex_preprocess_state_destroy
speex_preprocess_state_init
speex_resampler_destroy
speex_resampler_get_input_stride
speex_resampler_get_output_stride
speex_resampler_get_quality
speex_resampler_get_rate
speex_resampler_get_ratio
speex_resampler_init
speex_resampler_init_frac
speex_resampler_process_float
speex_resampler_process_int
speex_resampler_process_interleaved_float
speex_resampler_process_interleaved_int
speex_resampler_reset_mem
speex_resampler_set_input_stride
speex_resampler_set_output_stride
speex_resampler_set_quality
speex_resampler_set_rate
speex_resampler_set_rate_frac
speex_resampler_skip_zeros
speex_resampler_strerror

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e7f9a29f2c85394521a08b9f31f6275

Code Sign

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7fCertificate

Extended Key Usages

Key Usages

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cdCertificate

Extended Key Usages

Key Usages

46:50:01:54:81:70:95:cd:2a:18:3f:e0:54:63:02:c0Certificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

b3:38:73:fc:c7:b6:1e:ab:cd:e8:e0:7f:2c:25:41:5a:b7:34:f1:7f:36:b5:5a:6b:05:55:2f:3f:21:a9:0b:53Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 80KB

.rsrc Size: 3KB - Virtual size: 3KB

dc71769f237c0a3ba38879380c54a4e6

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:dfCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

b7:94:27:a2:50:36:cb:85:64:a2:66:3a:42:85:af:dc:54:0c:6a:fe:73:c2:fa:df:4a:19:fa:e9:e9:27:b8:06Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 912KB - Virtual size: 911KB

.data Size: 64KB - Virtual size: 100KB

.pdata Size: 128KB - Virtual size: 127KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 34KB

a00c864398b373b450ef34f00fe7b707

Code Sign

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8dCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

9c:81:d4:dc:9e:da:3b:a7:b3:be:66:4f:46:86:17:fd:54:f3:75:fd:3b:b3:77:0e:d2:da:3c:6d:f8:05:2a:38Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

4e:40:e4:37:54:ed:e6:8c:00:00:00:00:51:d3:94:7f
Certificate

71:ef:55:74:af:35:54:c3:5a:2c:69:f6:6f:4b:6b:cd
Certificate

46:50:01:54:81:70:95:cd:2a:18:3f:e0:54:63:02:c0
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

b3:38:73:fc:c7:b6:1e:ab:cd:e8:e0:7f:2c:25:41:5a:b7:34:f1:7f:36:b5:5a:6b:05:55:2f:3f:21:a9:0b:53
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 80KB

.rsrc
Size: 3KB - Virtual size: 3KB

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

b7:94:27:a2:50:36:cb:85:64:a2:66:3a:42:85:af:dc:54:0c:6a:fe:73:c2:fa:df:4a:19:fa:e9:e9:27:b8:06
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 912KB - Virtual size: 911KB

.data
Size: 64KB - Virtual size: 100KB

.pdata
Size: 128KB - Virtual size: 127KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 34KB

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

9c:81:d4:dc:9e:da:3b:a7:b3:be:66:4f:46:86:17:fd:54:f3:75:fd:3b:b3:77:0e:d2:da:3c:6d:f8:05:2a:38
Signer

.text
Size: 79KB - Virtual size: 78KB

.orpc
Size: 512B - Virtual size: 197B

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 6.0MB - Virtual size: 6.0MB

.CLR_UEF
Size: 512B - Virtual size: 271B

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 28KB - Virtual size: 120KB

.pdata
Size: 214KB - Virtual size: 214KB

.didat
Size: 512B - Virtual size: 24B

Section
Size: 512B - Virtual size: 8B

_RDATA
Size: 77KB - Virtual size: 76KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 28KB - Virtual size: 28KB

33:00:00:02:8d:7e:47:c3:82:7e:05:1a:2a:00:00:00:00:02:8d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

38:02:c4:15:96:87:d2:7c:93:09:6e:96:d6:6e:62:ea:b6:96:a2:24:5a:83:b0:ed:e0:75:a7:61:49:ae:0f:ec
Signer