VirusRemovalTools[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

VirusRemovalTools.rar
Size

252.1MB
MD5

1b3048ad5147b26932ace5ae8b686149
SHA1

7aea2de854b6e982883dce462e71ef5c5075dee1
SHA256

28f46e7b805e7a70d420991ba7d14b0b5d1ef3b032b75e1abc8e24655f4d3984
SHA512

d950806e8ba4f5b808d895a6fd86e507ca1c2fc6969df71d1d2a9471ec390f37f7806720641d241ab771a0a002e13ca1f39a89647f03f63c366b06bf78c3b322
SSDEEP

6291456:fuqJqN+qwEYGFAO0vbalQgov3tIEKVfdn6WpfupKKa4Tucx/gD3:W0qbYGF0balQZPtDUftKaiukO3

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/VirusRemovalTools/33. LastActivityView.exe	Nirsoft

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack001/VirusRemovalTools/40. FRST64.exe	autoit_exe

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/VirusRemovalTools/40. FRST64.exe

Files

VirusRemovalTools.rar
.rar
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.all-contributorsrc
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/FUNDING.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/ISSUE_TEMPLATE/bug_report.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/ISSUE_TEMPLATE/config.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/ISSUE_TEMPLATE/feature_request.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/ISSUE_TEMPLATE/maintenance_suggestion.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/config.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/dependabot.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/lock.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/release-drafter.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/workflows/coverage.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/workflows/release.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/workflows/releasetestpypi.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/workflows/terminaltest.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.github/workflows/tests2.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/.gitignore
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/.gitattributes
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/3ways.gif
.gif
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/Favorites/binoculars.jpg
.jpg
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/Favorites/icons8-ios-100.svg
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/Favorites/icons8-ios-50.svg
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/Favorites/icons8-ios-filled-100.svg
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/Favorites/icons8-ios-filled-50.svg
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/apple.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/arch.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/binoculars.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/ciphey_gooder_cyberchef.gif
.gif
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/docker.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/index.gif
.gif
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/lock1k1k.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/lock250250.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/lock_text_1k1k.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/macports.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/not_dying.gif
.gif
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/python.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/Pictures_for_README/windows.png
.png
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/__init__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/__main__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/__init__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/any.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/brandon.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/entropy.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/ezcheck.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/format.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/gtest.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/human.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/quorum.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/regex.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Checkers/what.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/__init__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/affine.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/ascii_shift.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/baconian.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/caesar.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/hash.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/rot47.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/soundex.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/vigenere.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/xandy.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/xor_single.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Crackers/xorcrypt.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/__init__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/a1z26.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/atbash.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/base58_bitcoin.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/base58_flickr.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/base58_ripple.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/base62.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/base64_url.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/base65536.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/base69.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/base91.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/bases.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/baudot.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/binary.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/braille.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/brainfuck.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/decimal.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/dna.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/dtmf.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/galactic.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/gzip.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/hexadecimal.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/leetspeak.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/letters.archive
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/morse_code.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/multi_tap.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/octal.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/reverse.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/tap_code.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/unicode.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/url.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/uuencode.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Decoders/z85.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Resources/__init__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Resources/cipheydists.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Resources/files.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Searchers/__init__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Searchers/astar.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Searchers/atar.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Searchers/ausearch.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Searchers/imperfection.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/Searchers/perfection.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/basemods/__init__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/ciphey.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/common.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/iface/__init__.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/iface/_config.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/iface/_fwd.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/iface/_modules.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/iface/_registry.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/ciphey/mathsHelper.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/codecov.yml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/license
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/noxfile.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/pyproject.toml
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/brandon_interface.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/cli.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/dict.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/enciphey.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/generate_tests.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/integration.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/lukas.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/speed_test.archive
.js
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/test_click.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/test_click_printing.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/test_main.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tests/test_regex.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/tools/freq_analysis.py
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/de/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/de/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/de/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/fr/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/hu/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/hu/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/hu/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/id/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/id/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/id/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/it/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/it/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/it/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/nl/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/nl/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/nl/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/pt-br/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/pt-br/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/pt-br/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/ru/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/ru/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/ru/README.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/zh/CODE_OF_CONDUCT.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/zh/CONTRIBUTING.md
VirusRemovalTools/0. Ciphey-5.14.0 (Decryption)/translations/zh/README.md
VirusRemovalTools/0. Windows Administrative Tools.lnk
.lnk
VirusRemovalTools/1. KVRT.exe
.exe windows:5 windows x86 arch:x86

868dc92668ff4b0d0241716d6769d9c6

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:ec:1d:79:45:83:1a:2a:59:69:f4:68
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

22/08/2023, 05:45

Not After

22/08/2026, 05:45

Subject

SERIALNUMBER=1027739867473,CN=AO Kaspersky Lab,O=AO Kaspersky Lab,STREET=sh Leningradskoye\, 39A / str 2,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

14:0f:d7:f6:d1:b5:7c:fc:3d:09:0d:4b:a2:2b:2a:0c:5d:ca:7a:f6:38:fb:cb:48:ff:cf:cc:42:35:24:e2:6c
Signer

Actual PE Digest

14:0f:d7:f6:d1:b5:7c:fc:3d:09:0d:4b:a2:2b:2a:0c:5d:ca:7a:f6:38:fb:cb:48:ff:cf:cc:42:35:24:e2:6c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\a\c\g_NYV6T3SE\r\product\removal_tools\output\out_Win32\Release\setup_kvrt.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

LocalFree
ReadFile
GetFileSizeEx
GetCurrentProcess
WriteFile
SetFileTime
SetEndOfFile
GetTempPathW
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
SetFilePointerEx
GetFileTime
FlushFileBuffers
CreateDirectoryW
GetVolumeInformationW
FindFirstFileExW
GetFullPathNameW
FindNextFileW
RemoveDirectoryW
FindClose
GetModuleHandleA
GetDiskFreeSpaceExW
GetCurrentDirectoryW
GetDriveTypeW
GetSystemDefaultLangID
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
GetModuleHandleExW
GetVersionExW
GetSystemWindowsDirectoryA
GetTimeZoneInformation
FileTimeToSystemTime
LoadLibraryA
RaiseException
GetSystemInfo
FileTimeToLocalFileTime
DecodePointer
GetWindowsDirectoryW
VerSetConditionMask
GetComputerNameW
SystemTimeToFileTime
VerifyVersionInfoW
GetSystemWindowsDirectoryW
ProcessIdToSessionId
GetCurrentProcessId
CreateEventW
SetEvent
GetStartupInfoW
WaitForMultipleObjects
WaitForSingleObject
GetCommandLineW
CopyFileW
AttachConsole
FreeLibrary
Sleep
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
GetOEMCP
GetACP
IsValidCodePage
PeekNamedPipe
GetFileType
GetExitCodeProcess
OpenProcess
SetHandleInformation
GetStdHandle
CreatePipe
DuplicateHandle
SearchPathA
CreateProcessA
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
HeapSize
ExitProcess
SetStdHandle
GetConsoleCP
ExitThread
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
SetEnvironmentVariableA
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
ReadConsoleW
GetConsoleMode
VirtualFree
VirtualProtect
VirtualAlloc
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
CreateSemaphoreW
GetModuleHandleW
GetProcAddress
HeapDestroy
CloseHandle
HeapReAlloc
WaitForSingleObjectEx
GetLastError
GetCurrentThreadId
ReleaseSemaphore
HeapCreate
GetProcessHeap
DeleteCriticalSection
HeapAlloc
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
WriteConsoleW
CreateProcessW
TryEnterCriticalSection
SwitchToThread
GetCurrentThread
GetExitCodeThread
QueryPerformanceCounter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
OutputDebugStringW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes

user32

GetWindowRect
PostMessageW
WaitForInputIdle
MessageBoxW
SendMessageW
EndDialog
IsWindow
MessageBoxA
MoveWindow
GetClientRect
GetDlgItem
DialogBoxParamW
GetSystemMetrics
SetWindowPos
SetWindowTextW

shell32

CommandLineToArgvW

ole32

CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantInit

advapi32

RegCloseKey
RegOpenKeyExW
GetUserNameW
RegQueryValueExW
SetSecurityDescriptorDacl
SetFileSecurityW
ConvertSecurityDescriptorToStringSecurityDescriptorW
CreateWellKnownSid
SetSecurityDescriptorSacl
IsValidSecurityDescriptor
OpenProcessToken
GetFileSecurityW
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAceEx
GetTokenInformation

Sections

.text
Size: 657KB - Virtual size: 656KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101.9MB - Virtual size: 101.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/2. NPE.exe
.exe windows:6 windows x64 arch:x64

6e0dcaca7f0e80510d06b4087b95e6f7

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:be:91:35:61:37:61:3e:57:68:3e:60:3e:c5:38:bd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/05/2021, 00:00

Not After

21/05/2024, 23:59

Subject

CN=NortonLifeLock Inc.,OU=Norton Product Engineering - CM,O=NortonLifeLock Inc.,L=Tempe,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:17:85:6e:8e:34:bc:b7:30:de:59:cc:d4:ea:5a:b7:45:6e:72:07:67:c5:ed:d1:57:b8:38:9c:88:67:4c:8e
Signer

Actual PE Digest

5d:17:85:6e:8e:34:bc:b7:30:de:59:cc:d4:ea:5a:b7:45:6e:72:07:67:c5:ed:d1:57:b8:38:9c:88:67:4c:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\jenkins\workspace\SNaPE\NortonPowerEraser\Builds\npe_release_build\SNaPE\NPE\bin\bin64.iru\NPE.pdb

Imports

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
ord74
DragQueryFileW
SHGetFileInfoW
ord727
ord190
ord155
SHOpenFolderAndSelectItems
SHGetKnownFolderPath
CommandLineToArgvW

rpcrt4

UuidToStringW
UuidCreate
UuidCompare
RpcStringFreeW
UuidFromStringW

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessImageFileNameW

ws2_32

WSAGetLastError
inet_addr
WSAAddressToStringW
socket
htonl
htons
bind
closesocket
listen
ntohs
gethostbyname
inet_ntoa
accept
setsockopt
connect
select
recv
send
shutdown
gethostname
ioctlsocket
freeaddrinfo
getaddrinfo
__WSAFDIsSet
gethostbyaddr
getservbyport
getservbyname
WSASetLastError
WSAStartup
WSACleanup
WSAStringToAddressW

kernel32

lstrcmpW
OutputDebugStringW
WaitForMultipleObjectsEx
CreateSemaphoreA
Module32FirstW
Module32NextW
CreateMutexW
IsDebuggerPresent
FindFirstVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
GetFileType
FindNextVolumeW
GetVolumeInformationByHandleW
GetFileSize
SetEndOfFile
OpenMutexW
ReleaseMutex
TryEnterCriticalSection
CreateThread
TerminateThread
SetThreadPriority
GetThreadPriority
ExitThread
lstrlenW
GetSystemDefaultUILanguage
GetCommandLineW
lstrcpyW
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
CreateEventW
OpenEventW
SetEvent
ResetEvent
GetProcessTimes
RtlCaptureContext
CreateWaitableTimerW
CancelWaitableTimer
SetWaitableTimer
RegisterWaitForSingleObject
UnregisterWaitEx
lstrlenA
GlobalSize
WaitForMultipleObjects
CreateSemaphoreW
ReadProcessMemory
VirtualQuery
SetUnhandledExceptionFilter
SetFilePointerEx
LCMapStringW
TlsFree
GetCPInfo
RtlLookupFunctionEntry
RtlVirtualUnwind
DuplicateHandle
TerminateProcess
GetBinaryTypeW
GetUserGeoID
GetNumberFormatW
GetGeoInfoW
GetSystemWindowsDirectoryW
GetComputerNameW
LoadLibraryW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetDllDirectoryW
FlushFileBuffers
SystemTimeToTzSpecificLocalTime
GetLocalTime
GetTimeZoneInformation
GetUserDefaultUILanguage
GetFileTime
GetDriveTypeW
GetWindowsDirectoryW
GetCurrentDirectoryW
SetFilePointer
WriteFile
GetLongPathNameW
GetFullPathNameW
ReadFile
CompareStringW
InitializeCriticalSectionAndSpinCount
GetCurrentThread
GetTempPathW
QueryDosDeviceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetSystemTime
CreatePipe
MulDiv
GetModuleHandleExW
GetDiskFreeSpaceExW
GetDateFormatW
GetTimeFormatW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
InitializeCriticalSection
SetLastError
GetVolumeInformationW
GetSystemDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
MoveFileExW
DeviceIoControl
GlobalMemoryStatusEx
GetCurrentProcess
GetExitCodeProcess
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoW
GetSystemInfo
ResumeThread
GetSystemDefaultLCID
ExpandEnvironmentStringsW
OpenProcess
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
WTSGetActiveConsoleSessionId
GetCurrentProcessId
ProcessIdToSessionId
WideCharToMultiByte
RemoveDirectoryW
GetFileSizeEx
GetSystemTime
SystemTimeToFileTime
CreateDirectoryW
WaitForSingleObject
FormatMessageW
LocalAlloc
CopyFileW
GetFileAttributesExW
FindNextFileW
FindFirstFileW
FindClose
GetFileAttributesW
GetTickCount
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
GetProcAddress
FreeLibrary
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
RaiseException
DecodePointer
FileTimeToSystemTime
GetModuleHandleW
FileTimeToLocalFileTime
CompareFileTime
MoveFileW
CreateProcessW
CloseHandle
SetFileInformationByHandle
SetFileAttributesW
DeleteFileW
CreateFileW
GetModuleFileNameW
Sleep
WaitForSingleObjectEx
ReleaseSemaphore
LocalFree
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
FlushInstructionCache
QueueUserWorkItem
IsProcessorFeaturePresent
GetNativeSystemInfo
GetExitCodeThread
SwitchToThread
GetStringTypeW
lstrcmpA
LCMapStringA
WritePrivateProfileSectionW
UnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
FormatMessageA
CreateTimerQueue
SignalObjectAndWait
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
GetVersionExW
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
GetTempPathA
GetTempFileNameA
GetLogicalDriveStringsW
GetPrivateProfileSectionW
BackupWrite
BackupRead
GetLocaleInfoA
GetSystemDirectoryA
LoadLibraryA
DeleteVolumeMountPointW
MapViewOfFileEx
GetVolumeNameForVolumeMountPointW
CreateProcessA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
QueryPerformanceFrequency
QueryPerformanceCounter
EncodePointer
RtlPcToFileHeader
LoadLibraryExA
VirtualProtect
GetFileInformationByHandle
EnumSystemLocalesW
IsValidLocale
WriteConsoleW
SetStdHandle
GetACP
GetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
RtlUnwindEx
ExitProcess
GetCurrencyFormatW
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
LocalSize
CompareStringA
GetUserDefaultLangID
GetModuleFileNameA
AllocConsole

user32

EmptyClipboard
SetClipboardData
CloseClipboard
PostThreadMessageW
CharPrevW
MsgWaitForMultipleObjectsEx
IsWindowUnicode
GetMessageA
GetMessageW
DispatchMessageA
PeekMessageW
LoadIconW
IsCharAlphaNumericW
UnregisterClassW
CharNextW
LoadImageW
GetMenuItemCount
EnableMenuItem
GetSystemMenu
GetSystemMetrics
ShowWindow
DestroyWindow
IsWindow
PostMessageW
SendMessageW
wsprintfW
GetClipboardSequenceNumber
GetClipboardData
IsClipboardFormatAvailable
EnumClipboardFormats
CountClipboardFormats
RegisterClipboardFormatW
UpdateLayeredWindow
SetCaretPos
CreateCaret
GetKeyboardLayout
DestroyCaret
LoadStringW
RedrawWindow
RegisterClassW
BeginPaint
EndPaint
SetParent
AllowSetForegroundWindow
MessageBeep
DestroyIcon
DrawIconEx
GetIconInfo
CreateIconIndirect
GetSysColor
SetScrollInfo
DeferWindowPos
GetScrollInfo
WindowFromPoint
SetClassLongW
BeginDeferWindowPos
GetAsyncKeyState
GetCapture
IsChild
GetDoubleClickTime
MoveWindow
MessageBoxW
IsRectEmpty
SetCapture
EndDeferWindowPos
EnumThreadWindows
GetClassLongW
ReleaseCapture
InvalidateRect
EnumDisplayMonitors
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowPlacement
MonitorFromPoint
DeleteMenu
TrackPopupMenuEx
GetMenuItemID
KillTimer
IsZoomed
GetKeyState
GetWindowTextW
OffsetRect
EqualRect
GetLayeredWindowAttributes
GetFocus
GetAncestor
CreateWindowExW
IsMenu
GetMenuState
FlashWindowEx
UpdateWindow
EnableWindow
SetWindowTextW
SetTimer
NotifyWinEvent
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
AdjustWindowRectEx
WaitMessage
GetActiveWindow
GetWindowDC
SetFocus
PostQuitMessage
AnimateWindow
SetWindowLongW
RegisterClassExW
GetClassInfoExW
GetWindow
EnumDisplayDevicesW
LoadCursorFromFileA
DestroyCursor
SendMessageTimeoutW
CopyRect
SetCursor
SetClassLongPtrW
LoadCursorW
PtInRect
ScreenToClient
GetCursorPos
RegisterWindowMessageW
OpenClipboard
SetActiveWindow
SetWindowPos
SetForegroundWindow
GetForegroundWindow
FlashWindow
IsIconic
IsWindowVisible
FindWindowW
GetWindowLongW
FindWindowExW
AttachThreadInput
GetWindowThreadProcessId
MonitorFromWindow
ReleaseDC
ClientToScreen
GetDC
GetDesktopWindow
SystemParametersInfoW
DispatchMessageW
GetMessageTime
CallWindowProcW
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
TranslateMessage

gdi32

SaveDC
GetClipBox
RestoreDC
BitBlt
GetFontUnicodeRanges
EnumFontFamiliesExW
GetObjectA
GetGlyphIndicesW
SetViewportOrgEx
GetDeviceCaps
GetObjectW
SetLayout
GetStockObject
CreateBitmap
AddFontMemResourceEx
CreateCompatibleDC
CreateDIBSection
SelectObject
StartPage
EndDoc
CreateDCW
SetMapMode
StartDocW
EndPage
GetLayout
DeleteDC
DeleteObject
GetDIBits
CreateFontW

advapi32

AddAce
AccessCheck
SetThreadToken
EnableTraceEx
RegNotifyChangeKeyValue
DeleteService
ControlService
RegUnLoadKeyW
RegLoadKeyW
CloseEncryptedFileRaw
WriteEncryptedFileRaw
ReadEncryptedFileRaw
OpenEncryptedFileRawW
LookupAccountSidW
GetKernelObjectSecurity
ChangeServiceConfigW
QueryServiceConfigW
SetKernelObjectSecurity
LookupPrivilegeNameW
QueryServiceStatusEx
CloseServiceHandle
MakeAbsoluteSD
RegOpenKeyW
GetTraceLoggerHandle
GetTraceEnableFlags
GetTraceEnableLevel
RegisterTraceGuidsW
UnregisterTraceGuids
ImpersonateSelf
RegEnumValueW
RegQueryValueExW
InitiateSystemShutdownW
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CreateWellKnownSid
InitializeSecurityDescriptor
SetSecurityDescriptorGroup
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
OpenThreadToken
ConvertSidToStringSidW
CreateProcessAsUserW
SetTokenInformation
StartServiceW
OpenServiceW
OpenSCManagerW
InitiateSystemShutdownExW
RegDisablePredefinedCache
QueryServiceStatus
MapGenericMask
SetSecurityInfo
GetSecurityInfo
DuplicateToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSecurityDescriptorControl
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetAce
GetAclInformation
RegEnumKeyW
InitializeAcl
EqualSid
IsValidSid
GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
OpenProcessToken
EnumerateTraceGuids
QueryTraceW
FlushTraceW
StopTraceW
EnableTrace
StartTraceW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ControlTraceW
TraceMessage
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
ConvertStringSidToSidW
CreateServiceW
GetUserNameW

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoInitializeSecurity
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
DoDragDrop
CoTaskMemAlloc
PropVariantCopy
PropVariantClear
StgCreateStorageEx
StgOpenStorageEx
StringFromIID
CoInitializeEx
CoSetProxyBlanket
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemRealloc
OleRun
IIDFromString

oleaut32

SafeArrayCopy
SafeArrayCreateVector
SafeArrayRedim
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayUnlock
SafeArrayCreate
VariantCopyInd
SysStringByteLen
SysAllocStringByteLen
VarBstrFromDate
VariantChangeType
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayUnaccessData
SafeArrayAccessData
SysAllocStringLen
SysStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString
VarUI4FromStr
GetErrorInfo
SafeArrayDestroy

shlwapi

PathAddBackslashW
PathMatchSpecW
PathFileExistsW
UrlCanonicalizeW
UrlEscapeW
ord12
PathCombineW
PathFindOnPathW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathIsUNCServerW
SHDeleteKeyW
PathSkipRootW
PathIsUNCW
PathIsURLW
PathRemoveFileSpecW

imm32

ImmAssociateContextEx
ImmIsIME
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow
ImmNotifyIME

gdiplus

GdipGetClipBoundsI
GdipSetPenLineJoin
GdipBitmapLockBits
GdipTranslateMatrix
GdipDrawString
GdipDrawPath
GdipFree
GdipCreateImageAttributes
GdipGetSmoothingMode
GdipTransformPoints
GdipClosePathFigure
GdipSetClipRectI
GdipSetPageUnit
GdipAddPathEllipse
GdipFillRectangle
GdipSetPixelOffsetMode
GdipDrawRectangle
GdipAddPathLineI
GdipDrawLine
GdipCreateFromHWND
GdipSetPenDashStyle
GdipGraphicsClear
GdipMultiplyWorldTransform
GdipSetPenDashArray
GdipGetPathWorldBounds
GdipFillPath
GdipShearMatrix
GdipFillPie
GdipSetStringFormatTrimming
GdipResetPath
GdipGetFontStyle
GdipCreateSolidFill
GdipSetPathGradientWrapMode
GdipGetCellDescent
GdipCreateFromHDC
GdipSetLinePresetBlend
GdipSetPenMiterLimit
GdipSetStringFormatLineAlign
GdipCreatePath
GdipCreateLineBrush
GdipSetPenEndCap
GdipBeginContainer2
GdipCreateTexture
GdipSetTextRenderingHint
GdipGetCellAscent
GdipDrawEllipse
GdipRestoreGraphics
GdipCloneBrush
GdipSetPenDashOffset
GdipMeasureString
GdipGetFontHeightGivenDPI
GdipGetImageGraphicsContext
GdipDrawPie
GdipFillRectangleI
GdipAddPathArc
GdipDeleteGraphics
GdipClonePath
GdipDrawArc
GdipDeleteStringFormat
GdipStartPathFigure
GdipGetFontSize
GdipGetImageWidth
GdipTranslateWorldTransform
GdipDeletePen
GdipCreateBitmapFromScan0
GdipAddPathString
GdipSetPathFillMode
GdipCreatePen1
GdipEndContainer
GdipSetSmoothingMode
GdipSetStringFormatAlign
GdipSetInterpolationMode
GdipDisposeImage
GdipCreateMatrix
GdipCreatePathGradientFromPath
GdipDeletePath
GdipDisposeImageAttributes
GdipAddPathBezier
GdipCreateMatrix2
GdipAlloc
GdipScaleMatrix
GdipRotateMatrix
GdipIsVisiblePathPoint
GdipDeleteBrush
GdipBitmapUnlockBits
GdipSetPenStartCap
GdipCloneImage
GdipDeleteMatrix
GdipFillRectanglesI
GdipSetPathGradientCenterPoint
GdipSetClipRect
GdipSetPathGradientTransform
GdipSetLineWrapMode
GdipDrawImageRectRect
GdipSaveGraphics
GdipAddPathArcI
GdipGetEmHeight
GdipAddPathRectangleI
GdipDrawDriverString
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromGraphics
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipCreateFontFromLogfontA
GdipGetLineSpacing
GdipCreateFontFromDC
GdipDeleteFont
GdipAddPathLine
GdipMultiplyLineTransform
GdipCreateStringFormat
GdipDeleteFontFamily
GdipSetPathGradientPresetBlend
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipSetCompositingQuality
GdipGetFamily
GdipFillEllipse
GdipCreatePen2

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

msi

ord205

comdlg32

GetSaveFileNameW
CommDlgExtendedError
PrintDlgW
GetOpenFileNameW

Sections

.text
Size: 8.5MB - Virtual size: 8.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

IPPCODE
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 323KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/20. virustotal.bat.lnk
.lnk
VirusRemovalTools/21. bybridanalysis.bat.lnk
.lnk
VirusRemovalTools/22. any.run.bat.lnk
.lnk
VirusRemovalTools/23. capa instructions.txt.lnk
.lnk
VirusRemovalTools/24. tria.ge.bat.lnk
.lnk
VirusRemovalTools/3. HitmanPro_x64.exe
.exe windows:5 windows x64 arch:x64

ebe6f3e6188e977edcfd0e804a73c0e1

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:d7:a6:38:9b:85:ba:4a:0f:71:de:48:5e:47:82:60
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/07/2023, 00:00

Not After

24/07/2024, 23:59

Subject

CN=Sophos Ltd,O=Sophos Ltd,L=Abingdon,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b6:58:e3:cb:d5:f9:28:5f:d1:0c:09:84:dd:4e:cf:36:bf:08:9a:72:ac:e7:ba:a3:ae:a5:d4:3e:72:7b:61
Signer

Actual PE Digest

01:b6:58:e3:cb:d5:f9:28:5f:d1:0c:09:84:dd:4e:cf:36:bf:08:9a:72:ac:e7:ba:a3:ae:a5:d4:3e:72:7b:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\SurfRight\Producten\HitmanPro35\bin\x64\Release MT\HitmanPro_x64.pdb

Imports

kernel32

GetModuleHandleW
GetLastError
WaitForMultipleObjects
CreateEventW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
SignalObjectAndWait
TerminateThread
Sleep
VirtualAlloc
VirtualFree
OpenProcess
VirtualQueryEx
WaitForSingleObjectEx
CreateWaitableTimerW
SetWaitableTimer
GetVersion
LocalAlloc
LocalFree
GetProcAddress
GlobalMemoryStatus
FreeLibrary
Heap32ListNext
Heap32Next
QueryPerformanceCounter
Heap32First
Heap32ListFirst
GetTickCount
GetSystemTimeAsFileTime
Thread32First
Thread32Next
VirtualUnlock
LoadLibraryA
Process32FirstW
VirtualLock
Module32FirstW
GetSystemInfo
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
Module32NextW
GetCurrentProcessId
QueryPerformanceFrequency
SetThreadPriority
GetCurrentThread
SystemTimeToFileTime
LocalFileTimeToFileTime
CompareFileTime
GetLocalTime
FileTimeToSystemTime
SetLastError
GetSystemDirectoryW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
CreateFileW
DeviceIoControl
GetFileInformationByHandle
GetModuleHandleA
GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc
FindResourceW
SizeofResource
LoadResource
LockResource
FreeResource
OutputDebugStringW
WriteFile
ReadFile
PeekNamedPipe
WaitNamedPipeW
GetCalendarInfoW
GetFileSizeEx
GetNativeSystemInfo
FormatMessageW
FileTimeToLocalFileTime
GetLocaleInfoW
TryEnterCriticalSection
GetTempPathW
RemoveDirectoryW
FindFirstFileW
FindClose
FindNextFileW
GetFileAttributesW
GetCurrentProcess
RegisterWaitForSingleObject
UnregisterWaitEx
FlushFileBuffers
DisconnectNamedPipe
GetOverlappedResult
GetComputerNameW
GetFileAttributesExW
GetFileTime
SetFileTime
ResumeThread
GetCommandLineW
CreateProcessW
ConvertDefaultLocale
GetLogicalDriveStringsW
QueryDosDeviceW
SetThreadAffinityMask
DeleteFileW
GetModuleFileNameW
SetErrorMode
GetStdHandle
GetDriveTypeW
GetVolumeInformationW
GetFileSize
GetModuleHandleExA
SetFileAttributesW
CopyFileW
TerminateProcess
GetNumberFormatW
GetVersionExW
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetProcessTimes
LoadLibraryW
GlobalAlloc
OpenEventW
AllocConsole
LoadLibraryExW
MultiByteToWideChar
SetUnhandledExceptionFilter
VirtualProtect
VirtualQuery
OpenThread
SuspendThread
GetThreadContext
SetThreadContext
SearchPathW
GetSystemDirectoryA
LoadLibraryExA
DuplicateHandle
CreateSemaphoreW
ReleaseSemaphore
GetEnvironmentVariableW
WideCharToMultiByte
GetSystemWow64DirectoryW
GetSystemTime
GetExitCodeProcess
CreateHardLinkW
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetVolumeInformationA
ExpandEnvironmentStringsW
SetHandleInformation
CreateNamedPipeW
ConnectNamedPipe
GetThreadPriority
GetLongPathNameW
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
MoveFileW
GetCurrentDirectoryW
GetCurrentDirectoryA
GlobalFree
SetEndOfFile
SetFilePointerEx
FormatMessageA
GetFullPathNameW
GetFullPathNameA
CreateFileA
CreateMutexW
HeapCompact
SetFilePointer
MapViewOfFile
UnmapViewOfFile
UnlockFile
LockFile
UnlockFileEx
HeapDestroy
GetFileAttributesA
HeapCreate
HeapValidate
HeapSize
LockFileEx
GetDiskFreeSpaceW
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
OutputDebugStringA
GetVersionExA
GetTempPathA
AreFileApisANSI
DeleteFileA
SetNamedPipeHandleState
ExitProcess
GetStringTypeW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
GetModuleHandleExW
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
GetACP
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetFileType
GetConsoleCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
WriteConsoleW
SetEnvironmentVariableW
SetEnvironmentVariableA
lstrlenA

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9.3MB - Virtual size: 9.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/30. Process Hacker 2.lnk
.lnk
VirusRemovalTools/31. process explorer.exe
.exe windows:6 windows x86 arch:x86

dbcf2a4deb216c4be49068990ac64d93

Code Sign

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2d:2e:d0:2c:26:7e:28:57:5a:76:a4:ef:31:41:c8:50:34:5e:93:1e:06:49:95:62:e6:b7:77:25:e0:43:e1:7e
Signer

Actual PE Digest

2d:2e:d0:2c:26:7e:28:57:5a:76:a4:ef:31:41:c8:50:34:5e:93:1e:06:49:95:62:e6:b7:77:25:e0:43:e1:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\exe\Win32\Release\procexp.pdb

Imports

shlwapi

PathIsNetworkPathW
StrCmpIW
SHAutoComplete
ColorHLSToRGB
ColorRGBToHLS
StrStrIW
ord176
UrlUnescapeW

iphlpapi

GetExtendedTcpTable
GetExtendedUdpTable

ws2_32

htons
ntohl
ntohs
htonl
gethostbyaddr
getservbyport
WSAStartup

mpr

WNetGetConnectionW

comctl32

ImageList_ReplaceIcon
ImageList_Add
InitCommonControlsEx
ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ord17
PropertySheetW
CreateStatusWindowW
ord413
CreatePropertySheetPageW
ImageList_GetIcon
ord410

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

credui

CredUIPromptForCredentialsW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

crypt32

CertDuplicateCertificateContext
CertGetNameStringW

aclui

ord1

powrprof

SetSuspendState
IsPwrSuspendAllowed
IsPwrHibernateAllowed

wtsapi32

WTSDisconnectSession
WTSSendMessageW
WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSLogoffSession
WTSFreeMemory

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemePartSize
SetWindowTheme
EnableThemeDialogTexture

ntdll

NtSetInformationProcess
VerSetConditionMask
NtLoadDriver
NtCreateKey
NtOpenKey
NtQuerySymbolicLinkObject
NtQueryEvent
NtQueryMutant
NtQuerySystemInformation
NtQueryInformationThread
NtQuerySection
NtResumeThread
NtSuspendProcess
NtResumeProcess
NtOpenThread
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
NtOpenSymbolicLinkObject
NtQueryInformationProcess
NtQueryObject
NtQuerySemaphore
NtSuspendThread
RtlUnwind

gdi32

GetDeviceCaps
GetStockObject
LineTo
RectInRegion
SelectClipRgn
SelectObject
GetBkMode
SetDCPenColor
SetBkMode
SetTextColor
GetTextMetricsW
MoveToEx
Polyline
ExtTextOutW
SetViewportOrgEx
CreateFontIndirectW
GetTextExtentPoint32W
Rectangle
SetTextAlign
TextOutW
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
CreateBitmap
CreatePatternBrush
ExcludeClipRect
GetCurrentObject
PatBlt
Polygon
GetTextExtentExPointW
RestoreDC
SaveDC
SetROP2
GetBkColor
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreatePen
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
GetObjectW
CreateDIBSection
SetBkColor

comdlg32

PrintDlgW
ChooseFontW
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW
FindTextW

kernel32

GetLongPathNameW
WriteFile
CloseHandle
GetLastError
SetErrorMode
InitializeCriticalSection
Sleep
GetCurrentProcess
ExitThread
TlsAlloc
TlsSetValue
CreateProcessW
OpenProcess
GetVersion
GetSystemWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
IsWow64Process
GetSystemWow64DirectoryW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LocalFree
FormatMessageA
lstrlenW
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindFirstFileW
GetFileAttributesW
GetPrivateProfileStringW
FreeLibrary
ExitProcess
ReadFile
MultiByteToWideChar
FindClose
FindNextFileW
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
GetCurrentThread
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CreateThread
GetExitCodeThread
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
SetLastError
GetVersionExW
GetFileSizeEx
LoadLibraryW
GetTickCount
MulDiv
GlobalAddAtomW
GlobalAlloc
GlobalUnlock
GlobalLock
GetPrivateProfileIntW
GetFileTime
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentThreadId
DeleteFileW
GetTempFileNameW
GetTempPathW
GetThreadId
FormatMessageW
GetCommandLineW
GetFileType
LocalAlloc
TerminateThread
GlobalReAlloc
Module32FirstW
Module32NextW
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
IsBadStringPtrW
OpenEventW
VerifyVersionInfoW
GetEnvironmentVariableW
ReadProcessMemory
lstrcmpiW
GetSystemDirectoryW
SearchPathW
SetFilePointer
GetCurrentProcessId
IsProcessorFeaturePresent
VirtualQueryEx
OpenThread
ResumeThread
GetThreadContext
Thread32First
Thread32Next
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
IsBadReadPtr
TerminateProcess
SetPriorityClass
ProcessIdToSessionId
GetProcessId
GlobalMemoryStatusEx
GetLogicalProcessorInformation
SetProcessWorkingSetSize
GlobalFree
PulseEvent
GetComputerNameW
WTSGetActiveConsoleSessionId
GetCurrentDirectoryW
GetDriveTypeW
OutputDebugStringW
DuplicateHandle
DeviceIoControl
VirtualAlloc
VirtualFree
GetProcessWorkingSetSize
TrySubmitThreadpoolCallback
IsProcessInJob
CreateJobObjectW
QueryInformationJobObject
GetThreadGroupAffinity
SetThreadGroupAffinity
GlobalMemoryStatus
GetProcessAffinityMask
SetProcessAffinityMask
GetActiveProcessorGroupCount
GetActiveProcessorCount
WideCharToMultiByte
K32GetModuleFileNameExW
K32GetMappedFileNameW
K32QueryWorkingSet
DecodePointer
GetStartupInfoW
GetThreadIdealProcessorEx
GetTickCount64
QueryThreadCycleTime
SystemTimeToTzSpecificLocalTime
GetNativeSystemInfo
GetConsoleCP
LCMapStringEx
GetStringTypeW
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
LoadLibraryExA
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetSystemInfo
VirtualProtect
VirtualQuery
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
GetFileSize
FileTimeToLocalFileTime
CreateFileW
ExpandEnvironmentStringsW
SetEnvironmentVariableW
GetStdHandle
TlsGetValue
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsFree
FreeLibraryAndExitThread
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEndOfFile
WriteConsoleW
GetFullPathNameW
RaiseException
GetModuleHandleExW
LoadLibraryExW

user32

CheckDlgButton
IsDlgButtonChecked
EnableWindow
ModifyMenuW
TrackPopupMenu
SetMenuInfo
InvalidateRgn
EnumWindows
CopyAcceleratorTableW
TranslateAcceleratorW
DrawMenuBar
IsDialogMessageW
GetMenuBarInfo
ShowWindowAsync
IsIconic
EndTask
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
ExitWindowsEx
SetLayeredWindowAttributes
CreateDialogParamW
GetDlgItemTextW
CreateMenu
GetMenuInfo
EndMenu
LoadIconW
LockWorkStation
IsHungAppWindow
SendMessageTimeoutW
SetDlgItemInt
CheckRadioButton
MsgWaitForMultipleObjects
GetGuiResources
CharNextW
GetWindowPlacement
MonitorFromPoint
CheckMenuRadioItem
GetWindow
GetDesktopWindow
SetRectEmpty
WindowFromPoint
ClientToScreen
SetCursorPos
MessageBeep
AdjustWindowRectEx
AllowSetForegroundWindow
SetMenuDefaultItem
GetMenuItemInfoW
TrackPopupMenuEx
RemoveMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
EnableMenuItem
CreatePopupMenu
GetMenuStringW
LoadMenuW
LoadAcceleratorsW
GetDlgCtrlID
SetWindowPlacement
IsWindow
PostQuitMessage
GetMessagePos
PeekMessageW
DrawEdge
TrackMouseEvent
LoadStringA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
CreateIconIndirect
DestroyWindow
EnumChildWindows
UnionRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
DrawFrameControl
DialogBoxParamW
GetDlgItem
EndDialog
DialogBoxIndirectParamW
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongW
PtInRect
FrameRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
GetWindowDC
IsWindowEnabled
IsZoomed
IsWindowVisible
MoveWindow
IsChild
GetSysColorBrush
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
KillTimer
GetClassInfoExW
UnregisterClassW
DrawIconEx
GetSysColor
SetMenuItemInfoW
DestroyMenu
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetScrollInfo
SetScrollInfo
GetClassLongW
SetWindowLongW
GetWindowLongW
OffsetRect
IntersectRect
InflateRect
CopyRect
SetRect
FillRect
MapWindowPoints
GetCursorPos
SendMessageW
WaitForInputIdle
ShowWindow
SetFocus
GetSystemMetrics
GetMenu
CheckMenuItem
GetSubMenu
InsertMenuW
DeleteMenu
SetForegroundWindow
GetWindowRect
GetClientRect
GetPropW
SetPropW
ScrollWindowEx
ValidateRect
InvalidateRect
EndPaint
UpdateWindow
DrawTextW
SetTimer
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetFocus
SetWindowPos
CreateWindowExW
RegisterClassExW
MessageBoxW
SetCursor
FindWindowW
FindWindowExW
GetWindowThreadProcessId
LoadCursorW
DestroyIcon
LoadImageW
EnumDisplaySettingsW
GetDC
ReleaseDC
LoadStringW
PostMessageW
SetDlgItemTextW
GetParent
DefWindowProcW
CallWindowProcW
BeginPaint

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
FreeSid
GetTokenInformation
ImpersonateLoggedOnUser
CreateRestrictedToken
GetAce
GetSidIdentifierAuthority
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
InitializeAcl
IsValidSid
SetTokenInformation
GetSecurityInfo
SetSecurityInfo
LookupAccountSidW
LookupAccountNameW
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaEnumerateAccountRights
ConvertSidToStringSidW
FlushTraceW
RegConnectRegistryW
CreateProcessAsUserW
GetKernelObjectSecurity
OpenProcessToken
LookupPrivilegeNameW
EnumServicesStatusExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
RegEnumKeyExW
SetEntriesInAclW
AddAccessAllowedAce
QueryServiceConfigW
GetLengthSid
CopySid
CloseTrace
ProcessTrace
OpenTraceW
ControlTraceW
StartTraceW
SetServiceObjectSecurity
QueryServiceObjectSecurity
LookupPrivilegeValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyW
RegEnumValueW
MapGenericMask
RegGetValueW
RegCreateKeyW
StartServiceW
QueryServiceStatus
ControlService
QueryServiceConfig2W
SetKernelObjectSecurity
RegCloseKey
OpenServiceW
OpenSCManagerW
RegLoadKeyW
RegOpenKeyW
RegOpenKeyExW
GetServiceDisplayNameW
CloseServiceHandle
RegDeleteValueW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegQueryValueW
RegUnLoadKeyW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
AddAce

shell32

Shell_NotifyIconW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
ExtractAssociatedIconW
ShellExecuteW
SHBrowseForFolderW
ExtractIconExW
SHGetStockIconInfo
SHGetFolderPathW
SHGetFileInfoW

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CoSetProxyBlanket
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoGetInterfaceAndReleaseStream

oleaut32

SafeArrayGetElement
VarUI4FromStr
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SysAllocString
SysFreeString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SafeArrayGetUBound
SafeArrayDestroy

msimg32

GradientFill

dwmapi

DwmDefWindowProc
DwmSetWindowAttribute

winhttp

WinHttpOpen
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpSetOption

Sections

.text
Size: 997KB - Virtual size: 996KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/32. Wireshark.lnk
.lnk
VirusRemovalTools/33. LastActivityView.cfg
VirusRemovalTools/33. LastActivityView.exe
.exe windows:4 windows x86 arch:x86

3fbcb180ebbfb0ad62cf50d337af18c5

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11/05/2022, 00:00

Not After

10/08/2033, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:d0:50:e9:bb:2f:ee:a9:26:74:b9:34:ef:82:25:c8:43:e0:7f:b7:d0:98:e5:f2:8e:e8:20:f8:95:33:8c:05
Signer

Actual PE Digest

86:d0:50:e9:bb:2f:ee:a9:26:74:b9:34:ef:82:25:c8:43:e0:7f:b7:d0:98:e5:f2:8e:e8:20:f8:95:33:8c:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_msize
__set_app_type
_controlfp
_except_handler3
_wcmdln
calloc
realloc
_purecall
_wcslwr
strlen
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateToolbarEx
CreateStatusWindowW
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetModuleHandleW
ReadProcessMemory
SetErrorMode
DeleteFileW
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
MoveWindow
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
DrawTextExW
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegConnectRegistryW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
OpenServiceW
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetMalloc
SHBindToParent
SHGetDesktopFolder
SHGetPathFromIDListW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VirusRemovalTools/34. Autoruns64.exe
.exe windows:6 windows x64 arch:x64

74734fd45ad3c36817b427e886a8e5d6

Code Sign

33:00:00:03:af:30:40:0e:4c:a3:4d:05:41:00:00:00:00:03:af
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:09

Not After

14/11/2024, 19:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:6c:1d:82:11:95:6d:21:9a:2c:c9:6b:9b:94:bf:4c:95:a3:9f:49:92:b0:44:92:01:f6:78:50:6a:d2:78:9e
Signer

Actual PE Digest

64:6c:1d:82:11:95:6d:21:9a:2c:c9:6b:9b:94:bf:4c:95:a3:9f:49:92:b0:44:92:01:f6:78:50:6a:d2:78:9e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\x64\Release\Autoruns64.pdb

Imports

kernel32

ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetConsoleCP
ExitProcess
VirtualProtect
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RtlPcToFileHeader
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
FlushFileBuffers
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
QueryPerformanceCounter
LCMapStringEx
InitOnceBeginInitialize
InitOnceComplete
AcquireSRWLockShared
ReleaseSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFullPathNameW
GetNativeSystemInfo
IsWow64Process
GetFileTime
QueryDosDeviceW
GetLogicalDrives
SearchPathW
K32GetMappedFileNameW
WaitForMultipleObjects
CreateSemaphoreW
CreateEventW
SetEnvironmentVariableW
FindClose
FindNextFileW
FindFirstFileW
ReleaseSemaphore
SetEvent
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
FileTimeToLocalFileTime
TrySubmitThreadpoolCallback
CreateThreadpoolTimer
CloseThreadpoolTimer
SetThreadpoolTimer
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
ReadFile
WriteConsoleW
LocalAlloc
GetFileType
GetStdHandle
GetVersionExW
GetTickCount64
GetSystemDirectoryW
TerminateThread
CreateThread
WaitForSingleObject
WideCharToMultiByte
OpenProcess
Sleep
ExpandEnvironmentStringsW
GetStartupInfoW
CreateProcessW
GetCommandLineW
VerifyVersionInfoW
GetComputerNameW
lstrcmpW
LocalFree
VirtualQuery
GetCurrentProcessId
VerSetConditionMask
MoveFileW
SetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
GetNumberFormatEx
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GlobalAlloc
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetFileInformationByHandle
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
lstrcmpiW
LoadLibraryExW
ReadConsoleW
SetThreadPriority
GetCurrentThread
DecodePointer
SetCurrentDirectoryW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetThreadId
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
RaiseException
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalLock
GlobalUnlock
RtlUnwind

user32

OpenClipboard
EmptyClipboard
DialogBoxIndirectParamW
IsRectEmpty
EnumDisplaySettingsW
FindWindowExW
FindWindowW
SetClipboardData
WaitForInputIdle
IsDlgButtonChecked
CheckDlgButton
EnableWindow
GetDlgItemTextW
SendMessageW
DestroyMenu
SetMenuItemInfoW
GetSysColor
CloseClipboard
SetForegroundWindow
LoadImageW
DrawIconEx
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MonitorFromPoint
IsDialogMessageW
CheckMenuRadioItem
GetWindowThreadProcessId
GetDesktopWindow
SetRectEmpty
SetRect
WindowFromPoint
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
MessageBeep
AdjustWindowRectEx
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuInfo
GetMenuInfo
TrackPopupMenuEx
DeleteMenu
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
EnableMenuItem
CreatePopupMenu
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetActiveWindow
CharLowerW
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
IsMenu
PostQuitMessage
GetMessagePos
DrawFrameControl
DrawEdge
TrackMouseEvent
RegisterWindowMessageW
LoadStringA
EnumChildWindows
MessageBoxW
LoadMenuW
LoadAcceleratorsW
CharNextW
DestroyWindow
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
LoadIconW
GetDlgItem
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
GetSystemMetrics
IsWindowEnabled
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetClientRect

gdi32

SetBkColor
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
ExtTextOutW
SetViewportOrgEx
CreateFontIndirectW
SetBkMode
SetTextColor
GetObjectW
CreateSolidBrush
CreatePen
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
LineTo
Rectangle
SetTextAlign
MoveToEx
TextOutW
Polyline
CreateBitmap
CreatePatternBrush
ExcludeClipRect
GetCurrentObject
CreateDIBSection
SetBrushOrgEx
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
Polygon
PatBlt

comdlg32

PrintDlgW
ChooseFontW
ReplaceTextW
FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegEnumKeyExW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
RegLoadMUIStringW
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfig2W
GetServiceDisplayNameW
CryptDestroyHash
RegGetValueW
RegOpenKeyW
RegCreateKeyW
RegRenameKey
RegEnumValueW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
ConvertStringSidToSidW
LookupAccountSidW
RegCopyTreeW
RegDeleteTreeW
RegQueryValueExW
ConvertSidToStringSidW
RegLoadKeyW
IsValidSid
GetTokenInformation
GetLengthSid
CopySid
OpenProcessToken
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptReleaseContext

shell32

SHGetKnownFolderPath
SHGetStockIconInfo
ExtractIconExW
SHEvaluateSystemCommandTemplate
ExtractAssociatedIconW
CommandLineToArgvW
ShellExecuteExW
ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemRealloc
CLSIDFromString
CoTaskMemFree
StgCreateStorageEx
StgOpenStorageEx
StringFromGUID2
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
VariantInit
VariantClear
SysStringLen

shlwapi

SHCreateStreamOnFileW
SHAutoComplete

comctl32

ImageList_Destroy
ImageList_DrawIndirect
ImageList_GetImageCount
ImageList_Create
ImageList_WriteEx
ImageList_Read
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Duplicate
ImageList_DrawEx
CreateStatusWindowW
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_AddMasked
ImageList_Draw

uxtheme

IsThemeActive
SetWindowTheme
IsAppThemed

msimg32

GradientFill

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpConnect

crypt32

CertGetNameStringW

Sections

.text
Size: 834KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/35. tcpview64.exe
.exe windows:6 windows x64 arch:x64

c928863939b9bc9b79e9eea80b207d70

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:45

Not After

11/05/2023, 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:a5:3e:7d:0b:83:e9:9e:c9:68:1d:6c:9f:1a:ff:88:74:65:29:d5:25:1f:57:ef:b1:a3:34:56:84:d5:8e:b5
Signer

Actual PE Digest

a1:a5:3e:7d:0b:83:e9:9e:c9:68:1d:6c:9f:1a:ff:88:74:65:29:d5:25:1f:57:ef:b1:a3:34:56:84:d5:8e:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\exe\x64\Release\TcpView64.pdb

Imports

kernel32

CreateThread
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetTickCount64
FileTimeToSystemTime
SetFilePointerEx
GetFileSizeEx
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetConsoleCP
ExitProcess
lstrcmpiW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
LCMapStringEx
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetStringTypeW
LoadLibraryExA
VirtualFree
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
QueryFullProcessImageNameW
OpenProcess
DecodePointer
VerifyVersionInfoW
lstrcmpW
VirtualQuery
SetPriorityClass
SetThreadPriority
GetCurrentThread
CreateDirectoryW
VerSetConditionMask
GetNumberFormatEx
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
FormatMessageW
GetModuleHandleExW
GetModuleFileNameA
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
TrySubmitThreadpoolCallback
VirtualAlloc
lstrlenW
MulDiv
LoadLibraryW
FreeLibrary
GetThreadId
CloseHandle
GetTempPathW
WriteFile
GetTempFileNameW
DeleteFileW
CreateFileW
GetModuleFileNameW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
TerminateProcess
EnterCriticalSection
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
WriteConsoleW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GlobalLock
GlobalUnlock
GlobalAlloc
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
RtlUnwind
SetLastError

user32

AppendMenuW
GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
LoadAcceleratorsW
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
RemoveMenu
GetMessageW
DrawFrameControl
SetRectEmpty
RegisterWindowMessageW
LoadStringA
LoadIconW
EnableWindow
MonitorFromPoint
MessageBoxW
LockWindowUpdate
GetMenuItemInfoW
TrackPopupMenuEx
ModifyMenuW
GetMenuItemCount
GetMenuInfo
SetMenuDefaultItem
MessageBeep
GetCursorPos
TranslateMessage
WindowFromPoint
GetWindowThreadProcessId
SendMessageW
DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
SetCursor
CheckMenuRadioItem
DrawEdge
SetMenuInfo
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
DialogBoxParamW
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
GetSysColorBrush
InflateRect
LoadCursorW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DestroyMenu
SetMenuItemInfoW
GetSysColor
LoadImageW
IsMenu
IsWindow
LoadStringW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
GetAncestor
DrawIconEx
DefWindowProcW
CallWindowProcW
UnregisterClassW
RegisterClassExW
GetClientRect
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
GetWindowTextW
GetWindowModuleFileNameW
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
GetScrollInfo
SetScrollInfo
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetClassNameW
SetClassLongPtrW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ScreenToClient
ShowScrollBar
SetScrollPos
RedrawWindow
ReleaseDC
GetWindowDC
GetDC
UpdateWindow
GetSystemMetrics
IsWindowEnabled
IsZoomed
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetParent
SetWindowLongPtrW
GetWindowLongPtrW
GetWindowTextLengthW

gdi32

ExcludeClipRect
CreatePatternBrush
PatBlt
SetBrushOrgEx
CreateBitmap
CreateDIBSection
GetCurrentObject
Polyline
TextOutW
MoveToEx
SetTextAlign
Rectangle
GetDeviceCaps
SetMapMode
StartDocW
EndDoc
StartPage
EndPage
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
SetBkColor
ExtTextOutW
CreateFontIndirectW
SetBkMode
SetTextColor
GetObjectW
CreateSolidBrush
CreatePen
GetStockObject
LineTo
GetTextExtentPoint32W

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW
PrintDlgW

advapi32

ControlTraceW
RegCreateKeyW
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegGetValueW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
ProcessTrace
OpenTraceW
RegCloseKey
StartTraceW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHGetFolderPathW
ShellExecuteW
ExtractIconExW
ExtractIconW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

ImageList_Destroy
ImageList_DrawEx
ImageList_GetIconSize
ImageList_Create
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
InitCommonControlsEx
ImageList_Draw

uxtheme

SetWindowTheme
IsThemeActive
IsAppThemed

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

dwmapi

DwmSetWindowAttribute
DwmDefWindowProc

iphlpapi

GetOwnerModuleFromTcpEntry
GetExtendedUdpTable
GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromUdp6Entry
SetTcpEntry
GetExtendedTcpTable

ws2_32

WSAGetLastError
getservbyport
getaddrinfo
send
recv
htons
connect
closesocket
ntohs
freeaddrinfo
GetNameInfoW
WSAStartup
gethostname
socket

tdh

TdhGetEventInformation
TdhGetPropertySize

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/36. Task Scheduler.lnk
.lnk
VirusRemovalTools/40. FRST64.exe
.exe windows:5 windows x64 arch:x64

8e94250c88a6c0e478828f96bcbb1662

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wsock32

gethostbyname
recv
send
socket
inet_ntoa
setsockopt
ntohs
WSACleanup
WSAStartup
sendto
htons
__WSAFDIsSet
select
accept
listen
bind
inet_addr
ioctlsocket
recvfrom
WSAGetLastError
closesocket
gethostname
connect

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime
waveOutSetVolume
mciSendStringW

comctl32

ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Remove
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
InitCommonControlsEx
ImageList_Create

mpr

WNetGetConnectionW
WNetCancelConnection2W
WNetUseConnectionW
WNetAddConnection2W

wininet

HttpOpenRequestW
InternetCloseHandle
InternetOpenW
InternetSetOptionW
InternetCrackUrlW
HttpQueryInfoW
InternetQueryOptionW
InternetConnectW
HttpSendRequestW
FtpOpenFileW
FtpGetFileSize
InternetOpenUrlW
InternetReadFile
InternetQueryDataAvailable

psapi

GetProcessMemoryInfo

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

userenv

DestroyEnvironmentBlock
LoadUserProfileW
CreateEnvironmentBlock
UnloadUserProfile

uxtheme

IsThemeActive

kernel32

WaitForSingleObject
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentThreadId
MultiByteToWideChar
MulDiv
GetVersionExW
IsWow64Process
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
lstrcpyW
lstrlenW
GetModuleHandleW
QueryPerformanceCounter
VirtualFreeEx
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
CreateFileW
SetFilePointerEx
SetEndOfFile
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetFileTime
GetFileAttributesW
FindFirstFileW
FindClose
GetLongPathNameW
GetShortPathNameW
DeleteFileW
FindNextFileW
CopyFileExW
GetFullPathNameW
CreateDirectoryW
RemoveDirectoryW
SetSystemPowerState
QueryPerformanceFrequency
LoadResource
LockResource
SizeofResource
OutputDebugStringW
GetTempPathW
GetTempFileNameW
DeviceIoControl
LoadLibraryW
GetLocalTime
CompareStringW
EnterCriticalSection
DuplicateHandle
GetStdHandle
CreatePipe
TerminateThread
LoadLibraryExW
FindResourceExW
CopyFileW
VirtualFree
FormatMessageW
GetExitCodeProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetPrivateProfileSectionNamesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetDriveTypeW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetVolumeInformationW
SetVolumeLabelW
CreateHardLinkW
SetFileAttributesW
CreateEventW
SetEvent
GetEnvironmentVariableW
SetEnvironmentVariableW
GlobalLock
GlobalUnlock
GlobalAlloc
GetFileSize
GlobalFree
GlobalMemoryStatusEx
Beep
GetSystemDirectoryW
HeapReAlloc
HeapSize
GetComputerNameW
GetWindowsDirectoryW
GetCurrentProcessId
GetProcessIoCounters
CreateProcessW
GetProcessId
SetPriorityClass
VirtualAlloc
SetCurrentDirectoryW
IsDebuggerPresent
GetCurrentDirectoryW
lstrcmpiW
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateThread
GetCurrentProcess
GetCurrentThread
LeaveCriticalSection
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
SetLastError
TlsAlloc
ResetEvent
WaitForSingleObjectEx
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
ExitProcess
GetModuleHandleExW
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetACP
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetStringTypeW
GetFileType
SetStdHandle
GetConsoleCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CloseHandle
WriteConsoleW
MoveFileW
RtlCaptureContext

user32

GetMenuStringW
GetSubMenu
GetCaretPos
IsZoomed
GetWindowLongW
GetMonitorInfoW
SetWindowLongW
SetLayeredWindowAttributes
FlashWindow
GetClassLongPtrW
TranslateAcceleratorW
IsDialogMessageW
GetSysColor
InflateRect
DrawFocusRect
DrawTextW
FrameRect
DrawFrameControl
FillRect
PtInRect
DestroyAcceleratorTable
CreateAcceleratorTableW
SetCursor
GetWindowDC
GetSystemMetrics
SetWindowLongPtrW
GetActiveWindow
CharNextW
wsprintfW
RedrawWindow
DrawMenuBar
DestroyMenu
SetMenu
GetWindowTextLengthW
CreateMenu
IsDlgButtonChecked
DefDlgProcW
CallWindowProcW
ReleaseCapture
SetCapture
BlockInput
GetMessageW
LockWindowUpdate
DispatchMessageW
TranslateMessage
PeekMessageW
GetInputState
UnregisterHotKey
CharLowerBuffW
MonitorFromPoint
MonitorFromRect
LoadImageW
mouse_event
ExitWindowsEx
SetActiveWindow
FindWindowExW
EnumThreadWindows
IsCharUpperW
InsertMenuItemW
IsMenu
TrackPopupMenuEx
GetCursorPos
DeleteMenu
CheckMenuRadioItem
GetMenuItemID
GetMenuItemCount
SetMenuItemInfoW
GetMenuItemInfoW
SetForegroundWindow
IsIconic
FindWindowW
GetClipboardData
keybd_event
SendInput
GetAsyncKeyState
SetKeyboardState
GetKeyboardState
GetKeyState
VkKeyScanW
LoadStringW
DialogBoxParamW
MessageBeep
EndDialog
SendDlgItemMessageW
GetDlgItem
SetWindowTextW
CopyRect
ReleaseDC
GetDC
EndPaint
BeginPaint
GetClientRect
GetMenu
DestroyWindow
EnumWindows
GetDesktopWindow
IsWindow
IsWindowEnabled
IsWindowVisible
EnableWindow
InvalidateRect
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowTextW
ScreenToClient
SendMessageTimeoutW
EnumChildWindows
CharUpperBuffW
GetClassNameW
GetParent
GetDlgCtrlID
SendMessageW
MapVirtualKeyW
PostMessageW
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
GetKeyboardLayoutNameW
ClientToScreen
RegisterHotKey
GetCursorInfo
SetWindowPos
CopyImage
AdjustWindowRectEx
SetRect
SetClipboardData
EmptyClipboard
CountClipboardFormats
SetMenuDefaultItem
CloseClipboard
GetWindowRect
SetUserObjectSecurity
IsClipboardFormatAvailable
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
GetUserObjectSecurity
MessageBoxW
DefWindowProcW
MoveWindow
SetFocus
PostQuitMessage
KillTimer
CreatePopupMenu
RegisterWindowMessageW
SetTimer
ShowWindow
CreateWindowExW
RegisterClassExW
LoadIconW
LoadCursorW
GetSysColorBrush
GetForegroundWindow
MessageBoxA
DestroyIcon
SystemParametersInfoW
OpenClipboard
GetWindowLongPtrW

gdi32

EndPath
DeleteObject
GetDeviceCaps
ExtCreatePen
StrokePath
SetPixel
CloseFigure
LineTo
AngleArc
MoveToEx
Ellipse
PolyDraw
GetTextExtentPoint32W
CreateCompatibleBitmap
BeginPath
Rectangle
SetViewportOrgEx
GetObjectW
SetBkMode
RoundRect
SetBkColor
CreatePen
CreateSolidBrush
SetTextColor
CreateFontW
GetTextFaceW
GetStockObject
CreateDCW
GetPixel
DeleteDC
GetDIBits
StretchBlt
SelectObject
CreateCompatibleDC
StrokeAndFillPath

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetAce
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegConnectRegistryW
InitializeSecurityDescriptor
InitializeAcl
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessWithLogonW
GetLengthSid
CopySid
LogonUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
RegSetValueExW
GetSecurityDescriptorDacl
GetAclInformation
RegCreateKeyExW
AddAce
SetSecurityDescriptorDacl
InitiateSystemShutdownExW
GetUserNameW

shell32

DragFinish
DragQueryPoint
ShellExecuteExW
DragQueryFileW
SHEmptyRecycleBinW
SHGetPathFromIDListW
SHBrowseForFolderW
SHCreateShellItem
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
ExtractIconExW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
ProgIDFromCLSID
CLSIDFromProgID
OleSetMenuDescriptor
MkParseDisplayName
OleSetContainedObject
CoCreateInstance
IIDFromString
StringFromGUID2
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoInitialize
CoUninitialize
GetRunningObjectTable
CoGetInstanceFromFile
CoGetObject
CoInitializeSecurity
CoCreateInstanceEx
CoSetProxyBlanket

oleaut32

VariantChangeType
DispCallFunc
CreateStdDispatch
CreateDispTypeInfo
UnRegisterTypeLi
UnRegisterTypeLibForUser
RegisterTypeLibForUser
RegisterTypeLi
LoadTypeLibEx
VariantCopyInd
VariantTimeToSystemTime
SysFreeString
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnaccessData
VariantInit
VariantClear
VariantCopy
SysAllocString
SafeArrayCreateVector
VarR8FromDec
SafeArrayAllocDescriptorEx
SafeArrayAllocData
SysStringLen
SafeArrayGetVartype
OleLoadPicture
QueryPathOfRegTypeLi
SysReAllocString
SafeArrayAccessData

Sections

.text
Size: 717KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/41. (ONLY WHEN MY PC IS DEAD)rkill.exe
.exe windows:5 windows x86 arch:x86

136bea86936e01e1f983ef31dafa8b2a

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

37:76:9e:e4:0a:db:40:b3:25:f0:1c:aa:a6:cf:1a:66
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/03/2018, 00:00

Not After

12/03/2021, 23:59

Subject

CN=Bleeping Computer\, LLC.,O=Bleeping Computer\, LLC.,POSTALCODE=11747,STREET=273 Walt Whitman Road #255,L=Huntington Station,ST=New York,C=US,2.5.4.18=#13053131373437

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:76:9e:e4:0a:db:40:b3:25:f0:1c:aa:a6:cf:1a:66
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

13/03/2018, 00:00

Not After

12/03/2021, 23:59

Subject

CN=Bleeping Computer\, LLC.,O=Bleeping Computer\, LLC.,POSTALCODE=11747,STREET=273 Walt Whitman Road #255,L=Huntington Station,ST=New York,C=US,2.5.4.18=#13053131373437

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e1:ee:f7:06:21:e3:33:74:53:d8:4c:a7:5c:aa:8c:c6:03:19:9a:ce:38:9a:35:89:f4:22:11:74:0a:d7:41:de
Signer

Actual PE Digest

e1:ee:f7:06:21:e3:33:74:53:d8:4c:a7:5c:aa:8c:c6:03:19:9a:ce:38:9a:35:89:f4:22:11:74:0a:d7:41:de

Digest Algorithm

sha256

PE Digest Matches

true

ad:ee:4c:fe:5d:6a:f2:73:46:1f:64:b0:9c:20:89:7c:12:ce:b0:03
Signer

Actual PE Digest

ad:ee:4c:fe:5d:6a:f2:73:46:1f:64:b0:9c:20:89:7c:12:ce:b0:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
SizeofResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetShortPathNameW
SetLastError
GetFileAttributesW
SetFileAttributesW
LoadResource
LocalFree
GetProcessHeap
SetEndOfFile
CreateProcessA
GetExitCodeProcess
FindResourceW
GetEnvironmentVariableW
CreateDirectoryW
Sleep
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
WaitForSingleObject
CreateProcessW
GetTickCount
lstrlenW
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
DeviceIoControl
CreateFileW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcessId
GetNativeSystemInfo
GetCurrentProcess
GetVersionExW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileAttributesA
SetStdHandle
LoadLibraryW
SetEnvironmentVariableA
GetTimeZoneInformation
FlushFileBuffers
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetStringTypeW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoW
HeapFree
GetCPInfo
HeapAlloc
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
ExitProcess
DeleteFileW
GetTimeFormatW
GetDateFormatW
HeapReAlloc
GetCommandLineW
HeapSetInformation
RaiseException
RtlUnwind
LCMapStringW
CompareStringW
GetTimeFormatA
GetDateFormatA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetACP
GetOEMCP
IsValidCodePage
ReadFile
WriteFile
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
SetFilePointer

user32

MessageBoxW
GetSystemMetrics

advapi32

AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
GetNamedSecurityInfoW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
QueryServiceStatus
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
FreeSid

shell32

SHGetFolderPathW

psapi

GetModuleFileNameExW
EnumProcessModules

shlwapi

StrStrIW

wintrust

CryptCATAdminReleaseCatalogContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext

Sections

.text
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/42. DumpIt.exe (Ram Report Creator).lnk
.lnk
VirusRemovalTools/6. HxD.lnk
.lnk
VirusRemovalTools/7. MSERT.exe
.exe windows:10 windows x64 arch:x64

6f39c4c897d80974a88aa70121805711

Code Sign

33:00:00:05:4f:13:66:3c:8b:d6:7c:df:d5:00:00:00:00:05:4f
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2023, 19:50

Not After

16/10/2024, 19:50

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:4a:97:ed:8b:d8:55:e8:2b:0a:b1:78:5e:93:e0:d4:68:a3:ec:5e:de:4c:15:17:4a:8c:a1:75:49:de:78:bf
Signer

Actual PE Digest

18:4a:97:ed:8b:d8:55:e8:2b:0a:b1:78:5e:93:e0:d4:68:a3:ec:5e:de:4c:15:17:4a:8c:a1:75:49:de:78:bf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

msert_empty.pdb

Imports

advapi32

GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
TraceMessage
InitiateSystemShutdownExW
RegCloseKey
EventActivityIdControl
EventWriteTransfer
CloseServiceHandle
AllocateAndInitializeSid
CopySid
FreeSid
CheckTokenMembership
ConvertSidToStringSidW
GetLengthSid
GetTokenInformation
QueryServiceStatus
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
OpenProcessToken
OpenThreadToken
EventRegister
EventUnregister
AdjustTokenPrivileges
LookupPrivilegeValueW
CreateProcessAsUserW
ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

DecodePointer
WaitForMultipleObjects
FileTimeToSystemTime
GetExitCodeProcess
GetSystemWindowsDirectoryW
MapViewOfFile
CreateFileMappingW
CreateProcessW
VirtualLock
CreateThread
ExitThread
FreeLibraryAndExitThread
FindFirstFileExW
GetCommandLineA
GetCommandLineW
CreateFileW
DeviceIoControl
ReadFile
GetOverlappedResult
WaitForSingleObject
WriteFile
CreateEventW
GetExitCodeThread
ResumeThread
SuspendThread
GetSystemPowerStatus
FreeLibrary
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GetDriveTypeW
GetLogicalDrives
GetSystemTimeAsFileTime
GetTimeFormatW
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
GetDiskFreeSpaceExW
GetTickCount
DeleteFileW
GetTempFileNameW
GetModuleHandleW
CloseHandle
FindClose
Process32NextW
Process32FirstW
GetCurrentProcessId
CreateToolhelp32Snapshot
GetSystemDefaultUILanguage
GetLastError
SetLastError
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetProcAddress
LoadLibraryExW
CompareStringW
LCMapStringW
ExitProcess
GetModuleHandleExW
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
MultiByteToWideChar
GetFileSizeEx
SetFilePointerEx
GetStringTypeW
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
ReadConsoleW
OutputDebugStringW
HeapSize
HeapReAlloc
RaiseException
WriteConsoleW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
QueryPerformanceCounter
InitializeSListHead
EncodePointer
InitializeCriticalSectionEx
UnmapViewOfFile
SetEvent
LocalFree
SetErrorMode
GetSystemTime
FileTimeToLocalFileTime
MoveFileExW
EnumResourceNamesW
RemoveDirectoryW
FindResourceW
LoadResource
LockResource
SizeofResource
lstrcmpA
LocalAlloc
FormatMessageW
CreateDirectoryW
FindFirstFileW
GetFullPathNameW
FindNextFileW
ExpandEnvironmentStringsW
GetFileAttributesW
SetFileAttributesW
LoadLibraryW
GetTempPathW
OpenEventW
OpenFileMappingW
GetSystemDirectoryW
GetNativeSystemInfo
HeapSetInformation
SetEndOfFile

user32

SetRectEmpty
SendInput
GetDesktopWindow
EnableWindow
SetTimer
KillTimer
DefWindowProcW
PostQuitMessage
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
UnregisterClassW
RegisterClassW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
GetScrollBarInfo
MessageBoxW
GetForegroundWindow
DialogBoxParamW
PostMessageW
SetWindowTextW
LoadIconW
GetDlgItem
EndDialog
SendDlgItemMessageW
CheckRadioButton
CheckDlgButton
CopyRect
GetWindowTextLengthW
GetWindowTextW
GetDC
DrawTextW
ReleaseDC
GetParent
SetFocus
SetDlgItemTextW
DrawTextExW
ScreenToClient
GetKeyState
SetWindowLongPtrW
GetWindowLongPtrW
SendMessageW
DestroyIcon
LoadImageW
GetWindowRect
MapWindowPoints
ShowWindow
MoveWindow

shell32

Shell_NotifyIconW
ShellExecuteW
SHBrowseForFolderW
SHGetFolderLocation
SHGetPathFromIDListW
ShellExecuteExW

ole32

CoWaitForMultipleHandles
CoInitializeEx
CoTaskMemAlloc
CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SafeArrayGetLBound
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
SafeArrayGetUBound
SafeArrayGetElement

rpcrt4

UuidFromStringW

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList

ntdll

RtlGetVersion
RtlVirtualUnwind
RtlCaptureContext
RtlNtStatusToDosError
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx

gdi32

SelectObject

comctl32

PropertySheetW
InitCommonControlsEx

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

crypt32

CryptMsgGetParam
CryptQueryObject
CryptMsgClose
CertFreeCertificateContext
CryptDecodeObject
CertVerifyCertificateChainPolicy

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.imrsiv
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 143.9MB - Virtual size: 143.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VirusRemovalTools/8. Malwarebytes.lnk
.lnk
VirusRemovalTools/9. Kaspersky.lnk
.lnk
VirusRemovalTools/desktop.ini

Sharing

General

Malware Config

Signatures

Files

868dc92668ff4b0d0241716d6769d9c6

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

12:ec:1d:79:45:83:1a:2a:59:69:f4:68Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

14:0f:d7:f6:d1:b5:7c:fc:3d:09:0d:4b:a2:2b:2a:0c:5d:ca:7a:f6:38:fb:cb:48:ff:cf:cc:42:35:24:e2:6cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

kernel32

user32

shell32

ole32

oleaut32

advapi32

Sections

.text Size: 657KB - Virtual size: 656KB

.rdata Size: 200KB - Virtual size: 200KB

.data Size: 21KB - Virtual size: 31KB

.rsrc Size: 101.9MB - Virtual size: 101.9MB

.reloc Size: 41KB - Virtual size: 41KB

6e0dcaca7f0e80510d06b4087b95e6f7

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0b:be:91:35:61:37:61:3e:57:68:3e:60:3e:c5:38:bdCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

5d:17:85:6e:8e:34:bc:b7:30:de:59:cc:d4:ea:5a:b7:45:6e:72:07:67:c5:ed:d1:57:b8:38:9c:88:67:4c:8eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shell32

rpcrt4

psapi

ws2_32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

imm32

gdiplus

setupapi

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

12:ec:1d:79:45:83:1a:2a:59:69:f4:68
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

14:0f:d7:f6:d1:b5:7c:fc:3d:09:0d:4b:a2:2b:2a:0c:5d:ca:7a:f6:38:fb:cb:48:ff:cf:cc:42:35:24:e2:6c
Signer

.text
Size: 657KB - Virtual size: 656KB

.rdata
Size: 200KB - Virtual size: 200KB

.data
Size: 21KB - Virtual size: 31KB

.rsrc
Size: 101.9MB - Virtual size: 101.9MB

.reloc
Size: 41KB - Virtual size: 41KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0b:be:91:35:61:37:61:3e:57:68:3e:60:3e:c5:38:bd
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

5d:17:85:6e:8e:34:bc:b7:30:de:59:cc:d4:ea:5a:b7:45:6e:72:07:67:c5:ed:d1:57:b8:38:9c:88:67:4c:8e
Signer

.text
Size: 8.5MB - Virtual size: 8.5MB

IPPCODE
Size: 114KB - Virtual size: 114KB

.rdata
Size: 3.0MB - Virtual size: 3.0MB

.data
Size: 269KB - Virtual size: 323KB

.pdata
Size: 349KB - Virtual size: 348KB

.rsrc
Size: 3.9MB - Virtual size: 3.9MB

.reloc
Size: 93KB - Virtual size: 93KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

08:d7:a6:38:9b:85:ba:4a:0f:71:de:48:5e:47:82:60
Certificate

01:b6:58:e3:cb:d5:f9:28:5f:d1:0c:09:84:dd:4e:cf:36:bf:08:9a:72:ac:e7:ba:a3:ae:a5:d4:3e:72:7b:61
Signer

.text
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 81KB - Virtual size: 102KB

.pdata
Size: 117KB - Virtual size: 117KB

.rsrc
Size: 9.3MB - Virtual size: 9.3MB

.reloc
Size: 20KB - Virtual size: 19KB

33:00:00:03:4d:4e:91:a6:1a:28:b0:78:8f:00:00:00:00:03:4d
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

2d:2e:d0:2c:26:7e:28:57:5a:76:a4:ef:31:41:c8:50:34:5e:93:1e:06:49:95:62:e6:b7:77:25:e0:43:e1:7e
Signer