Asteroid[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Asteroid.zip
Size

4.1MB
MD5

f40f41935dd962f620299325e93c6638
SHA1

44d5efb049abc990705c3dc7eb9466889d6383ac
SHA256

00a4b578e46beee67c41961bc736be6d8883d5b21e937c6ca888a2f69ad5ee38
SHA512

e35087e268bf9c822e1db76e90ef90993cfdd5c69342b694a27c96bf73ba69f25c631fe07a084d8d2456621ac3f153709cbd282ae681671b38f6fe6bb8ea1f4e
SSDEEP

98304:VNyAMPhbSUnEi4SrVGOugTzN3gTcKF9+j1Rs3tUbaDqTTRqrEj/Hcb82zQGEKLMd:VNyjJuUny2ugTz+TcMIxO3tUbZlj/Hvn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AsteroidPC.dll

Files

Asteroid.zip
.zip

Password: 1
!!!! the password is 1 !!!!
AsteroidPC.dll
.dll windows:6 windows x64 arch:x64

Password: 1

6eb907d7b30d125b948edd1dcc49e899

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
GetACP
RtlVirtualUnwind
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
CreateSemaphoreA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
FormatMessageA
GetSystemTimeAsFileTime
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
ResumeThread
ReadConsoleA
ReadConsoleW
FindClose
FindFirstFileW
FindNextFileW
FormatMessageW
GetTickCount
InitializeCriticalSectionEx
GetLastError
CreateEventA
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
GetEnvironmentVariableW
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
RtlLookupFunctionEntry
WriteFile
GetFileType
AllocConsole
WideCharToMultiByte
CreateThread
DisableThreadLibraryCalls
GetConsoleMode
OpenProcess
SetConsoleMode
WriteConsoleA
GetStdHandle
SetConsoleTitleA
OpenThread
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetCurrentProcessId
GetThreadContext
SuspendThread
GetCurrentThreadId
Thread32First
Thread32Next
GetCurrentProcess
HeapFree
GlobalAlloc
VirtualProtect
HeapCreate
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalUnlock
GlobalLock
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
HeapAlloc
GlobalFree
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
SetLastError
VerSetConditionMask
IsDebuggerPresent
InitializeSListHead
CloseHandle
HeapReAlloc
MultiByteToWideChar
Sleep
SetEvent
CreateToolhelp32Snapshot
UnhandledExceptionFilter

user32

CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
GetClipboardData
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
SetClipboardData
EmptyClipboard
ReleaseCapture
ScreenToClient
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation
GetWindowThreadProcessId
GetSystemMetrics
GetAsyncKeyState
CallWindowProcA
GetWindowTextA
ClipCursor
SetWindowLongPtrA
FindWindowA
ShowCursor
DestroyWindow
DefWindowProcA
CreateWindowExA
UnregisterClassA
RegisterClassExA
GetKeyState
LoadCursorA

shell32

ShellExecuteA

msvcp140

?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@PEAV32@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
_Query_perf_counter
?_Random_device@std@@YAIXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_function_call@std@@YAXXZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Query_perf_frequency
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

d3dcompiler_47

D3DCompile

xinput1_4

ord2
ord4

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
strchr
__C_specific_handler
strrchr
memcpy
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
memchr
memmove
memcmp
wcsstr
memset

api-ms-win-crt-runtime-l1-1-0

raise
_beginthreadex
_exit
_invalid_parameter_noinfo_noreturn
signal
_wassert
__sys_errlist
__sys_nerr
terminate
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_seh_filter_dll
_configure_narrow_argv
strerror_s
_initialize_narrow_environment
_errno
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

setvbuf
fgetpos
ungetc
fsetpos
_fseeki64
freopen_s
_get_stream_buffer_pointers
__stdio_common_vfprintf
fgetc
__stdio_common_vsprintf_s
_read
_lseeki64
_setmode
_fileno
feof
_open
fputc
_write
fputs
_close
__stdio_common_vswprintf
_wfopen
ftell
__stdio_common_vsscanf
fread
ferror
__stdio_common_vsprintf
__acrt_iob_func
fwrite
fflush
fgets
fseek
fclose
fopen

api-ms-win-crt-string-l1-1-0

strcmp
strncmp
strpbrk
strncpy_s
strspn
_strdup
isspace
strcspn
isdigit
tolower
strcat_s
strncpy
strcpy_s

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
realloc
calloc

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
strtoull
strtoul
strtod
atof
wcstombs
strtol

api-ms-win-crt-math-l1-1-0

atan2f
ceilf
cos
cosf
floorf
_fdopen
sqrtf
asinf
fmodf
pow
powf
roundf
acosf
sin
sinf
sqrt

api-ms-win-crt-time-l1-1-0

_time64
_localtime64_s
_gmtime64
strftime
_gmtime64_s

api-ms-win-crt-filesystem-l1-1-0

_access
_stat64
_stat64i32
_fstat64
_lock_file
_unlock_file
_unlink

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-environment-l1-1-0

getenv

normaliz

IdnToUnicode
IdnToAscii

ws2_32

getsockname
gethostname
getsockopt
freeaddrinfo
getaddrinfo
__WSAFDIsSet
WSAIoctl
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSACreateEvent
WSACloseEvent
sendto
recvfrom
getpeername
shutdown
socket
setsockopt
listen
connect
closesocket
WSAEnumNetworkEvents
bind
accept
send
recv
WSASetLastError
getservbyname
getservbyport
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
ntohs
ioctlsocket

wldap32

ord211
ord60
ord45
ord50
ord41
ord143
ord26
ord46
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord217
ord27
ord22

crypt32

CertEnumCertificatesInStore
CertFindCertificateInStore
CertCloseStore
CertFindExtension
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertOpenStore
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertOpenSystemStoreW
CertGetCertificateContextProperty
CertFreeCertificateContext

advapi32

CryptSetHashParam
CryptEncrypt
CryptHashData
CryptGetHashParam
CryptAcquireContextA
CryptGenRandom
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptImportKey

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Injectors/processhacker-2.39-setup.exe
.exe windows:1 windows x86 arch:x86

Password: 1

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-10-2013 00:00

Not After

04-01-2017 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30-10-2013 00:00

Not After

04-01-2017 12:00

Subject

CN=Wen Jia Liu,O=Wen Jia Liu,L=Sydney,ST=New South Wales,C=AU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24-12-2015 00:00

Not After

07-01-2025 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:33:12:d6:73:40:58:da:f9:36:91:31:58:17:af:f2:3f:e7:11:0a:e3:31:bd:85:7b:43:70:47:90:53:db:12
Signer

Actual PE Digest

83:33:12:d6:73:40:58:da:f9:36:91:31:58:17:af:f2:3f:e7:11:0a:e3:31:bd:85:7b:43:70:47:90:53:db:12

Digest Algorithm

sha256

PE Digest Matches

true

b1:cd:ff:77:4a:7c:de:e6:76:24:73:fd:3c:9a:c6:c7:05:79:d7:d3
Signer

Actual PE Digest

b1:cd:ff:77:4a:7c:de:e6:76:24:73:fd:3c:9a:c6:c7:05:79:d7:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
how to use.txt
why is there a password.txt

Sharing

General

Malware Config

Signatures

Files

Password: 1

Password: 1

6eb907d7b30d125b948edd1dcc49e899

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

msvcp140

imm32

d3dcompiler_47

xinput1_4

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

normaliz

ws2_32

wldap32

crypt32

advapi32

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 21KB - Virtual size: 34KB

.pdata Size: 148KB - Virtual size: 147KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 42KB - Virtual size: 41KB

Password: 1

Code Sign

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7fCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2fCertificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4fCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

83:33:12:d6:73:40:58:da:f9:36:91:31:58:17:af:f2:3f:e7:11:0a:e3:31:bd:85:7b:43:70:47:90:53:db:12Signer

b1:cd:ff:77:4a:7c:de:e6:76:24:73:fd:3c:9a:c6:c7:05:79:d7:d3Signer

Headers

DLL Characteristics

File Characteristics

Sections

CODE Size: 39KB - Virtual size: 39KB

DATA Size: 1024B - Virtual size: 592B

BSS Size: - Virtual size: 3KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 21KB - Virtual size: 34KB

.pdata
Size: 148KB - Virtual size: 147KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 42KB - Virtual size: 41KB

0f:f1:ef:66:bd:62:1c:65:b7:4b:4d:e4:14:25:71:7f
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:0c:b4:1e:4f:b3:70:c4:5c:43:44:76:51:62:58:2f
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

02:ce:42:94:59:02:a4:f3:c0:40:b0:ff:77:93:d1:4f
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

83:33:12:d6:73:40:58:da:f9:36:91:31:58:17:af:f2:3f:e7:11:0a:e3:31:bd:85:7b:43:70:47:90:53:db:12
Signer

b1:cd:ff:77:4a:7c:de:e6:76:24:73:fd:3c:9a:c6:c7:05:79:d7:d3
Signer

CODE
Size: 39KB - Virtual size: 39KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 102KB - Virtual size: 101KB