Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
Static task
static1
Behavioral task
behavioral1
Sample
tshark.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
tshark.exe
Resource
win10v2004-20240419-en
Target
tshark.exe
Size
548KB
MD5
644f6ce43c3ab8b348b6f6161871748b
SHA1
b80121a3df35bab8a99a6d5353f065a50d427198
SHA256
b76d81d205eb653e3cd4d3ee810225eadf2764992672553aea44f3bad7fb6395
SHA512
463daad246509747a536ab013992af86b02a5b0667a8c052d97484ba5609889a2ff30a28c8b1f4dedd7eb6407ff25d4cef9e74aae94e186281b9e83b93fe8649
SSDEEP
12288:Tx9y+tLs0LU+BRoQNWr3Zk2f/LSa6CHmA8jFP9Bn:D3/LUYRoQNWr3bf/LhpsBDn
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
C:\buildbot\builders\wireshark-3.4-64\windows-2019-x64\build\cmbuild\run\RelWithDebInfo\tshark.pdb
output_fields_add
process_stat_cmd_arg
find_dissector_table
proto_get_protocol_name
dissector_handle_get_protocol_index
dissector_change_uint
col_cleanup
start_requested_stats
color_filters_prime_edt
epan_get_runtime_version_info
tap_listeners_require_dissection
epan_cleanup
epan_load_settings
set_resolution_synchrony
oid_get_default_mib_path
dissector_table_foreach_handle
proto_registrar_dump_fieldcount
epan_new
proto_registrar_dump_fields
conversation_table_set_gui_info
get_dissector_table_selector_type
dissector_all_tables_foreach_table
address_to_display
val_to_str_ext_const
rtp_payload_type_short_vals_ext
proto_get_id_by_filter_name
p_get_proto_data
epan_get_user_comment
remove_tap_listener
tvb_memcpy
proto_enable_heuristic_by_name
read_keytab_file
proto_enable_proto_by_name
disable_name_resolution
gbl_resolv_flags
string_to_name_resolve
proto_disable_proto_by_name
ex_opt_get_nth
prefs_is_capture_device_hidden
tvb_new
tvb_ws_mempbrk_pattern_guint8
prefs_find_module
prefs_find_preference
prefs_register_string_preference
wsp_vals_status_ext
try_val_to_str_ext
wsp_vals_pdu_type_ext
stats_tree_get_abbr
stats_tree_packet
stats_tree_presentation
stats_tree_format_as_str
stats_tree_new
stats_tree_get_default_sort_col
wmem_alloc
stats_tree_is_default_sort_DESC
wmem_strdup_printf
stats_tree_get_cfg_by_abbr
stats_tree_reset
destroy_print_stream
ex_opt_get_next
srt_table_dissector_init
srt_table_get_filter
get_srt_proto_id
get_srt_packet_func
free_srt_table
get_srt_tap_listener_name
sid_name_snooping
sid_name_table
sip_response_code_vals
stat_tap_get_filter
stat_tap_get_field_data
wmem_memdup
tvb_get_guint8
rtsp_status_code_vals
get_rtd_proto_id
rtd_table_get_filter
rtd_table_dissector_init
get_rtd_value_string
rtd_table_get_tap_string
get_rtd_tap_listener_name
free_rtd_table
get_rtd_packet_func
rpc_prog_name
proto_construct_match_selected_string
col_get_writable
col_append_fstr
get_conversation_packet_func
format_size_wmem
wmem_strconcat
fvalue_get_uinteger64
fvalue_get_uinteger
fvalue_get
proto_registrar_get_byname
proto_registrar_get_ftype
proto_get_finfo_ptr_array
fvalue_get_floating
fvalue_get_sinteger64
timestamp_get_type
fvalue_get_sinteger
vals_http_status_code
get_ipv6_hash_table
write_ek_proto_tree
epan_dissect_prime_with_dfilter
have_filtering_tap_listeners
postdissectors_want_hfids
prime_epan_dissect_with_postdissector_wanted_hfids
get_ipv4_hash_table
wmem_map_foreach
gsm_a_dtap_msg_tp_strings
dissector_dump_decodes
proto_registrar_dump_elastic
have_custom_cols
write_psml_columns
print_line
proto_initialize_all_prefixes
epan_dissect_run_with_taps
write_json_preamble
write_json_proto_tree
secrets_wtap_callback
col_custom_prime_edt
dissector_change_string
srt_table_get_tap_string
dissector_change_payload
gsm_a_dtap_msg_gmm_strings
gsm_a_dtap_msg_rr_strings
gsm_a_pd_str
gsm_a_dtap_msg_mm_strings
gsm_a_bssmap_msg_strings
gsm_a_dtap_msg_ss_strings
gsm_a_rr_short_pd_msg_strings
gsm_a_dtap_msg_cc_strings
gsm_a_dtap_msg_sm_strings
gsm_a_dtap_msg_sms_strings
funnel_set_funnel_ops
follow_info_free
follow_get_stat_tap_string
get_follow_tap_string
get_host_ipaddr
get_follow_index_func
EBCDIC_to_ASCII
follow_iterate_followers
get_follow_address_func
get_follow_proto_id
get_follow_tap_handler
address_to_str_buf
get_host_ipaddr6
sequence_analysis_table_iterate_tables
sequence_analysis_get_packet_func
sequence_analysis_dump_to_file
sequence_analysis_get_tap_listener_name
sequence_analysis_info_free
sequence_analysis_list_free
sequence_analysis_get_tap_flags
sequence_analysis_get_nodes
sequence_analysis_get_name
get_conversation_proto_id
proto_get_protocol_short_name
get_hostlist_packet_func
find_protocol_by_id
get_conversation_address
get_conversation_port
proto_get_protocol_filter_name
get_eo_packet_func
get_eo_by_name
get_eo_proto_id
get_eo_tap_listener_name
eo_iterate_tables
eo_ct2ext
eo_massage_str
expert_group_vals
ftype_name
address_to_str
fvalue_type_ftenum
fvalue_to_string_repr
camelSRTtype_naming
gtcap_StatSRT
time_stat_update
val_to_str_wmem
gcamel_StatSRT
get_average
register_stat_tap_ui
wmem_strdup
wmem_file_scope
wmem_array_get_count
wmem_array_append
wmem_array_new
wmem_array_index
wmem_free
wmem_alloc0
register_tap_listener
proto_registrar_dump_values
except_setup_try
proto_node_group_children_by_json_key
add_ipv4_name
output_fields_free
write_pdml_proto_tree
list_stat_cmd_args
register_all_plugin_tap_listeners
epan_dissect_fill_in_columns
epan_dissect_reset
dfilter_free
wmem_epan_scope
srt_table_iterate_tables
union_of_tap_listener_flags
get_export_pdu_tap_list
add_hosts_file
epan_get_compiled_version_info
hostlist_table_set_gui_info
output_fields_new
output_fields_set_option
timestamp_set_seconds_type
dissector_dump_dissector_tables
free_frame_data_sequence
epan_dissect_run
maxmind_db_get_paths
timestamp_set_precision
output_fields_list_options
proto_node_group_children_by_unique
except_free
draw_tap_listeners
write_fields_proto_tree
frame_data_set_after_dissect
column_dump_column_formats
proto_registrar_get_byalias
stat_tap_iterate_tables
except_pop
output_fields_has_cols
write_json_finale
frame_data_sequence_add
add_ipv6_name
proto_registrar_dump_protocols
write_pdml_preamble
ex_opt_add
ex_opt_count
print_stream_ps_stdio_new
epan_dissect_init
reset_tap_listeners
frame_data_sequence_find
write_fields_finale
wmem_strsplit
rtd_table_iterate_tables
write_psml_finale
dissector_dump_heur_decodes
print_finale
epan_dissect_cleanup
write_prefs
frame_data_set_before_dissect
epan_free
find_and_mark_frame_depended_upon
print_hex_data
print_line_color
timestamp_set_type
get_addrinfo_list
build_column_format_array
write_pdml_finale
except_rethrow
output_fields_num_fields
print_preamble
proto_registrar_dump_ftypes
write_fields_preamble
frame_data_destroy
prefs
output_fields_valid
get_column_visible
postseq_cleanup_all_protocols
new_frame_data_sequence
frame_data_init
write_psml_preamble
dfilter_apply_edt
dfilter_compile
wslua_plugins_dump_all
epan_init
epan_dissect_free
prefs_set_pref
print_stream_text_stdio_new
prefs_apply_all
epan_dissect_new
proto_tree_print
color_filters_init
ConvertInterfaceGuidToLuid
ConvertInterfaceLuidToAlias
wtap_dump_can_open
wtap_block_add_string_option_format
wtap_dump_params_cleanup
wtap_file_type_subtype_string
open_info_name_to_type
wtap_dump_params_init_no_idbs
wtap_uses_interface_ids
wtap_dump_open
wtap_short_string_to_file_type_subtype
wtap_set_cb_new_ipv6
wtap_open_offline
wtap_dump_close
wtap_snapshot_length
wtap_file_type_subtype
wtap_sequential_close
wtap_block_get_string_option_value
wtap_set_cb_new_ipv4
wtap_dump_set_addrinfo_list
wtap_dump_file_type_subtype
wtap_dump_open_stdout
wtap_dump
wtap_cleanup
wtap_rec_cleanup
wtap_get_num_file_types_subtypes
wtap_dump_add_idb
wtap_read
wtap_cleareof
wtap_rec_init
wtap_get_next_interface_description
wtap_set_cb_new_secrets
open_routines
wtap_file_type_subtype_short_string
wtap_close
wtap_init
wtap_file_get_idb_info
wtap_strerror
wtap_block_add_string_option
wtap_free_idb_info
wtap_block_add_uint8_option
wtap_block_create
wtap_block_get_mandatory_data
wtap_block_array_free
wtap_dump_fdopen
wtap_seek_read
get_cur_groupname
get_plugins_pers_dir_with_version
init_report_message
optind
relinquish_special_privs_perm
set_profile_name
nstime_set_zero
get_extcap_dir
create_app_running_mutex
get_cur_username
get_plugins_pers_dir
get_progfile_dir
ws_buffer_free
free_progdirs
init_progfile_dir
optarg
get_plugins_dir
ws_buffer_init
ws_stdio_unlink
win32strerror
get_datafile_dir
get_persconffile_path
ws_stdio_open
opterr
please_report_bug
get_systemfile_dir
optopt
getopt_long
profile_exists
started_with_special_privs
running_with_special_privs
ws_init_sockets
get_plugins_dir_with_version
ws_init_dll_search_path
file_open_error_message
nstime_to_sec
nstime_to_msec
nstime_delta
ws_strtou32
report_failure
ws_pipe_close
ws_stdio_stat64
ws_pipe_spawn_sync
ws_pipe_spawn_async
ws_read_string_from_pipe
utf_8to16
file_exists
ws_pipe_wait_for_pipe
ws_add_crash_info
get_os_version_info
get_cpu_info
get_copyright_info
plugins_get_count
ws_strtoi
ws_stdio_rename
ws_stdio_remove
report_warning
create_persconffile_dir
ws_stdio_fopen
get_datafile_path
ws_strtoi32
report_write_failure
report_open_failure
ws_inet_pton6
ws_inet_pton4
win32strexception
protect_arg
win32_create_process
ws_pipe_data_available
ws_module_open
init_process_policies
plugins_dump_all
g_module_supported
g_module_symbol
g_strstr_len
g_slist_sort
g_slist_prepend
g_try_malloc
g_direct_hash
g_direct_equal
g_ptr_array_remove_index
g_string_prepend
g_ptr_array_add
g_ptr_array_new
g_list_last
g_ascii_table
g_hash_table_lookup
g_mkdir_with_parents
g_slist_append
g_build_filename
g_slist_nth_data
g_file_test_utf8
g_hash_table_foreach
g_string_chunk_free
g_ascii_strncasecmp
g_string_chunk_new
g_array_sized_new
g_malloc0_n
g_string_chunk_insert_const
g_array_free
g_array_set_size
g_array_append_vals
g_string_new
g_hash_table_new
g_strdup
g_int_hash
g_strdup_printf
g_realloc
g_slist_foreach
g_strerror
g_snprintf
g_strfreev
g_free
g_strsplit
g_timeout_add
g_hash_table_insert
g_assertion_message_expr
g_get_tmp_dir
g_str_has_suffix
g_mutex_init
g_str_hash
g_strchug
g_log_set_handler
g_string_append
g_slist_free
g_mutex_lock
g_malloc
g_mutex_unlock
g_malloc_n
g_strchomp
g_string_free
g_str_has_prefix
g_log
g_slist_free_full
g_log_default_handler
g_slist_insert_sorted
g_array_new
g_hash_table_destroy
g_array_remove_index
g_strrstr
g_hash_table_ref
g_ascii_strcasecmp
g_hash_table_unref
g_list_nth_data
g_list_free
g_ptr_array_foreach
g_thread_pool_free
g_dir_close
g_regex_replace
g_spawn_close_pid
g_hash_table_get_values
g_hash_table_foreach_remove
g_list_free_full
g_list_delete_link
g_list_find
g_cond_init
g_mutex_clear
g_dir_open_utf8
g_thread_pool_push
g_path_get_basename
g_ascii_strdown
g_hash_table_remove_all
g_child_watch_add
g_regex_new
g_cond_clear
g_strndup
g_strlcpy
g_slist_length
g_list_append
g_strconcat
g_strdupv
g_list_first
g_hash_table_new_full
g_list_sort
g_get_num_processors
g_ptr_array_free
g_hash_table_lookup_extended
g_hash_table_get_keys
g_strcmp0
g_source_remove
g_get_monotonic_time
g_list_length
g_cond_wait
g_malloc0
g_cond_signal
g_list_find_custom
g_thread_pool_new
g_ptr_array_sort
g_regex_unref
g_strv_length
g_hash_table_size
g_dir_read_name_utf8
g_match_info_fetch
g_match_info_matches
g_utf8_validate
g_regex_match_full
g_ascii_strtoll
g_regex_match
g_strtod
g_match_info_next
g_ascii_strtoull
g_regex_match_simple
g_match_info_free
g_tree_lookup
g_tree_replace
g_tree_new_full
g_ptr_array_sized_new
g_strjoinv
g_string_append_printf
g_list_reverse
g_list_foreach
g_list_prepend
g_list_remove_link
g_int_equal
g_ascii_strtod
g_string_printf
g_strlcat
g_string_sized_new
g_slist_nth
g_slist_reverse
g_list_nth
g_string_insert_c
g_utf16_to_utf8
g_str_equal
FlushFileBuffers
GlobalMemoryStatusEx
GetStdHandle
TerminateProcess
CreatePipe
Sleep
GetCurrentProcessId
MultiByteToWideChar
DisconnectNamedPipe
SetConsoleCtrlHandler
PeekNamedPipe
GetExitCodeProcess
WideCharToMultiByte
CloseHandle
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlCaptureContext
GetLastError
CreateNamedPipeW
GetSystemMetrics
OpenSCManagerW
QueryServiceStatus
OpenServiceW
CloseServiceHandle
memchr
memcmp
memcpy
__intrinsic_setjmp
memset
__current_exception_context
__current_exception
strchr
__std_type_info_destroy_list
strstr
strrchr
__C_specific_handler
_exit
_initterm_e
_initterm
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_cexit
_set_app_type
_seh_filter_exe
terminate
_c_exit
__p___argc
_crt_atexit
_register_thread_local_exe_atexit_callback
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
exit
__doserrno
_crt_at_quick_exit
_seh_filter_dll
__p___wargv
abort
_configure_narrow_argv
_errno
strncmp
strtok
strcmp
setlocale
_configthreadlocale
_fileno
_isatty
__stdio_common_vfprintf
fflush
__acrt_iob_func
ferror
_get_osfhandle
putchar
__stdio_common_vsscanf
__p__commode
_close
_write
fclose
putc
getc
ungetc
fwrite
_open_osfhandle
_set_fmode
fputs
_read
strftime
_localtime64
_gmtime64
_time64
strtol
malloc
_set_new_mode
getenv
_cwait
sqrt
__setusermatherr
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ