e395626363c42bb14c20677df91f32c0_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

e395626363c42bb14c20677df91f32c0_NeikiAnalytics
Size

1.7MB
MD5

e395626363c42bb14c20677df91f32c0
SHA1

101e71683324fa049fcbcb686693dbf84ed98aaf
SHA256

80fcb4eaba78212dfc841e4410f7194dff9050e459533b34deebb9da00cc5241
SHA512

2314ff2169d4f230a551b9fd2158c32e2a57771f33e37af614e6233c2eb91b1f0ca6c44b5f47ac18efdf069069f9f989e702c35f50fcef404c61c2a9961e8044
SSDEEP

49152:RAtNW31SNQdlVFGeoOtaqcEM7CURDlQuTPfJqL9IOgT6g:RALekImeV2pCUVl9TUrgT6g

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
e395626363c42bb14c20677df91f32c0_NeikiAnalytics
unpack001/$PLUGINSDIR/registry.dll
unpack001/$TEMP/Start/Orbs/Windows 7.orb
unpack001/$TEMP/Start/StartAllBackX64.dll
unpack001/$TEMP/Start/Styles/Plain8.msstyles
unpack001/$TEMP/Start/Styles/Windows 7.msstyles

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

e395626363c42bb14c20677df91f32c0_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10-10-2020 10:39

Not After

08-01-2021 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

Actual PE Digest

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/DarkMagicLoaderX64.exe
.exe windows:6 windows x64 arch:x64

e75f4984b1f4f72162793ec77624ebf2

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:4c:d9:b1:99:b2:60:6b:67:52:81:37:79:68:c8:02:83:c2:89:3b:9d:d6:39:ad:be:39:a9:d7:8f:07:68:be
Signer

Actual PE Digest

86:4c:d9:b1:99:b2:60:6b:67:52:81:37:79:68:c8:02:83:c2:89:3b:9d:d6:39:ad:be:39:a9:d7:8f:07:68:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-downlevel-shlwapi-l1-1-0

StrToIntW

Sections

.text
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Start/DarkMagicLoaderX86.exe
.exe windows:6 windows x86 arch:x86

e75f4984b1f4f72162793ec77624ebf2

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:b8:3a:73:48:55:59:28:c3:91:3e:12:63:ab:bc:57:5a:da:2d:8b:69:9b:07:dc:e5:16:21:b7:13:f7:bb:24
Signer

Actual PE Digest

9a:b8:3a:73:48:55:59:28:c3:91:3e:12:63:ab:bc:57:5a:da:2d:8b:69:9b:07:dc:e5:16:21:b7:13:f7:bb:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-downlevel-shlwapi-l1-1-0

StrToIntW

Sections

.text
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/DarkMagicX64.dll
.dll windows:6 windows x64 arch:x64

0620309530e8b341c41067588ed41c2e

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:52:cf:94:a6:29:16:1b:35:d1:90:32:f6:9d:b6:fc:c1:06:f1:ee:ae:e1:d0:15:e6:cd:d1:d3:85:7b:ab:f6
Signer

Actual PE Digest

4d:52:cf:94:a6:29:16:1b:35:d1:90:32:f6:9d:b6:fc:c1:06:f1:ee:ae:e1:d0:15:e6:cd:d1:d3:85:7b:ab:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\DarkMagicX64.pdb

Imports

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpW
lstrcmpiA
lstrcmpA

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
DisableThreadLibraryCalls

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
ResumeThread
GetProcessIdOfThread
GetThreadId
OpenProcessToken
GetCurrentThread
SetThreadPriority
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateThread

api-ms-win-core-atoms-l1-1-0

AddAtomW
DeleteAtom
FindAtomW

api-ms-win-core-synch-l1-1-0

CreateEventW
OpenEventW
SleepEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObject
SetEvent
WaitForSingleObjectEx

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

GetCurrentActCtx
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable
InitOnceExecuteOnce

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

SetFilePointer
ReadFile
CreateFileW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveFileSpecW
PathAppendW

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegGetValueW

api-ms-win-mm-time-l1-1-0

timeGetTime
timeBeginPeriod
timeEndPeriod

user32

FindWindowW
IsWindow
GetParent
SendMessageW
SendMessageCallbackW
GetWindowThreadProcessId
SendNotifyMessageW
IsMenu
GetSystemMenu
GetDpiForMonitorInternal
ord2557
SetWindowCompositionAttribute
SetLayeredWindowAttributes
RegisterClassW
RegisterShellHookWindow
DeregisterShellHookWindow
GetDpiForWindow
SystemParametersInfoForDpi
GetUpdateRect
KillTimer
EndPaint
BeginPaint
EnableWindow
SystemParametersInfoA
DrawEdge
GetWindow
MonitorFromWindow
DrawTextW
DefWindowProcW
GetCurrentInputMessageSource
GetSubMenu
SetClassLongPtrW
GetMenu
PrintWindow
GetSystemMetrics
GetDC
PtInRect
GetMenuItemRect
ReleaseDC
GetIconInfo
LoadIconW
SendMessageTimeoutW
SetWinEventHook
SetMenuItemInfoW
SetWindowsHookExW
CallNextHookEx
UnhookWinEvent
UnhookWindowsHookEx
IsWindowVisible
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
FindWindowExW
GetWindowInfo
OffsetRect
GetSysColor
GetDesktopWindow
SetWindowLongW
GetGUIThreadInfo
GetMenuItemInfoW
GetMenuItemCount
InflateRect
GetWindowLongPtrW
EnumChildWindows
WindowFromDC
InvalidateRect
GetClassInfoW
EnumThreadWindows
GetSystemMetricsForDpi
DrawIconEx
GetWindowRect
GetCIMSSM
GetDpiForSystem
GetThreadDpiAwarenessContext
ShowWindow
UpdateWindow
SystemParametersInfoW
AnimateWindow
SetPropW
PostMessageW
CreateWindowExW
GetWindowLongW
DestroyWindow
UpdateLayeredWindow
SetWindowPos
SetTimer
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
GetClientRect
SetMenuInfo
SetWindowLongPtrW
SetMessageExtraInfo
GetClassLongPtrW
IsIconic

gdi32

SetBkMode
SetLayout
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetObjectType
DeleteObject
GetLayout
SelectObject
RestoreDC
SaveDC
CreateFontW
StretchBlt
CreateDIBSection
CreateFontIndirectW
GetTextColor
SetTextColor
GetTextExtentExPointW
GetStockObject
GetCurrentObject
SetBkColor
ExtTextOutW
GetDCDpiScaleValue
GdiDrawStream

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh

api-ms-win-crt-string-l1-1-0

wcsncpy_s
memset
_wcsnicmp
strcmp
wcscmp
_wcsicmp

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAdjustPrivilege
NtAlpcSendWaitReceivePort
NtResumeThread
RtlInitUnicodeString

api-ms-win-crt-private-l1-1-0

__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
__CxxFrameHandler4
memcpy
wcschr
__C_specific_handler
_CxxThrowException

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

sin
acos
cos

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InitDarkMagic
LoadRemote

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/DarkMagicX86.dll
.dll windows:6 windows x86 arch:x86

d9fa523335a185ddd53a21afd78d1576

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:a8:66:59:04:36:b7:e1:88:d1:b5:b2:98:a2:e2:44:6f:eb:5d:50:a4:10:a1:8e:66:4a:5a:ad:f0:25:98:0f
Signer

Actual PE Digest

f8:a8:66:59:04:36:b7:e1:88:d1:b5:b2:98:a2:e2:44:6f:eb:5d:50:a4:10:a1:8e:66:4a:5a:ad:f0:25:98:0f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\DarkMagicX86.pdb

Imports

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpA
lstrlenW
lstrcmpiA

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
GetModuleHandleW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

ResumeThread
GetCurrentProcess
GetCurrentProcessId
CreateThread
GetCurrentThread
SetThreadPriority
GetProcessIdOfThread
GetThreadId
OpenProcessToken
TerminateProcess
GetCurrentThreadId

api-ms-win-core-atoms-l1-1-0

AddAtomW
DeleteAtom
FindAtomW

api-ms-win-core-synch-l1-1-0

CreateEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenEventW
WaitForSingleObject
WaitForSingleObjectEx
SetEvent
SleepEx

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetUnhandledExceptionFilter
SetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
ActivateActCtx
GetCurrentActCtx
DeactivateActCtx

api-ms-win-core-memory-l1-1-0

VirtualProtect

api-ms-win-core-com-l1-1-0

CoCreateInstance

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

ReadFile
CreateFileW
SetFilePointer

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAppendW
PathRemoveFileSpecW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegCloseKey

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeGetTime
timeEndPeriod

user32

SendMessageW
SendMessageCallbackW
GetWindowThreadProcessId
SendNotifyMessageW
IsMenu
GetSystemMenu
KillTimer
GetGUIThreadInfo
GetDpiForMonitorInternal
ord2557
SetWindowCompositionAttribute
GetUpdateRect
DefWindowProcW
RegisterShellHookWindow
DeregisterShellHookWindow
GetDpiForWindow
SystemParametersInfoForDpi
GetParent
GetSubMenu
EndPaint
BeginPaint
EnableWindow
SystemParametersInfoA
DrawEdge
GetWindow
InvalidateRect
DrawTextW
MonitorFromWindow
IsWindow
SetLayeredWindowAttributes
GetCurrentInputMessageSource
PrintWindow
GetSystemMetrics
GetIconInfo
SetMenuItemInfoW
PtInRect
GetMenuItemRect
GetDC
LoadIconW
GetClassLongW
SendMessageTimeoutW
SetWinEventHook
SetWindowsHookExW
SetMessageExtraInfo
CallNextHookEx
UnhookWinEvent
UnhookWindowsHookEx
IsWindowVisible
IsIconic
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
FindWindowExW
GetWindowInfo
OffsetRect
GetSysColor
GetDesktopWindow
ReleaseDC
GetMenu
GetMenuItemInfoW
GetMenuItemCount
InflateRect
SetClassLongW
SetWindowLongW
WindowFromDC
FindWindowW
EnumChildWindows
GetClassInfoW
GetSystemMetricsForDpi
DrawIconEx
EnumThreadWindows
GetCIMSSM
GetDpiForSystem
GetWindowRect
GetThreadDpiAwarenessContext
ShowWindow
SystemParametersInfoW
UpdateWindow
SetPropW
PostMessageW
CreateWindowExW
GetWindowLongW
AnimateWindow
UpdateLayeredWindow
SetWindowPos
SetTimer
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
GetClientRect
SetMenuInfo
RegisterClassW
DestroyWindow

gdi32

SetTextColor
SetLayout
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetObjectType
DeleteObject
GetLayout
SelectObject
RestoreDC
SaveDC
CreateFontW
StretchBlt
CreateDIBSection
CreateFontIndirectW
GetTextColor
GetStockObject
GetTextExtentExPointW
SetBkMode
GetCurrentObject
SetBkColor
ExtTextOutW
GetDCDpiScaleValue
GdiDrawStream

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
_execute_onexit_table
_initialize_narrow_environment
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-string-l1-1-0

wcsncpy_s
_wcsicmp
memset
_wcsnicmp

ntdll

RtlInitUnicodeString
RtlAdjustPrivilege
NtAlpcSendWaitReceivePort
NtResumeThread

api-ms-win-crt-private-l1-1-0

memcpy
_except_handler4_common
__std_exception_destroy
__std_type_info_destroy_list
__CxxFrameHandler3
__std_exception_copy
_CxxThrowException
wcschr

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_libm_sse2_sin_precise
_libm_sse2_acos_precise

Exports

Exports

InitDarkMagic
LoadRemote

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/Orbs/Windows 7.orb
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Start/Orbs/clover.svg
$TEMP/Start/Orbs/e1evenorb-pr.png
.png
$TEMP/Start/Orbs/w8logo.svg
$TEMP/Start/Ribbon/theme-dark/Windows.AddRemovePrograms.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.Computer.Manage.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.CopyToMenu.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.MoveToMenu.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.MultiVerb.cmd.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.MultiVerb.cmdPromptAsAdministrator.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.RibbonPermissionsDialog.svg
.xml
$TEMP/Start/Ribbon/theme-dark/Windows.shareprivate.svg
.xml
$TEMP/Start/Ribbon/theme-dark/accessmedia.svg
$TEMP/Start/Ribbon/theme-dark/easyaccess.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.SystemProperties.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.folderoptions.svg
$TEMP/Start/Ribbon/theme-dark/windows.help.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.hideSelected.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.layout.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.open.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.opencontrolpanel.svg
$TEMP/Start/Ribbon/theme-dark/windows.pastelink.svg
$TEMP/Start/Ribbon/theme-dark/windows.removeproperties.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.slideshow.svg
.xml
$TEMP/Start/Ribbon/theme-dark/windows.troubleshoot.svg
$TEMP/Start/Ribbon/theme-light/Windows.AddRemovePrograms.svg
$TEMP/Start/Ribbon/theme-light/Windows.Computer.Manage.svg
$TEMP/Start/Ribbon/theme-light/Windows.CopyToMenu.svg
.xml
$TEMP/Start/Ribbon/theme-light/Windows.MoveToMenu.svg
$TEMP/Start/Ribbon/theme-light/Windows.MultiVerb.cmd.svg
.xml
$TEMP/Start/Ribbon/theme-light/Windows.MultiVerb.cmdPromptAsAdministrator.svg
.xml
$TEMP/Start/Ribbon/theme-light/Windows.RibbonPermissionsDialog.svg
.xml
$TEMP/Start/Ribbon/theme-light/Windows.shareprivate.svg
.xml
$TEMP/Start/Ribbon/theme-light/accessmedia.svg
$TEMP/Start/Ribbon/theme-light/easyaccess.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.SystemProperties.svg
$TEMP/Start/Ribbon/theme-light/windows.edit.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.email.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.folderoptions.svg
$TEMP/Start/Ribbon/theme-light/windows.help.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.hideSelected.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.layout.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.open.svg
$TEMP/Start/Ribbon/theme-light/windows.openControlPanel.svg
$TEMP/Start/Ribbon/theme-light/windows.pastelink.svg
$TEMP/Start/Ribbon/theme-light/windows.removeproperties.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.slideshow.svg
.xml
$TEMP/Start/Ribbon/theme-light/windows.troubleshoot.svg
$TEMP/Start/StartAllBackCfg.exe
.exe windows:5 windows x64 arch:x64

68168885a576a732c88daed746aa2d3d

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:5c:b0:56:f5:54:99:20:37:ac:22:47:81:09:a6:70:19:6b:d1:d8:e2:c2:8f:cd:32:5e:fd:52:92:ee:3a:40
Signer

Actual PE Digest

ef:5c:b0:56:f5:54:99:20:37:ac:22:47:81:09:a6:70:19:6b:d1:d8:e2:c2:8f:cd:32:5e:fd:52:92:ee:3a:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
RegDeleteTreeW
RegDeleteKeyExW
RegDeleteKeyValueW

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WindowFromDC
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
IsCharAlphaNumericW
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CopyImage
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow
SetProcessDefaultLayout
SwitchToThisWindow
GetDpiForWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
LoadLibraryA
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
lstrcpyW
lstrcmpiW
lstrcmpW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
UnmapViewOfFile
SuspendThread
SizeofResource
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
QueueUserWorkItem
OpenFileMappingW
MulDiv
MoveFileExW
MapViewOfFile
LockResource
LoadResource
LoadLibraryW
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTime
GetLocalTime
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
FreeResource
FormatMessageW
FindResourceW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
AddAtomW
GetUserPreferredUILanguages
CheckElevationEnabled
GetSystemWindowsDirectoryW
IsWow64Process2

msimg32

GradientFill
AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
GdiAlphaBlend
SetLayout
GetLayout

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

SHFileOperationW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderPathW
SHAddToRecentDocs
SHDefExtractIconW
ord896
ILSaveToStream
ILLoadFromStreamEx

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

comdlg32

ChooseColorW

shlwapi

PathParseIconLocationW
PathIsNetworkPathW
PathFileExistsW
PathCanonicalizeW
PathAppendW
PathAddBackslashW
StrCatW
StrDupW
StrCmpNIW
SHLoadIndirectString
SHOpenRegStream2W

ntdll

RtlAdjustPrivilege

gdiplus

GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillPath
GdipGraphicsClear
GdipDrawPath
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

shcore

GetDpiForMonitor

uxtheme

ord121
ord120
SetWindowTheme

wtsapi32

WTSTerminateProcess

winmm

PlaySoundW

crypt32

CryptStringToBinaryA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 484B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Start/StartAllBackLoaderX64.dll
.dll windows:6 windows x64 arch:x64

8d84ac60d65a19835a8dc294d87b31f8

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-02-2023 13:11

Not After

03-02-2024 13:11

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:b7:d3:5c:1d:c4:0c:e7:00:e1:e3:cd:fe:4c:b2:9e:d0:a2:5a:14:a6:81:9f:87:f1:94:47:35:52:c9:aa:93
Signer

Actual PE Digest

40:b7:d3:5c:1d:c4:0c:e7:00:e1:e3:cd:fe:4c:b2:9e:d0:a2:5a:14:a6:81:9f:87:f1:94:47:35:52:c9:aa:93

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\StartAllBackLoaderX64.pdb

Imports

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend

kernel32

FreeLibrary
OutputDebugStringA
GetModuleFileNameW
WaitForSingleObject
GetVersion
DisableThreadLibraryCalls
CloseHandle
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW

user32

IsWindow
GetShellWindow

advapi32

RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1024B - Virtual size: 611B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Start/StartAllBackX64.dll
.dll windows:6 windows x64 arch:x64

fe2cf726ce90106629edb4b6147b55ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\StartAllBackX64.pdb

Imports

shlwapi

StrNCatW
StrCpyNW
StrCmpNIW
ord219
PathParseIconLocationW
PathAddBackslashW
StrStrIW
StrCSpnA
StrStrIA
HashData
StrStrNIW
ord158
ord215
StrTrimW
ord513
ord212
ord512
ord184
ord388
PathIsNetworkPathW
StrCmpIW
ord168
PathIsRootW
PathStripToRootW
PathIsFileSpecW
ord256
PathRemoveExtensionW
PathIsUNCW
PathIsDirectoryW
PathIsRelativeW
SHRegGetValueW
SHStrDupW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
ord176
SHOpenRegStream2W
ord12
PathRemoveBlanksW
ord174
ord172
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathRemoveBackslashW
PathFileExistsW
StrToIntW
ord16
StrStrW
PathRemoveFileSpecW
PathAppendW
ord487

dwmapi

DwmEnableBlurBehindWindow
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea
ord138
ord141
DwmTransitionOwnedWindow
ord139
ord113
ord159
ord163
ord187
ord164
DwmGetWindowAttribute
DwmInvalidateIconicBitmaps
DwmFlush
DwmSetIconicThumbnail
ord140
DwmUpdateThumbnailProperties

uxtheme

GetThemeMetric
GetThemePropertyOrigin
GetThemeTextExtent
GetThemeRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeFont
IsThemePartDefined
ord121
ord120
ord126
ord50
ord140
ord135
ord49
ord74
ord133
ord138
ord132
GetThemeMargins
GetWindowTheme
GetBufferedPaintTargetDC
GetThemePartSize
GetCurrentThemeName
EndBufferedAnimation
DrawThemeBackground
SetWindowTheme
GetThemeBackgroundContentRect
SetWindowThemeAttribute
OpenThemeData
GetThemeBitmap
CloseThemeData
GetThemeInt
BeginBufferedPaint
EndBufferedPaint
GetThemeEnumValue
GetThemeColor
ord47
DrawThemeParentBackground
OpenThemeDataForDpi
DrawThemeTextEx
BufferedPaintSetAlpha
IsThemeBackgroundPartiallyTransparent

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize
RoUninitialize

ntdll

RtlCaptureContext
NtQueryWnfStateData
RtlAdjustPrivilege
NtQueryInformationToken
RtlInitUnicodeString

msvcrt

strcmp
sin
memset
memmove
memcpy
memcmp
vsprintf_s
??2@YAPEAX_K@Z
wcschr
_wcsnicmp
wcscpy_s
wcscat_s
wcsncmp
malloc
free
_wcsicmp
vswprintf_s
isspace
tolower
isprint
_vsnwprintf
wcsstr
wcstok_s
abort
__C_specific_handler
wcsncpy_s
??_U@YAPEAX_K@Z
_wtoi
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
atoi
??1type_info@@UEAA@XZ
__dllonexit
_unlock
wcscmp
_lock
_onexit
__CxxFrameHandler3
_XcptFilter
_initterm
_amsg_exit
cos
acos
bsearch

gdi32

CreateCompatibleDC
CreateDIBSection
GetGlyphIndicesW
GetLayout
SelectClipRgn
OffsetClipRgn
GetObjectType
StretchDIBits
GetTextExtentExPointW
SetBkMode
TextOutW
GetDCDpiScaleValue
GdiDrawStream
SelectObject
GetBitmapBits
GetDCBrushColor
StretchBlt
GetBkColor
GetBkMode
SetBoundsRect
GetBoundsRect
OffsetRgn
CreateCompatibleBitmap
SetViewportOrgEx
GetTextExtentPoint32W
GetDeviceCaps
AddFontResourceExW
GetObjectW
GdiAlphaBlend
DeleteDC
CreateBitmap
DeleteObject
SetBitmapBits
CreateRectRgn
GetClipBox
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPointW
SetLayout
BitBlt
SaveDC
ExcludeClipRect
RestoreDC
SetBkColor
GetStockObject
SetTextColor
ExtTextOutW
CreateRectRgnIndirect
GetCurrentObject
CombineRgn
GetRgnBox
GdiFlush
GetTextColor
SetWindowOrgEx
CreateFontW
GetCharWidth32W

user32

GetWindowLongPtrW
SendMessageTimeoutW
GetWindowLongW
SetWindowLongPtrW
GetSystemMetricsForDpi
SetWindowRgn
RemovePropW
SendMessageW
GetClassNameW
EnumChildWindows
DefWindowProcW
EqualRect
IsZoomed
SetClassLongPtrW
GetSysColorBrush
RegisterClassW
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemInfoW
InvalidateRect
SystemParametersInfoForDpi
InflateRect
SetFocus
GetDoubleClickTime
SetWindowPos
ShowWindow
RedrawWindow
GetDCEx
ReleaseDC
FillRect
GetDlgItem
BeginPaint
EndPaint
GetWindowInfo
OffsetRect
GetWindowDC
GetClassLongPtrW
GetSystemMetrics
GetComboBoxInfo
SystemParametersInfoW
FindWindowW
UpdateWindow
AnimateWindow
DrawFocusRect
LoadImageW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
GetWindowThreadProcessId
GetClassWord
CreateWindowExW
GetGUIThreadInfo
IsChild
MonitorFromWindow
UpdateLayeredWindow
GetWindowRgn
DestroyWindow
GetMonitorInfoW
SetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
GetWindow
LockSetForegroundWindow
GetFocus
IsWindow
SetLayeredWindowAttributes
PeekMessageW
NotifyWinEvent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuRadioItem
GetMenuItemCount
CheckMenuItem
ReleaseCapture
PtInRect
DragDetect
SetCapture
SetMenuItemBitmaps
DrawTextW
UnhookWinEvent
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
SetThreadDpiAwarenessContext
GetCursorPos
MonitorFromPoint
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetForegroundWindow
GetForegroundWindow
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
WindowFromDC
GetMessageExtraInfo
GetMenuBarInfo
GetMenuInfo
SetMenuInfo
GetSystemMenu
IsMenu
SetMessageExtraInfo
SetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemID
TranslateMessage
GetMenuDefaultItem
GetAsyncKeyState
GetDC
GetShellWindow
ExitWindowsEx
GetMenuState
EnableWindow
IsCharAlphaNumericW
IsCharAlphaW
CharNextW
CallWindowProcW
CharLowerW
EnumThreadWindows
SetSysColors
SystemParametersInfoA
GetDesktopWindow
LoadImageA
SwitchToThisWindow
GetLayeredWindowAttributes
IsRectEmpty
UnregisterClassW
MonitorFromRect
InternalGetWindowText
GetWindowPlacement
IsIconic
CopyRect
ShowWindowAsync
PrintWindow
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
GetUpdateRect
SetWindowLongW
CalculatePopupWindowPosition
DrawIconEx
UnionRect
GetWindowRgnBox
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorInfo
AllowSetForegroundWindow
GetIconInfo
CopyImage
SetCursorPos
SubtractRect
PostThreadMessageW
RegisterHotKey
GetDpiForSystem
SetActiveWindow
RegisterClipboardFormatW
ChildWindowFromPointEx
InsertMenuItemW
GetMessageW
GetCurrentInputMessageSource
GetCIMSSM
SetPropW
KillTimer
SetTimer
GetDpiForWindow
GetClientRect
GetPropW
GetAncestor
MapWindowPoints
GetWindowRect
GetParent
GetWindowTextW
FindWindowExW
PostMessageW
LoadStringW
GetSysColor
LoadCursorW
SetCursor
CreateIconIndirect
GetKeyState
wsprintfW
wsprintfA
RegisterWindowMessageW
ord2005
SetWindowCompositionAttribute
GetWindowBand
ord2509
ord2510
SetWindowBand
SetWinEventHook
GetDpiForMonitorInternal

kernel32

CompareFileTime
GetTempPathW
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
LocalFree
PackageFamilyNameFromFullName
GetModuleFileNameW
CreateProcessW
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MoveFileW
lstrcpynW
TlsSetValue
TlsAlloc
FindPackagesByPackageFamily
TlsGetValue
GetPackagesByPackageFamily
ParseApplicationUserModelId
QueueUserAPC
QueueUserWorkItem
GlobalFree
GlobalAlloc
GetSystemFirmwareTable
CreateFileA
Sleep
SetEvent
UnregisterWaitEx
RegisterWaitForSingleObject
ExpandEnvironmentStringsW
SubmitThreadpoolWork
GetCurrentThread
LocalAlloc
MoveFileExW
DeleteFileW
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetWindowsDirectoryW
OpenProcess
QueryFullProcessImageNameW
CreateMutexW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
ResolveDelayLoadedAPI
GetProcessId
IsBadReadPtr
TerminateProcess
ExitThread
GlobalLock
GlobalUnlock
IsBadCodePtr
GetApplicationUserModelId
GetVersionExW
DisableThreadLibraryCalls
GetCurrentActCtx
GlobalAddAtomW
GetUserDefaultUILanguage
GetComputerNameExW
DebugBreak
lstrcpynA
RtlVirtualUnwind
RtlLookupFunctionEntry
LCMapStringW
GetThreadPriority
DeleteCriticalSection
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
GetModuleHandleExW
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
DelayLoadFailureHook
WaitForSingleObjectEx
SleepEx
IsWow64Process2
ProcessIdToSessionId
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
OutputDebugStringA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
RaiseException
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
InitOnceExecuteOnce
GetProcAddress
GetCurrentThreadId
LoadLibraryExW
InitOnceBeginInitialize
InitOnceComplete
lstrcmpW
FindResourceW
LoadResource
SizeofResource
CompareStringOrdinal
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
InitializeCriticalSection
WaitForSingleObject
CreateThread
SetThreadPriority
GetTickCount
ActivateActCtx
DeactivateActCtx
FindAtomW
AddAtomW
DeleteAtom
FreeLibrary
OpenEventW
CreateEventW

advapi32

RegSetValueW
GetUserNameW
RegQueryValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyValueW
RegEnumKeyW
RegOpenKeyW
GetSidSubAuthority
RegGetValueW
RegSetKeyValueW
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

ord85
SHFileOperationW
SHAppBarMessage
ord62
ord645
ord644
SHCreateItemWithParent
ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHGetStockIconInfo
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ShellExecuteExW
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
ord22
ord132
ord2
ord4
ord134
SHGetFileInfoW
SHGetIDListFromObject
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88

ole32

StringFromGUID2
CoInitializeEx
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
ReleaseStgMedium
CoAllowSetForegroundWindow
CoCreateFreeThreadedMarshaler
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoWaitForMultipleHandles
CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GlassControls
LoadSVG
LoadSVGOrb
PickGlyphDlg
Startup
UninstallW
Uninstall_AllUsersW

Sections

.text
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/Styles/Plain8.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/Styles/Windows 7.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Start/UpdateCheck.exe

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 41KB - Virtual size: 40KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aaCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7Signer

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 322KB

.reloc Size: 2KB - Virtual size: 1KB

e75f4984b1f4f72162793ec77624ebf2

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

09:63:74:f3:62:b9:30:81:d4:3c:a2:16Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

86:4c:d9:b1:99:b2:60:6b:67:52:81:37:79:68:c8:02:83:c2:89:3b:9d:d6:39:ad:be:39:a9:d7:8f:07:68:beSigner

Headers

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 41KB - Virtual size: 40KB

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 322KB

.reloc
Size: 2KB - Virtual size: 1KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

86:4c:d9:b1:99:b2:60:6b:67:52:81:37:79:68:c8:02:83:c2:89:3b:9d:d6:39:ad:be:39:a9:d7:8f:07:68:be
Signer

.text
Size: 512B - Virtual size: 154B

.rdata
Size: 1024B - Virtual size: 904B

.pdata
Size: 512B - Virtual size: 60B

.rsrc
Size: 512B - Virtual size: 480B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

9a:b8:3a:73:48:55:59:28:c3:91:3e:12:63:ab:bc:57:5a:da:2d:8b:69:9b:07:dc:e5:16:21:b7:13:f7:bb:24
Signer

.text
Size: 512B - Virtual size: 223B

.idata
Size: 1024B - Virtual size: 612B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 28B

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

09:63:74:f3:62:b9:30:81:d4:3c:a2:16
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

4d:52:cf:94:a6:29:16:1b:35:d1:90:32:f6:9d:b6:fc:c1:06:f1:ee:ae:e1:d0:15:e6:cd:d1:d3:85:7b:ab:f6
Signer