no-defender-loader.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
no-defender-loader.exe
Resource
win11-20240508-en
windows11-21h2-x64
10 signatures
60 seconds
Behavioral task
behavioral2
Sample
powrprof.dll
Resource
win11-20240426-en
windows11-21h2-x64
1 signatures
60 seconds
Behavioral task
behavioral3
Sample
wsc.dll
Resource
win11-20240426-en
windows11-21h2-x64
1 signatures
60 seconds
Behavioral task
behavioral4
Sample
wsc_proxy.exe
Resource
win11-20240508-en
windows11-21h2-x64
3 signatures
60 seconds
General
-
Target
Release.7z
-
Size
2.7MB
-
MD5
95103db53974200b672d259742f4076b
-
SHA1
ded57b55310d19dc0e4b68092ea2efb44400036f
-
SHA256
176fdbab2521f29e514c62db9038532ab5b591bf7a337d192e7710daf1c39de2
-
SHA512
eb6935c34bf1a74bd44467d210c8f357d4a52f9683249a12e7de29f2910151c33dc22c850e901ea5014ae337a5ab8f03533ff94818f12d7ab8e2b61020d4ea7f
-
SSDEEP
49152:2cQgIkuiEibCUBS2pocpPbud7nsksGTRFaIaqvJLgRzU9UWw/d1ml:xB5pbCU42BP47sMTiV0JkRzUWW8dC
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/no-defender-loader.exe unpack001/powrprof.dll
Files
-
Release.7z.7z
-
no-defender-loader.exe.exe windows:6 windows x64 arch:x64
b04c572c5fcd2156b7c8a55bd45b813d
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
kernel32
SetEndOfFile
CloseHandle
Process32FirstW
GetCurrentThread
Process32NextW
GetLastError
CreateToolhelp32Snapshot
GetCurrentProcess
GetModuleFileNameA
WriteConsoleW
HeapSize
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
AreFileApisANSI
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThreadId
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
GetFileSizeEx
SetFilePointerEx
GetFileType
HeapAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
HeapReAlloc
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
advapi32
RegSetValueExW
LookupPrivilegeValueW
CreateServiceA
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyA
CloseServiceHandle
OpenSCManagerA
RegCreateKeyExA
OpenServiceA
OpenThreadToken
OpenProcessToken
ControlService
StartServiceA
DeleteService
ntdll
RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
RtlUnwind
Sections
.text Size: 295KB - Virtual size: 295KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 217KB - Virtual size: 217KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 15KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
no-defender-loader.pdb
-
powrprof.dll.dll windows:6 windows x64 arch:x64
9a051228f2b901cc01e21c5783aac192
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
powrprof.pdb
Imports
rpcrt4
I_RpcBindingInqLocalClientPID
kernel32
GetStringTypeW
GetModuleFileNameA
DeviceIoControl
WaitForSingleObject
CreateFileW
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
HeapCreate
VirtualProtect
HeapFree
GetCurrentProcess
Thread32Next
Thread32First
GetCurrentThreadId
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
GetLastError
HeapReAlloc
CloseHandle
HeapAlloc
GetThreadContext
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
SetEndOfFile
MultiByteToWideChar
LocalFree
FormatMessageA
GetLocaleInfoEx
FindClose
FindFirstFileExW
FindNextFileW
AreFileApisANSI
WideCharToMultiByte
InitOnceComplete
InitOnceBeginInitialize
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
RtlUnwind
GetCPInfo
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetFileSizeEx
SetFilePointerEx
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
WriteConsoleW
Exports
Exports
CallNtPowerInformation
Sections
.text Size: 199KB - Virtual size: 199KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 201KB - Virtual size: 201KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 348B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 480B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
powrprof.pdb
-
wsc.dll.dll windows:6 windows x64 arch:x64
3c650035b37cea8eaae1fc156b052784
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
09:02:b3:6b:32:51:c3:28:08:3f:77:7c:a0:84:28:ffCertificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before16/09/2022, 00:00Not After17/09/2025, 23:59SubjectCN=Avast Software s.r.o.,O=Avast Software s.r.o.,L=Praha,C=CZExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before14/07/2023, 00:00Not After13/10/2034, 23:59SubjectCN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/08/2022, 00:00Not After09/11/2031, 23:59SubjectCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e2:43:5e:6c:6a:65:18:14:b6:74:e8:08:2e:df:e3:41:27:11:9e:20:13:ed:8a:43:64:4f:7f:94:b1:5e:57:00Signer
Actual PE Digeste2:43:5e:6c:6a:65:18:14:b6:74:e8:08:2e:df:e3:41:27:11:9e:20:13:ed:8a:43:64:4f:7f:94:b1:5e:57:00Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\BUILD\work\e0dd96435fde7cb0\BUILDS\Release\x64\wsc.pdb
Imports
rpcrt4
UuidCreate
UuidFromStringW
UuidToStringW
RpcMgmtEpEltInqDone
RpcIfInqId
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqNextW
RpcRevertToSelf
I_RpcBindingInqLocalClientPID
RpcServerUnregisterIfEx
RpcServerRegisterIf2
RpcObjectSetType
RpcEpRegisterW
RpcEpUnregister
RpcBindingToStringBindingW
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcAsyncCancelCall
Ndr64AsyncClientCall
NdrAsyncServerCall
Ndr64AsyncServerCallAll
RpcStringBindingParseW
RpcSsDestroyClientContext
RpcBindingFree
NdrClientCall3
NdrServerCall2
NdrServerCallAll
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcImpersonateClient
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
wtsapi32
WTSQueryUserToken
WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW
shell32
ShellExecuteExW
ord165
SHGetFolderPathW
ntdll
NtOpenKey
RtlNtStatusToDosError
NtSetInformationThread
NtClose
RtlDllShutdownInProgress
RtlVirtualUnwind
RtlLookupFunctionEntry
NtSystemDebugControl
VerSetConditionMask
NtQueryKey
RtlPcToFileHeader
RtlCaptureContext
NtDeleteKey
RtlUnwindEx
kernel32
GetSystemTimeAsFileTime
CreateFileW
DeviceIoControl
OutputDebugStringW
DeleteFileW
CreateProcessW
FindFirstFileW
CheckRemoteDebuggerPresent
VirtualProtect
FlushInstructionCache
RaiseException
FindClose
GetProcessId
GetEnvironmentVariableW
SetEnvironmentVariableW
CreateThread
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetTickCount
SetErrorMode
SetUnhandledExceptionFilter
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
GetNativeSystemInfo
DuplicateHandle
GetSystemTimes
GetProcessTimes
QueryFullProcessImageNameW
GetPriorityClass
OpenThread
GetThreadPriority
K32EnumProcesses
GetThreadTimes
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetProcessHandleCount
TerminateProcess
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
DecodePointer
HeapDestroy
UnlockFileEx
LockFileEx
GetFileTime
CompareFileTime
SetFilePointerEx
GetFileSizeEx
ReadFile
CancelIoEx
GetOverlappedResult
ResetEvent
ReadDirectoryChangesW
UnregisterWaitEx
LoadLibraryExW
ProcessIdToSessionId
GetFileAttributesExW
GetLocaleInfoW
GetUserDefaultLangID
GetProcessShutdownParameters
SetProcessShutdownParameters
ResumeThread
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LocalFree
TerminateThread
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
QueryThreadCycleTime
CreateMutexW
CompareStringW
DeleteProcThreadAttributeList
K32GetProcessImageFileNameW
GetThreadId
WriteFile
VerifyVersionInfoW
GetSystemInfo
GetVersionExW
ExpandEnvironmentStringsW
GetShortPathNameW
GetSystemWindowsDirectoryW
GetProcessAffinityMask
GetLongPathNameW
VirtualAlloc
VirtualFree
GlobalMemoryStatusEx
GetExitCodeThread
SetFilePointer
SetFileAttributesW
GetFileSize
SetEndOfFile
MoveFileExW
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetFileInformationByHandle
SetFileTime
GetFullPathNameW
CreateDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
QueryDosDeviceW
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetVersion
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
FileTimeToSystemTime
FlushFileBuffers
OutputDebugStringA
SetFileInformationByHandle
GetDiskFreeSpaceExW
FreeResource
K32GetMappedFileNameW
FindFirstVolumeW
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
CreateThreadpoolWork
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SubmitThreadpoolWork
FlsAlloc
ExitProcess
FreeLibraryAndExitThread
ExitThread
InterlockedFlushSList
InterlockedPushEntrySList
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
InitializeSListHead
GetCPInfo
EncodePointer
LCMapStringEx
GetLocaleInfoEx
GetTickCount64
GetModuleFileNameW
GetFileAttributesW
GetSystemDirectoryW
UpdateProcThreadAttribute
InitializeProcThreadAttributeList
FreeLibrary
LoadLibraryW
GetModuleHandleExW
GetModuleFileNameA
HeapAlloc
HeapFree
SetLastError
GetCurrentThread
VirtualQuery
GetCommandLineW
GetCurrentProcess
ReadProcessMemory
OpenProcess
Sleep
GetCurrentProcessId
ReleaseMutex
CreateEventW
SetEvent
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetExitCodeProcess
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
CloseHandle
GetLastError
GetProcessHeap
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetConsoleOutputCP
GetConsoleMode
ReadConsoleW
GetTimeZoneInformation
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
RegisterWaitForSingleObject
FreeLibraryWhenCallbackReturns
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SwitchToThread
WaitForSingleObjectEx
GetFileInformationByHandleEx
AreFileApisANSI
FormatMessageA
GetStringTypeW
FindVolumeClose
AcquireSRWLockShared
ReleaseSRWLockShared
InitOnceComplete
InitOnceBeginInitialize
IsProcessorFeaturePresent
CloseThreadpoolWork
user32
GetSystemMetrics
PeekMessageW
IsHungAppWindow
SendMessageCallbackW
GetGUIThreadInfo
LoadStringW
AllowSetForegroundWindow
RegisterClassExW
GetClassInfoExW
SetWindowLongPtrW
SendMessageW
PostMessageW
RegisterWindowMessageW
advapi32
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegQueryMultipleValuesW
RegDeleteTreeW
RegNotifyChangeKeyValue
RegDeleteKeyExW
RegEnumKeyW
MakeSelfRelativeSD
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
FreeSid
RegOpenKeyExW
AddAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
GetSecurityDescriptorControl
ControlService
CreateProcessAsUserW
DuplicateTokenEx
CheckTokenMembership
DuplicateToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
EqualSid
OpenProcessToken
GetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryValueExW
RevertToSelf
RegCloseKey
RegCreateKeyExW
ImpersonateSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CreateServiceW
ChangeServiceConfig2W
QueryServiceConfig2W
QueryServiceStatus
StartServiceW
QueryServiceConfigW
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
ole32
CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitializeEx
oleaut32
VariantInit
VariantClear
SysFreeString
SafeArrayCreateVector
SysAllocString
powrprof
CallNtPowerInformation
shlwapi
PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathMatchSpecW
Exports
Exports
on_avast_dll_unload
run
Sections
.text Size: 2.5MB - Virtual size: 2.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 960KB - Virtual size: 960KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 465KB - Virtual size: 502KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 118KB - Virtual size: 117KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 25KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
wsc_proxy.exe.exe windows:6 windows x64 arch:x64
8e16a7c1f3d79bd7588af2c0e958008a
Code Sign
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/01/2021, 00:00Not After06/01/2031, 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
03:f0:2a:ca:05:1d:1c:93:30:ee:ab:d3:70:6e:83:6fCertificate
IssuerCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before02/12/2019, 00:00Not After19/10/2022, 12:00SubjectCN=Avast Software s.r.o.,OU=RE 999,O=Avast Software s.r.o.,L=Praha,C=CZExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:20:4d:b4:00:00:00:00:00:27Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:45Not After15/04/2021, 19:55SubjectCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate
IssuerCN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before11/02/2011, 12:00Not After10/02/2026, 12:00SubjectCN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before22/10/2013, 12:00Not After22/10/2028, 12:00SubjectCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
02:5a:1b:f3:e3:89:23:83:82:53:71:90:d3:49:e5:6aCertificate
IssuerCN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before15/10/2019, 00:00Not After19/10/2022, 12:00SubjectCN=Avast Software s.r.o.,OU=RE 999,O=Avast Software s.r.o.,L=Prague,C=CZExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
61:1c:b2:8a:00:00:00:00:00:26Certificate
IssuerCN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before15/04/2011, 19:41Not After15/04/2021, 19:51SubjectCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate
IssuerCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before01/01/2021, 00:00Not After06/01/2031, 00:00SubjectCN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate
IssuerCN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before07/01/2016, 12:00Not After07/01/2031, 12:00SubjectCN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
4b:cf:6d:ae:f6:16:b8:46:f0:b2:22:26:ca:c3:91:f3:bc:e1:10:2d:f1:e1:75:5b:8d:9a:6b:99:93:99:94:baSigner
Actual PE Digest4b:cf:6d:ae:f6:16:b8:46:f0:b2:22:26:ca:c3:91:f3:bc:e1:10:2d:f1:e1:75:5b:8d:9a:6b:99:93:99:94:baDigest Algorithmsha256PE Digest Matchestrue31:72:9c:5d:02:b3:85:f8:d1:87:d6:fc:1b:a5:18:f8:44:7d:81:6eSigner
Actual PE Digest31:72:9c:5d:02:b3:85:f8:d1:87:d6:fc:1b:a5:18:f8:44:7d:81:6eDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
D:\work\e0dd96435fde7cb0\BUILDS\Release\x64\wsc_proxy.pdb
Imports
kernel32
GetCommandLineW
GetLastError
LoadLibraryW
GetProcAddress
ExitProcess
GetModuleHandleW
FreeLibrary
SetDllDirectoryW
Sections
.text Size: 512B - Virtual size: 200B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 902B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 35KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ