xworm | cheat[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

cheat.rar
Size

1.1MB
MD5

aa5bd73344c1fa17bcf2c061cf76f25b
SHA1

63e96f3c1b896bebf5c82d40f2fff5c805811116
SHA256

9a248aa3478ee5b4743ba896447b2c597935e363748be1289e34bf72169adf17
SHA512

0d9e097d1af4e4be854b8d4455c59b593cf863c18b97b466b579773a32a2f6c59a0dceb7e46d124ca2902431f1b5a55f5cd4cc4efc6addb78d97660cd3fb4d94
SSDEEP

24576:pxH304lgwefI4r0PxwcRfRrZ1XkT9n5xDrpcOzP3wN:pxIJ9YbedFzPAN

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/cheat/KZR FN.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cheat/KZR FN.exe

Files

cheat.rar
.rar
cheat/How to use.txt
cheat/KZR FN.exe
.exe windows:6 windows x64 arch:x64

5c5e05271f14978244a6e048fa3326ec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Alex\Documents\cheat_src\cheat src\cheat src\cheat src\cheat src\bin\fortnite\H.pdb

Imports

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
VerSetConditionMask
RtlCaptureContext

kernel32

GetFileInformationByHandleEx
AreFileApisANSI
OutputDebugStringW
VirtualProtect
VirtualQuery
WriteFile
GetCurrentThreadId
GetCurrentProcessId
DeviceIoControl
CreateFileA
GetFileSize
ExitProcess
ReadFile
Process32First
Process32Next
GetFileAttributesExW
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
lstrcmpiA
GlobalAddAtomA
SetConsoleTitleA
GetConsoleWindow
Sleep
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
CreateThread
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
QueryFullProcessImageNameW
SetLastError
FormatMessageA
LocalFree
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
VerifyVersionInfoA
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
GetFileSizeEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
CreateToolhelp32Snapshot
CloseHandle
CreateFileW
LoadLibraryA
GetProcAddress
GetModuleHandleA
FreeLibrary
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetLastError
HeapDestroy
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
InitializeSListHead
GetLocaleInfoEx
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileW

user32

GetSystemMetrics
MessageBoxA
GetWindowLongA
DestroyWindow
PostMessageA
DispatchMessageA
TranslateMessage
LoadCursorA
ScreenToClient
ClientToScreen
OpenClipboard
SetClipboardData
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
GetForegroundWindow
CloseClipboard
GetKeyState
EmptyClipboard
GetClipboardData

advapi32

CryptDestroyHash
CryptEncrypt
CryptImportKey
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
InitializeAcl
GetTokenInformation
GetLengthSid
AddAccessAllowedAce
CryptDestroyKey
OpenProcessToken

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

d3dcompiler_43

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

msvcp140

?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?setf@ios_base@std@@QEAAHHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Query_perf_frequency
_Query_perf_counter
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?width@ios_base@std@@QEAA_J_J@Z
?flags@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?uncaught_exceptions@std@@YAHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?width@ios_base@std@@QEBA_JXZ

normaliz

IdnToAscii

wldap32

ord211
ord60
ord45
ord46
ord143
ord50
ord41
ord22
ord26
ord301
ord27
ord200
ord32
ord33
ord35
ord79
ord30
ord217

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

ws2_32

freeaddrinfo
getaddrinfo
select
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
sendto
WSAStartup
WSAIoctl
gethostname
ntohl
recvfrom
closesocket
recv
WSASetLastError
socket
setsockopt
send
WSAGetLastError
ntohs
bind
htons
connect
getpeername
getsockname
getsockopt

shlwapi

PathFindFileNameW

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140

__C_specific_handler
__current_exception
__current_exception_context
memset
wcsstr
strrchr
memcpy
memchr
__std_exception_destroy
__std_exception_copy
strstr
__std_terminate
_CxxThrowException
memmove
strchr
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-string-l1-1-0

tolower
strpbrk
strcspn
strncpy
strcmp
strncmp
isupper
_strdup
strspn

api-ms-win-crt-stdio-l1-1-0

fflush
fputs
fopen
fread
fclose
_lseeki64
_wfopen
__acrt_iob_func
fseek
ftell
_popen
_pclose
fgets
_set_fmode
fwrite
__stdio_common_vfprintf
__p__commode
__stdio_common_vsnprintf_s
_read
_write
_close
__stdio_common_vsprintf
__stdio_common_vsscanf
ungetc
setvbuf
_fseeki64
fsetpos
fputc
fgetpos
fgetc
_get_stream_buffer_pointers
_open
feof

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
calloc
_set_new_mode
malloc
free

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-math-l1-1-0

sqrtf
cosf
atan2
__setusermatherr
logf
tanf
cos
log
fmodf
_dclass
powf
ceilf
sqrt
acosf
sin
asin
pow
sinf
atan

api-ms-win-crt-runtime-l1-1-0

_initterm_e
abort
_invalid_parameter_noinfo_noreturn
_errno
exit
system
terminate
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_beginthreadex
_exit
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
strerror
__sys_nerr
_getpid
_invalid_parameter_noinfo
_resetstkoflw

api-ms-win-crt-convert-l1-1-0

strtoll
atoi
strtoul
atof
strtod
strtol
strtoull

api-ms-win-crt-filesystem-l1-1-0

_unlink
_access
_lock_file
_unlock_file
_stat64
_fstat64

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
_gmtime64
strftime

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

shell32

ShellExecuteA

Sections

.text
Size: 864KB - Virtual size: 864KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cheat/driver/ADV64DRV.sys
.sys windows:5 windows x64 arch:x64

1d9cdf46ff335712634c292180c06755

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:7f:98:e2:e4:21:c2:f9:5c:47:f3:21:ab:f1:ae:f1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

31/05/2006, 00:00

Not After

01/06/2007, 23:59

Subject

CN=FUJITSU LIMITED\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Personal Systems Business Unit,O=FUJITSU LIMITED\ ,L=Kawasaki,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:6b:0d:93:2e:5a:c9:db:e1:24:2a:ca:48:ba:93:a1:4c:f9:d1:51
Signer

Actual PE Digest

ca:6b:0d:93:2e:5a:c9:db:e1:24:2a:ca:48:ba:93:a1:4c:f9:d1:51

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\@advisor\fm_advisor\@sources\module\adv64drv\amd64\ADV64DRV.pdb

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
RtlInitUnicodeString
MmUnmapIoSpace
MmMapIoSpace
IoWriteErrorLogEntry
IoDeleteSymbolicLink
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx
IoAllocateErrorLogEntry
IofCompleteRequest

hal

HalTranslateBusAddress

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 594B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c5e05271f14978244a6e048fa3326ec

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ntdll

kernel32

user32

advapi32

d3d11

imm32

d3dcompiler_43

dwmapi

msvcp140

normaliz

wldap32

crypt32

ws2_32

shlwapi

rpcrt4

psapi

userenv

vcruntime140

vcruntime140_1

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

shell32

Sections

.text Size: 864KB - Virtual size: 864KB

.rdata Size: 204KB - Virtual size: 204KB

.data Size: 1.3MB - Virtual size: 1.4MB

.pdata Size: 33KB - Virtual size: 33KB

_RDATA Size: 512B - Virtual size: 464B

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 3KB - Virtual size: 2KB

1d9cdf46ff335712634c292180c06755

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

6b:7f:98:e2:e4:21:c2:f9:5c:47:f3:21:ab:f1:ae:f1Certificate

Extended Key Usages

Key Usages

ca:6b:0d:93:2e:5a:c9:db:e1:24:2a:ca:48:ba:93:a1:4c:f9:d1:51Signer

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 468B

.data Size: 512B - Virtual size: 272B

.pdata Size: 512B - Virtual size: 144B

INIT Size: 1024B - Virtual size: 594B

.rsrc Size: 1024B - Virtual size: 1008B

.text
Size: 864KB - Virtual size: 864KB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 1.3MB - Virtual size: 1.4MB

.pdata
Size: 33KB - Virtual size: 33KB

_RDATA
Size: 512B - Virtual size: 464B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 3KB - Virtual size: 2KB

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

6b:7f:98:e2:e4:21:c2:f9:5c:47:f3:21:ab:f1:ae:f1
Certificate

ca:6b:0d:93:2e:5a:c9:db:e1:24:2a:ca:48:ba:93:a1:4c:f9:d1:51
Signer

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 468B

.data
Size: 512B - Virtual size: 272B

.pdata
Size: 512B - Virtual size: 144B

INIT
Size: 1024B - Virtual size: 594B

.rsrc
Size: 1024B - Virtual size: 1008B