combase[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

combase.dll
Size

2.1MB
MD5

b78d2a023d963b19d59f62204e7c1852
SHA1

119df2e83feedc268bd8f6f531ecd2efe8a74b7a
SHA256

5d498fd7960ae930084ac84f6df84663816964f61ed3486fca59ebaea47101d6
SHA512

650bae1f1c305db816fb9c3170cf62fcf54e87f75a9182860a84a2f45fb4976445df985154b03cb0f1a0fa72df6d294887fde5b80e8542ca5bfc4a8ff3dfdf7d
SSDEEP

24576:MYy9h+5POZj4oLExzsk2+XaHXz1sWoKEmKbfvwknhSMH:MYGg5Pij4BzsXDOxDmVahSc

Score

1^/10

Malware Config

Signatures

Files

combase.dll
.dll windows:6 windows x64 arch:x64

ba8646d28f2e7b54e7bcd331d13af3a6

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:c0:54:ae:ea:4d:72:fe:d1:3f:49:67:34:55:94:f6:68:af:23:45:91:e8:26:b6:6e:b6:d8:99:a3:37:89:7d
Signer

Actual PE Digest

18:c0:54:ae:ea:4d:72:fe:d1:3f:49:67:34:55:94:f6:68:af:23:45:91:e8:26:b6:6e:b6:d8:99:a3:37:89:7d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

combase.pdb

Imports

msvcrt

__dllonexit
_unlock
_lock
__C_specific_handler
_onexit
_initterm
_amsg_exit
_XcptFilter
_itoa_s
memcpy_s
??_V@YAXPEAX@Z
memset
memcpy
memcmp
_local_unwind
wcsnlen
wcsncpy_s
??_U@YAPEAX_K@Z
_wcsnicmp
wcsrchr
_vsnprintf
wcsstr
_wcslwr
_wtol
wcstok
wcschr
qsort
realloc
memmove_s
free
malloc
rand_s
wcsncmp
memmove
_wtoi
_resetstkoflw
_purecall
_wcsicmp
_vsnwprintf
__CxxFrameHandler3
swprintf_s
wcscmp

api-ms-win-core-heap-l1-2-0

HeapSize
HeapValidate
HeapAlloc
HeapFree
GetProcessHeap
HeapCreate
HeapDestroy
HeapReAlloc
HeapCompact

api-ms-win-core-errorhandling-l1-1-1

GetLastError
SetLastError
SetUnhandledExceptionFilter
RaiseException
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-2

GetProcessMitigationPolicy
GetCurrentThreadId
TerminateProcess
GetCurrentThread
SetThreadStackGuarantee
SwitchToThread
OpenProcess
ProcessIdToSessionId
GetCurrentProcess
SetThreadToken
OpenThreadToken
OpenProcessToken
CreateThread
GetProcessId
GetCurrentProcessId

api-ms-win-core-registry-l1-1-0

RegGetValueA
RegDeleteKeyExA
RegCloseKey
RegOpenCurrentUser
RegOpenKeyExW
RegOpenUserClassesRoot
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyExW
RegEnumKeyExW
RegCreateKeyExA
RegSetValueExW
RegGetValueW
RegEnumValueW
RegCreateKeyExW

api-ms-win-core-synch-l1-2-0

SleepEx
InitializeCriticalSectionAndSpinCount
EnterCriticalSection
SetWaitableTimerEx
LeaveCriticalSection
Sleep
WaitForSingleObject
ReleaseSRWLockExclusive
InitializeSRWLock
CreateWaitableTimerExW
ResetEvent
CreateEventW
DeleteCriticalSection
OpenEventW
SetEvent
WaitForMultipleObjectsEx
CreateEventA
InitOnceExecuteOnce
ReleaseSRWLockShared
AcquireSRWLockShared
WaitForSingleObjectEx
AcquireSRWLockExclusive
OpenEventA

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

rpcrt4

RpcServerUseProtseqEpW
RpcBindingVectorFree
NdrConvert2
RpcServerUseProtseqExW
RpcServerUseProtseqEpExW
RpcBindingFromStringBindingW
RpcServerUseProtseqW
RpcBindingCreateW
RpcBindingBind
SimpleTypeBufferSize
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeEncode2
RpcAsyncCompleteCall
NdrClientCall2
RpcErrorAddRecord
RpcMgmtSetComTimeout
RpcMgmtInqComTimeout
I_RpcServerSubscribeForDisconnectNotification
I_RpcServerGetAssociationID
I_RpcMgmtEnableDedicatedThreadPool
NdrCorrelationInitialize
NdrFullPointerXlatInit
SimpleTypeMemorySize
NdrFullPointerXlatFree
NdrClearOutParameters
I_RpcBCacheFree
NdrCorrelationFree
I_RpcExceptionFilter
NdrGetTypeFlags
MesEncodeFixedBufferHandleCreate
MesHandleFree
SimpleTypeAlignment
I_RpcBCacheAllocate
MesBufferHandleReset
MesDecodeBufferHandleCreate
I_RpcFixTransferSyntax
I_RpcSendReceive
RpcRaiseException
RpcErrorEndEnumeration
RpcErrorGetNextRecord
RpcErrorStartEnumeration
NdrClientInitializeNew
I_RpcReceive
I_RpcAsyncSetHandle
NdrServerInitialize
I_RpcGetBuffer
I_RpcAllocate
I_RpcFree
I_RpcGetBufferWithObject
UuidCreate
I_RpcRequestMutex
NdrStubCall2
I_RpcNegotiateTransferSyntax
I_RpcClearMutex
I_RpcMgmtQueryDedicatedThreadPool
RpcBindingFree
RpcBindingSetOption
NdrAsyncServerCall
NdrServerCall2
RpcBindingUnbind
RpcBindingCopy
NdrMesTypeDecode3
I_RpcSend
I_RpcAsyncAbortCall
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcImpersonateClient2
RpcServerRegisterAuthInfoW
RpcCertGeneratePrincipalNameW
I_RpcOpenClientProcess
RpcBindingInqAuthClientW
NdrMesTypeEncode3
I_RpcSetDCOMAppId
I_RpcBindingInqCurrentModifiedId
RpcBindingInqObject
I_RpcBindingInqLocalClientPID
RpcBindingServerFromClient
RpcRevertToSelfEx
RpcImpersonateClient
RpcStringBindingParseW
RpcBindingToStringBindingW
I_RpcBindingInqTransportType
RpcServerInqCallAttributesW
I_RpcBindingSetPrivateOption
RpcBindingSetAuthInfoExW
RpcSmDestroyClientContext
NdrClientCall3
NdrStubCall3
RpcStringFreeW
RpcBindingInqAuthInfoExW
RpcCancelThreadEx
RpcMgmtSetCancelTimeout
NdrOleAllocate
NdrOleFree
NdrDllGetClassObject
RpcAsyncCancelCall
RpcServerInqBindings
RpcServerTestCancel
NdrGetUserMarshalInfo
I_RpcFreeBuffer
RpcAsyncInitializeHandle
RpcAsyncGetCallStatus

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime
GetTickCount64
GetComputerNameExW
GetSystemInfo
GetSystemWindowsDirectoryW

api-ms-win-core-debug-l1-1-1

OutputDebugStringW
OutputDebugStringA
DebugBreak
IsDebuggerPresent

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolWork
SubmitThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolWait
SetThreadpoolWait
SetEventWhenCallbackReturns
WaitForThreadpoolWaitCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-fibers-l1-1-1

FlsAlloc
FlsSetValue
FlsFree
IsThreadAFiber

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
GetModuleHandleA
LoadLibraryExW
GetModuleHandleW
LoadLibraryExA
GetProcAddress
LoadStringW
FreeLibrary
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW

api-ms-win-core-string-l1-1-0

GetStringTypeW
WideCharToMultiByte
CompareStringOrdinal
CompareStringW
MultiByteToWideChar

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW
SearchPathW
FreeEnvironmentStringsW
GetEnvironmentStringsW

api-ms-win-security-base-l1-2-0

CreateWellKnownSid
AccessCheck
CheckTokenMembership
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeSid
GetSidLengthRequired
GetAppContainerAce
InitializeAcl
InitializeSecurityDescriptor
ImpersonateLoggedOnUser
GetAce
MapGenericMask
GetSidSubAuthorityCount
GetKernelObjectSecurity
GetSidSubAuthority
DuplicateToken
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeSelfRelativeSD
IsValidSecurityDescriptor
GetTokenInformation
RevertToSelf
ImpersonateAnonymousToken
AccessCheckByType
GetSecurityDescriptorDacl
GetLengthSid
IsValidSid
GetSecurityDescriptorLength
PrivilegeCheck
CopySid
EqualSid

api-ms-win-core-rtlsupport-l1-2-0

RtlCompareMemory
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-memory-l1-1-2

UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
VirtualProtect
VirtualAlloc
VirtualQuery
MapViewOfFile

api-ms-win-core-localization-l1-2-1

FormatMessageW
LCMapStringW

api-ms-win-core-file-l1-2-1

CreateFileW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventWriteEx
EventUnregister

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabled
QuirkIsEnabledForProcess

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-kernel32-legacy-l1-1-1

RaiseFailFastException

api-ms-win-core-string-obsolete-l1-1-0

lstrlenW
lstrcmpiA
lstrcmpiW
lstrlenA

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
LocalAlloc
GlobalFree
LocalFree
GlobalUnlock
GlobalReAlloc
GlobalAlloc
GlobalLock

api-ms-win-core-privateprofile-l1-1-1

GetProfileStringW

api-ms-win-core-sidebyside-l1-1-0

ReleaseActCtx
FindActCtxSectionGuid
FindActCtxSectionStringW
ActivateActCtx
AddRefActCtx
DeactivateActCtx
GetCurrentActCtx
CreateActCtxW

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

ntdll

RtlCopySid
NtQueryInformationToken
RtlLengthSid
NtQueryObject
LdrStandardizeSystemPath
RtlFreeSid
RtlDelete
RtlApplicationVerifierStop
RtlCheckForOrphanedCriticalSections
NtQueryInformationThread
RtlFreeHeap
RtlGetAppContainerNamedObjectPath
NtTerminateProcess
RtlReportException
RtlInitializeCriticalSectionAndSpinCount
NtQueryTimerResolution
RtlLoadString
RtlInitializeConditionVariable
ord1
EvtIntReportEventAndSourceAsync
RtlSplay
RtlDeleteNoSplay
RtlInitUnicodeString
NtOpenKey
RtlEqualUnicodeString
WinSqmSetDWORD
RtlInitializeCriticalSection
RtlImageNtHeader
RtlIsCriticalSectionLockedByThread
RtlDllShutdownInProgress
DbgPrint
EtwEventUnregister
RtlAllocateHeap
NtQueryValueKey
RtlQueryPackageIdentity
ZwQuerySecurityAttributesToken
RtlSidDominates
RtlGetAppContainerSidType
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceLoggerHandle
NtQuerySystemInformation
RtlSleepConditionVariableCS
RtlDeleteCriticalSection
RtlWakeAllConditionVariable
NtQueryInformationProcess
NtApphelpCacheControl
RtlInitUnicodeStringEx
RtlValidRelativeSecurityDescriptor
NtClose
NtDuplicateObject
NtCreateKey
RtlRealPredecessor
EtwEventRegister
EtwTraceMessage
EtwEventWrite
RtlNtStatusToDosError
NtQueryKey

api-ms-win-core-interlocked-l1-2-0

InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

CLSIDFromOle1Class
CLSIDFromProgID
CLSIDFromString
CleanupOleStateInAllTls
CleanupTlsOleState
ClearCleanupFlag
CoAddRefServerProcess
CoAllowUnmarshalerCLSID
CoCancelCall
CoCopyProxy
CoCreateErrorInfo
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoCreateInstance
CoCreateInstanceEx
CoCreateInstanceFromApp
CoCreateObjectInContext
CoDeactivateObject
CoDecodeProxy
CoDecrementMTAUsage
CoDisableCallCancellation
CoDisconnectContext
CoDisconnectObject
CoEnableCallCancellation
CoFreeUnusedLibraries
CoFreeUnusedLibrariesEx
CoGetActivationState
CoGetApartmentID
CoGetApartmentType
CoGetCallContext
CoGetCallState
CoGetCallerTID
CoGetCancelObject
CoGetClassObject
CoGetClassVersion
CoGetContextToken
CoGetCurrentLogicalThreadId
CoGetCurrentProcess
CoGetDefaultContext
CoGetErrorInfo
CoGetInstanceFromFile
CoGetInstanceFromIStorage
CoGetInterfaceAndReleaseStream
CoGetMalloc
CoGetMarshalSizeMax
CoGetModuleType
CoGetObjectContext
CoGetPSClsid
CoGetProcessIdentifier
CoGetStandardMarshal
CoGetStdMarshalEx
CoGetSystemSecurityPermissions
CoGetTreatAsClass
CoImpersonateClient
CoIncrementMTAUsage
CoInitializeEx
CoInitializeSecurity
CoInitializeWOW
CoInvalidateRemoteMachineBindings
CoIsHandlerConnected
CoLockObjectExternal
CoMarshalHresult
CoMarshalInterThreadInterfaceInStream
CoMarshalInterface
CoPopServiceDomain
CoPushServiceDomain
CoQueryAuthenticationServices
CoQueryClientBlanket
CoQueryProxyBlanket
CoReactivateObject
CoRegisterActivationFilter
CoRegisterClassObject
CoRegisterInitializeSpy
CoRegisterMallocSpy
CoRegisterMessageFilter
CoRegisterPSClsid
CoRegisterSurrogate
CoRegisterSurrogateEx
CoReleaseMarshalData
CoReleaseServerProcess
CoResumeClassObjects
CoRetireServer
CoRevertToSelf
CoRevokeClassObject
CoRevokeInitializeSpy
CoRevokeMallocSpy
CoSetCancelObject
CoSetErrorInfo
CoSetProxyBlanket
CoSuspendClassObjects
CoSwitchCallContext
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoTestCancel
CoUninitialize
CoUnloadingWOW
CoUnmarshalHresult
CoUnmarshalInterface
CoVrfCheckThreadState
CoVrfGetThreadState
CoVrfReleaseThreadState
CoWaitForMultipleHandles
CoWaitForMultipleObjects
CreateErrorInfo
CreateStreamOnHGlobal
DcomChannelSetHResult
DllDebugObjectRPCHook
DllGetActivationFactory
DllGetClassObject
EnableHookObject
FreePropVariantArray
FreePropVariantArrayWorker
GetCatalogHelper
GetErrorInfo
GetFuncDescs
GetHGlobalFromStream
GetHookInterface
GetRestrictedErrorInfo
HSTRING_UserFree
HSTRING_UserFree64
HSTRING_UserMarshal
HSTRING_UserMarshal64
HSTRING_UserSize
HSTRING_UserSize64
HSTRING_UserUnmarshal
HSTRING_UserUnmarshal64
HkOleRegisterObject
IIDFromString
InternalAppInvokeExceptionFilter
InternalCCFreeUnused
InternalCCGetClassInformationForDde
InternalCCGetClassInformationFromKey
InternalCCSetDdeServerWindow
InternalCMLSendReceive
InternalCallAsProxyExceptionFilter
InternalCallFrameExceptionFilter
InternalCallerIsAppContainer
InternalCanMakeOutCall
InternalCoIsSurrogateProcess
InternalCoRegisterDisconnectCallback
InternalCoRegisterSurrogatedObject
InternalCoStdMarshalObject
InternalCoUnregisterDisconnectCallback
InternalCompleteObjRef
InternalCreateCAggId
InternalCreateIdentityHandler
InternalDoATClassCreate
InternalFillLocalOXIDInfo
InternalFreeObjRef
InternalGetWindowPropInterface
InternalIrotEnumRunning
InternalIrotEnumRunning2
InternalIrotGetObject
InternalIrotGetObject2
InternalIrotGetObject3
InternalIrotGetTimeOfLastChange
InternalIrotGetTimeOfLastChange2
InternalIrotIsRunning
InternalIrotIsRunning2
InternalIrotNoteChangeTime
InternalIrotRegister
InternalIrotRevoke
InternalIsApartmentInitialized
InternalIsProcessInitialized
InternalMarshalObjRef
InternalNotifyDDStartOrStop
InternalOleModalLoopBlockFn
InternalRegisterWindowPropInterface
InternalReleaseMarshalObjRef
InternalSTAInvoke
InternalServerExceptionFilter
InternalSetAptCallCtrlOnTlsIfRequired
InternalSetOleThunkWowPtr
InternalStubInvoke
InternalTlsAllocData
InternalUnmarshalObjRef
IsErrorPropagationEnabled
NdrExtStubInitialize
NdrOleDllGetClassObject
NdrOleInitializeExtension
NdrProxyForwardingFunction10
NdrProxyForwardingFunction11
NdrProxyForwardingFunction12
NdrProxyForwardingFunction13
NdrProxyForwardingFunction14
NdrProxyForwardingFunction15
NdrProxyForwardingFunction16
NdrProxyForwardingFunction17
NdrProxyForwardingFunction18
NdrProxyForwardingFunction19
NdrProxyForwardingFunction20
NdrProxyForwardingFunction21
NdrProxyForwardingFunction22
NdrProxyForwardingFunction23
NdrProxyForwardingFunction24
NdrProxyForwardingFunction25
NdrProxyForwardingFunction26
NdrProxyForwardingFunction27
NdrProxyForwardingFunction28
NdrProxyForwardingFunction29
NdrProxyForwardingFunction3
NdrProxyForwardingFunction30
NdrProxyForwardingFunction31
NdrProxyForwardingFunction32
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
NdrProxyForwardingFunction6
NdrProxyForwardingFunction7
NdrProxyForwardingFunction8
NdrProxyForwardingFunction9
NdrpFindInterface
ObjectStublessClient10
ObjectStublessClient11
ObjectStublessClient12
ObjectStublessClient13
ObjectStublessClient14
ObjectStublessClient15
ObjectStublessClient16
ObjectStublessClient17
ObjectStublessClient18
ObjectStublessClient19
ObjectStublessClient20
ObjectStublessClient21
ObjectStublessClient22
ObjectStublessClient23
ObjectStublessClient24
ObjectStublessClient25
ObjectStublessClient26
ObjectStublessClient27
ObjectStublessClient28
ObjectStublessClient29
ObjectStublessClient3
ObjectStublessClient30
ObjectStublessClient31
ObjectStublessClient32
ObjectStublessClient4
ObjectStublessClient5
ObjectStublessClient6
ObjectStublessClient7
ObjectStublessClient8
ObjectStublessClient9
ProgIDFromCLSID
PropVariantClear
PropVariantCopy
ReleaseFuncDescs
RoActivateInstance
RoCaptureErrorContext
RoClearError
RoFailFastWithErrorContext
RoFailFastWithErrorContextInternal
RoFailFastWithErrorContextInternal2
RoFreeParameterizedTypeExtra
RoGetActivatableClassRegistration
RoGetActivationFactory
RoGetAgileReference
RoGetApartmentIdentifier
RoGetErrorReportingFlags
RoGetMatchingRestrictedErrorInfo
RoGetParameterizedTypeInstanceIID
RoGetServerActivatableClasses
RoInitialize
RoInspectCapturedStackBackTrace
RoInspectThreadErrorInfo
RoOriginateError
RoOriginateErrorW
RoOriginateLanguageException
RoParameterizedTypeExtraGetTypeSignature
RoRegisterActivationFactories
RoRegisterForApartmentShutdown
RoReportCapabilityCheckFailure
RoReportFailedDelegate
RoReportUnhandledError
RoResolveRestrictedErrorInfoReference
RoRevokeActivationFactories
RoSetErrorReportingFlags
RoTransformError
RoTransformErrorW
RoUninitialize
RoUnregisterForApartmentShutdown
SetCleanupFlag
SetErrorInfo
SetRestrictedErrorInfo
StringFromCLSID
StringFromGUID2
StringFromIID
UpdateDCOMSettings
UpdateProcessTracing
WdtpInterfacePointer_UserMarshal
WdtpInterfacePointer_UserMarshal64
WdtpInterfacePointer_UserSize
WdtpInterfacePointer_UserSize64
WdtpInterfacePointer_UserUnmarshal
WdtpInterfacePointer_UserUnmarshal64
WindowsCompareStringOrdinal
WindowsConcatString
WindowsCreateString
WindowsCreateStringReference
WindowsDeleteString
WindowsDeleteStringBuffer
WindowsDuplicateString
WindowsGetStringLen
WindowsGetStringRawBuffer
WindowsInspectString
WindowsIsStringEmpty
WindowsPreallocateStringBuffer
WindowsPromoteStringBuffer
WindowsReplaceString
WindowsStringHasEmbeddedNull
WindowsSubstring
WindowsSubstringWithSpecifiedLength
WindowsTrimStringEnd
WindowsTrimStringStart

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ndr64
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba8646d28f2e7b54e7bcd331d13af3a6

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

18:c0:54:ae:ea:4d:72:fe:d1:3f:49:67:34:55:94:f6:68:af:23:45:91:e8:26:b6:6e:b6:d8:99:a3:37:89:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

api-ms-win-core-heap-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-registry-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-debug-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-fibers-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-memory-l1-1-2

api-ms-win-core-localization-l1-2-1

api-ms-win-core-file-l1-2-1

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-privateprofile-l1-1-1

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

ntdll

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.orpc Size: 88KB - Virtual size: 87KB

.ndr64 Size: 9KB - Virtual size: 9KB

.data Size: 26KB - Virtual size: 27KB

.pdata Size: 158KB - Virtual size: 158KB

.idata Size: 17KB - Virtual size: 17KB

.didat Size: 1KB - Virtual size: 1KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 35KB - Virtual size: 34KB

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

18:c0:54:ae:ea:4d:72:fe:d1:3f:49:67:34:55:94:f6:68:af:23:45:91:e8:26:b6:6e:b6:d8:99:a3:37:89:7d
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.orpc
Size: 88KB - Virtual size: 87KB

.ndr64
Size: 9KB - Virtual size: 9KB

.data
Size: 26KB - Virtual size: 27KB

.pdata
Size: 158KB - Virtual size: 158KB

.idata
Size: 17KB - Virtual size: 17KB

.didat
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 35KB - Virtual size: 34KB