8b716d8c41b5c5e3504da69a7fad30652a7f5590664092c0a9a410867b893635

Sharing

Copy URL Twitter E-mail

General

Target

8b716d8c41b5c5e3504da69a7fad30652a7f5590664092c0a9a410867b893635
Size

5.4MB
MD5

6bab888a9ee40d47ba8d394129d6830c
SHA1

39fd4c2bdb8a06c3673fb6cba99a8a7ab97fa668
SHA256

8b716d8c41b5c5e3504da69a7fad30652a7f5590664092c0a9a410867b893635
SHA512

1506186c21afe36a330b4969719ddee754c1414b6b3a2077a453c9e963ff1e2f681f5c778bb01b828f63369b81dd319b17dcda505629ed666b5170e65e5fc160
SSDEEP

98304:CdZwiEfYvaTrWGlGC0tEK4Xpr6PctsLk7tfp3NBl4fMcNvb:KwDgvoHQEKwhXIyRRNzi

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQScreenShotNT-Plus/MMMojoCall.dll
unpack001/QQScreenShotNT-Plus/NTLauncher.exe
unpack001/QQScreenShotNT-Plus/NTViewer64.exe
unpack001/QQScreenShotNT-Plus/parent-ipc-core-x64.dll

Files

8b716d8c41b5c5e3504da69a7fad30652a7f5590664092c0a9a410867b893635
.zip
QQScreenShotNT-Plus/MMMojoCall.dll
.dll windows:6 windows x64 arch:x64

25bf9dd933cf3958c64d9932927246e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetNativeSystemInfo
GetCurrentDirectoryW
FindClose
FindNextFileW
GetLastError
SetLastError
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentThreadId
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
GetStringTypeW
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetEnvironmentVariableW
GetConsoleMode
WriteFile
GetConsoleOutputCP
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
GetStdHandle
GetFullPathNameW
CompareStringW
LCMapStringW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
HeapReAlloc
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
HeapSize

Exports

Exports

??0OCRManager@mmmojocall@qqimpl@@QEAA@XZ
??0QQIpcChildWrapper@qqipc@qqimpl@@QEAA@AEBV012@@Z
??0QQIpcChildWrapper@qqipc@qqimpl@@QEAA@XZ
??0QQIpcParentWrapper@qqipc@qqimpl@@QEAA@AEBV012@@Z
??0QQIpcParentWrapper@qqipc@qqimpl@@QEAA@XZ
??0UtilityManager@mmmojocall@qqimpl@@QEAA@XZ
??0XPluginManager@mmmojocall@qqimpl@@QEAA@AEBV012@@Z
??0XPluginManager@mmmojocall@qqimpl@@QEAA@XZ
??1OCRManager@mmmojocall@qqimpl@@QEAA@XZ
??1QQIpcChildWrapper@qqipc@qqimpl@@QEAA@XZ
??1QQIpcParentWrapper@qqipc@qqimpl@@QEAA@XZ
??1UtilityManager@mmmojocall@qqimpl@@QEAA@XZ
??1XPluginManager@mmmojocall@qqimpl@@QEAA@XZ
??4QQIpcChildWrapper@qqipc@qqimpl@@QEAAAEAV012@AEBV012@@Z
??4QQIpcParentWrapper@qqipc@qqimpl@@QEAAAEAV012@AEBV012@@Z
??4XPluginManager@mmmojocall@qqimpl@@QEAAAEAV012@AEBV012@@Z
?AppendSwitchNativeCmdLine@XPluginManager@mmmojocall@qqimpl@@QEAA_NPEBD0@Z
?CallUsrCallback@OCRManager@mmmojocall@qqimpl@@QEAAXHPEBXH@Z
?CallUsrCallback@UtilityManager@mmmojocall@qqimpl@@QEAAXHPEBXHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ConnectedToChildProcess@QQIpcParentWrapper@qqipc@qqimpl@@QEAA_NH@Z
?DoOCRTask@OCRManager@mmmojocall@qqimpl@@QEAA_NPEBD@Z
?DoPicQRScan@UtilityManager@mmmojocall@qqimpl@@QEAA_NPEBDH@Z
?DoResampleImage@UtilityManager@mmmojocall@qqimpl@@QEAA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0HH@Z
?GetConnectState@OCRManager@mmmojocall@qqimpl@@QEAA_NXZ
?GetConnectState@UtilityManager@mmmojocall@qqimpl@@QEAA_NXZ
?GetIdleTaskId@OCRManager@mmmojocall@qqimpl@@AEAAHXZ
?GetLastErrStr@QQIpcChildWrapper@qqipc@qqimpl@@QEAAPEBDXZ
?GetLastErrStr@QQIpcParentWrapper@qqipc@qqimpl@@QEAAPEBDXZ
?GetLastErrStr@XPluginManager@mmmojocall@qqimpl@@QEAAPEBDXZ
?InitChildIpc@QQIpcChildWrapper@qqipc@qqimpl@@QEAAXXZ
?InitEnv@QQIpcChildWrapper@qqipc@qqimpl@@QEAA_NPEBD@Z
?InitEnv@QQIpcParentWrapper@qqipc@qqimpl@@QEAA_NPEBD@Z
?InitLog@QQIpcChildWrapper@qqipc@qqimpl@@QEAAXHPEAX@Z
?InitLog@QQIpcParentWrapper@qqipc@qqimpl@@QEAAXHPEAX@Z
?InitMMMojoEnv@XPluginManager@mmmojocall@qqimpl@@QEAA_NXZ
?InitParentIpc@QQIpcParentWrapper@qqipc@qqimpl@@QEAAXXZ
?KillWeChatOCR@OCRManager@mmmojocall@qqimpl@@QEAAXXZ
?KillWeChatUtility@UtilityManager@mmmojocall@qqimpl@@QEAAXXZ
?LaunchChildProcess@QQIpcParentWrapper@qqipc@qqimpl@@QEAAHPEBDP6AXPEAXPEADH2H@Z1PEAPEADH@Z
?OnDefaultReceiveMsg@QQIpcParentWrapper@qqipc@qqimpl@@SAXPEAXPEADH1H@Z
?ReLaunchChildProcess@QQIpcParentWrapper@qqipc@qqimpl@@QEAAHH@Z
?SendIpcMessage@QQIpcChildWrapper@qqipc@qqimpl@@QEAAXPEBD0H@Z
?SendIpcMessage@QQIpcParentWrapper@qqipc@qqimpl@@QEAA_NHPEBD0H@Z
?SendOCRTask@OCRManager@mmmojocall@qqimpl@@AEAA_NIV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SendPbSerializedData@XPluginManager@mmmojocall@qqimpl@@QEAAXPEAXHH_NI@Z
?SetCallbackUsrData@XPluginManager@mmmojocall@qqimpl@@QEAAXPEAX@Z
?SetCallbacks@XPluginManager@mmmojocall@qqimpl@@QEAAXUMMMojoEnvironmentCallbacks@common@mmmojo@@@Z
?SetChildReceiveCallback@QQIpcChildWrapper@qqipc@qqimpl@@QEAAXP6AXPEAXPEADH1H@Z@Z
?SetCommandLine@XPluginManager@mmmojocall@qqimpl@@QEAA_NHAEAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
?SetConnectState@OCRManager@mmmojocall@qqimpl@@QEAAX_N@Z
?SetConnectState@UtilityManager@mmmojocall@qqimpl@@QEAAX_N@Z
?SetExePath@XPluginManager@mmmojocall@qqimpl@@QEAA_NPEBD@Z
?SetLastErrStr@XPluginManager@mmmojocall@qqimpl@@IEAAXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetLogLevel@QQIpcParentWrapper@qqipc@qqimpl@@QEAAXH@Z
?SetOneCallback@XPluginManager@mmmojocall@qqimpl@@QEAAXHPEAX@Z
?SetReadOnPull@UtilityManager@mmmojocall@qqimpl@@QEAAXP6AXHPEBXH@Z@Z
?SetReadOnPush@OCRManager@mmmojocall@qqimpl@@QEAAXP6AXPEBDPEBXH@Z@Z
?SetReadOnPush@UtilityManager@mmmojocall@qqimpl@@QEAAXP6AXHPEBXH@Z@Z
?SetTaskIdIdle@OCRManager@mmmojocall@qqimpl@@AEAA_NH@Z
?SetUsrLibDir@OCRManager@mmmojocall@qqimpl@@QEAA_NPEBD@Z
?SetUsrLibDir@UtilityManager@mmmojocall@qqimpl@@QEAA_NPEBD@Z
?StartWeChatOCR@OCRManager@mmmojocall@qqimpl@@QEAA_NXZ
?StartWeChatUtility@UtilityManager@mmmojocall@qqimpl@@QEAA_NXZ
?StopMMMojoEnv@XPluginManager@mmmojocall@qqimpl@@QEAAXXZ
?TerminateChildProcess@QQIpcParentWrapper@qqipc@qqimpl@@QEAA_NHH_N@Z
GetPbSerializedData
GetReadInfoAttachData
InitMMMojoDLLFuncs
RemoveReadInfo

Sections

.text
Size: 835KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQScreenShotNT-Plus/NTLauncher.exe
.exe windows:6 windows x64 arch:x64

9f990d308401ca66062ae75f451d4aba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\aDeveloper\VSProjects\QQScreenShotNT-Plus\bin\NTLauncher.pdb

Imports

python311

PyUnicode_AsEncodedString
_PyObject_GetDictPtr
PyEval_RestoreThread
PyType_Type
PyByteArray_Type
PyObject_Repr
PyGILState_GetThisThreadState
_PyType_Lookup
PyEval_AcquireThread
PyUnicode_FromString
PyConfig_SetBytesArgv
PyDict_DelItemString
PyException_SetCause
PyObject_SetItem
PyExc_SystemError
PyCapsule_SetPointer
PyExc_ImportError
PyExc_IndexError
PyFrame_GetCode
PyFrame_GetBack
PyUnicode_AsUTF8String
PyObject_Str
PyDict_Copy
Py_InitializeFromConfig
PyEval_GetBuiltins
PyCapsule_Type
PyThreadState_Clear
PyExc_TypeError
PyThreadState_DeleteCurrent
PyThread_tss_alloc
PyNumber_Long
PyNumber_Check
PyCapsule_SetContext
PyGILState_Ensure
PyByteArray_Size
_Py_NotImplementedStruct
PyIndex_Check
PyProperty_Type
PyObject_HasAttrString
PyObject_CallObject
PyThread_tss_set
PyCMethod_New
PyTuple_SetItem
PyConfig_Clear
PyMem_Free
PyObject_IsInstance
PyInstanceMethod_New
PyException_SetContext
PyThread_tss_free
PyList_GetItem
PyDict_New
PyBytes_Size
PyCapsule_GetName
PyCapsule_New
PyException_SetTraceback
PyThread_tss_get
PyTuple_Size
PyErr_Clear
PyObject_GetAttrString
Py_IsInitialized
PyType_Ready
PyConfig_SetString
PyRun_SimpleStringFlags
PyModule_Create2
PyImport_AppendInittab
PyObject_ClearWeakRefs
PyLong_AsLong
PyObject_CallFunctionObjArgs
PyErr_Fetch
PyModule_AddObject
PyCapsule_GetPointer
PyConfig_InitPythonConfig
PyTuple_GetItem
_Py_Dealloc
PyExc_OverflowError
PyErr_Restore
PyType_IsSubtype
PyStatus_Exception
PyFloat_Type
PyThreadState_New
Py_Finalize
PyDict_Type
PyErr_Format
PyDict_Next
PyExc_ValueError
PyErr_WriteUnraisable
PyErr_SetString
PyByteArray_AsString
PyList_Size
PyDict_Size
PyTuple_New
_Py_NoneStruct
PyBytes_AsStringAndSize
PyGILState_Release
PyFrame_GetLineNumber
PyCapsule_GetContext
PyDict_GetItemWithError
PyExc_MemoryError
PyInstanceMethod_Type
PyObject_GC_UnTrack
PyObject_SetAttrString
PyExc_RuntimeError
_PyThreadState_UncheckedGet
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
PyUnicode_DecodeUTF8
PyLong_FromSsize_t
PyErr_Occurred
PyErr_NormalizeException
PyBytes_AsString
PyImport_ImportModule
PyStatus_IsError
PyThreadState_Get
PyWeakref_NewRef
PyCFunction_Type
PyMem_Calloc
PyBaseObject_Type
PySequence_List
PyThread_tss_create

mmmojocall

?DoOCRTask@OCRManager@mmmojocall@qqimpl@@QEAA_NPEBD@Z
?KillWeChatOCR@OCRManager@mmmojocall@qqimpl@@QEAAXXZ
?StartWeChatOCR@OCRManager@mmmojocall@qqimpl@@QEAA_NXZ
?SetReadOnPush@OCRManager@mmmojocall@qqimpl@@QEAAXP6AXPEBDPEBXH@Z@Z
?SetUsrLibDir@OCRManager@mmmojocall@qqimpl@@QEAA_NPEBD@Z
??1OCRManager@mmmojocall@qqimpl@@QEAA@XZ
??0OCRManager@mmmojocall@qqimpl@@QEAA@XZ
?GetConnectState@UtilityManager@mmmojocall@qqimpl@@QEAA_NXZ
?DoPicQRScan@UtilityManager@mmmojocall@qqimpl@@QEAA_NPEBDH@Z
?KillWeChatUtility@UtilityManager@mmmojocall@qqimpl@@QEAAXXZ
?StartWeChatUtility@UtilityManager@mmmojocall@qqimpl@@QEAA_NXZ
?SetReadOnPush@UtilityManager@mmmojocall@qqimpl@@QEAAXP6AXHPEBXH@Z@Z
?SetUsrLibDir@UtilityManager@mmmojocall@qqimpl@@QEAA_NPEBD@Z
??1UtilityManager@mmmojocall@qqimpl@@QEAA@XZ
??0UtilityManager@mmmojocall@qqimpl@@QEAA@XZ
InitMMMojoDLLFuncs
?GetLastErrStr@XPluginManager@mmmojocall@qqimpl@@QEAAPEBDXZ
?SetExePath@XPluginManager@mmmojocall@qqimpl@@QEAA_NPEBD@Z
?ReLaunchChildProcess@QQIpcParentWrapper@qqipc@qqimpl@@QEAAHH@Z
?TerminateChildProcess@QQIpcParentWrapper@qqipc@qqimpl@@QEAA_NHH_N@Z
?SendIpcMessage@QQIpcParentWrapper@qqipc@qqimpl@@QEAA_NHPEBD0H@Z
?ConnectedToChildProcess@QQIpcParentWrapper@qqipc@qqimpl@@QEAA_NH@Z
?LaunchChildProcess@QQIpcParentWrapper@qqipc@qqimpl@@QEAAHPEBDP6AXPEAXPEADH2H@Z1PEAPEADH@Z
?InitParentIpc@QQIpcParentWrapper@qqipc@qqimpl@@QEAAXXZ
?InitLog@QQIpcParentWrapper@qqipc@qqimpl@@QEAAXHPEAX@Z
?GetLastErrStr@QQIpcParentWrapper@qqipc@qqimpl@@QEAAPEBDXZ
?InitEnv@QQIpcParentWrapper@qqipc@qqimpl@@QEAA_NPEBD@Z
??1QQIpcParentWrapper@qqipc@qqimpl@@QEAA@XZ
??0QQIpcParentWrapper@qqipc@qqimpl@@QEAA@XZ
?SetReadOnPull@UtilityManager@mmmojocall@qqimpl@@QEAAXP6AXHPEBXH@Z@Z
?GetConnectState@OCRManager@mmmojocall@qqimpl@@QEAA_NXZ

kernel32

HeapReAlloc
SetEndOfFile
SetStdHandle
CreatePipe
GetExitCodeProcess
WaitForSingleObject
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
SetFilePointerEx
GetFileSizeEx
GetStdHandle
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
ReadFile
GetFileType
SetEnvironmentVariableW
CreateProcessW
DuplicateHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedPushEntrySList
RtlUnwindEx
GetCurrentProcessId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetCPInfo
LCMapStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsValidCodePage
InitializeCriticalSectionEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
GetFileInformationByHandleEx
GetProcAddress
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
RtlPcToFileHeader
FormatMessageA
InitOnceBeginInitialize
InitOnceComplete
QueryPerformanceFrequency
QueryPerformanceCounter
GetCPInfoExW
GetCurrentThreadId
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
RaiseException
ReleaseSRWLockExclusive
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
LocalFree
GetLocaleInfoEx
CreateDirectoryW
FindFirstFileExW
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
Sleep
GetLastError
GlobalAlloc
GlobalFree
FreeConsole
SetCurrentDirectoryW
GlobalLock
GetModuleHandleW
lstrcpyW
GlobalUnlock
AllocConsole
SetConsoleTitleW
WriteFile
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
CloseHandle
WideCharToMultiByte
FindClose
FindFirstFileW
FindNextFileW
SetLastError
HeapSize
WriteConsoleW
GetSystemTimeAsFileTime
RtlUnwind

user32

IsWindowVisible
GetDC
DestroyWindow
GetWindowRect
UnregisterHotKey
DefWindowProcW
GetMessageW
SystemParametersInfoW
CreateWindowExW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
SetWindowPos
GetCursorPos
BeginPaint
EndPaint
GetWindowTextW
SendMessageW
MessageBoxW
EndDialog
GetSystemMetrics
SetWindowTextW
CreatePopupMenu
RegisterClassExW
TrackPopupMenu
LoadStringW
ShowWindow
RegisterHotKey
SetWindowRgn
OpenClipboard
DispatchMessageW
CloseClipboard
SetDlgItemTextW
GetDlgItemTextW
MessageBoxA
MoveWindow
IsDlgButtonChecked
SetLayeredWindowAttributes
TranslateMessage
GetClipboardData
LoadIconW
LoadCursorW
SetClipboardData
GetDlgItem
AppendMenuW
CheckDlgButton
PostQuitMessage
RegisterWindowMessageW
DialogBoxParamW
UpdateWindow
EnumDisplaySettingsW
SetForegroundWindow

gdi32

CreateRoundRectRgn
GetDIBits
DeleteObject
CreateFontW
GetObjectW

advapi32

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegGetValueW
RegDeleteValueW

shell32

Shell_NotifyIconW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 357KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQScreenShotNT-Plus/NTViewer64.exe
.exe windows:6 windows x64 arch:x64

286a6b426529825e7df289c431d3f6be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\aDeveloper\VSProjects\QQScreenShotNT-Plus\bin\NTViewer64.pdb

Imports

mmmojocall

?SendIpcMessage@QQIpcChildWrapper@qqipc@qqimpl@@QEAAXPEBD0H@Z
??0QQIpcChildWrapper@qqipc@qqimpl@@QEAA@XZ
??1QQIpcChildWrapper@qqipc@qqimpl@@QEAA@XZ
?InitEnv@QQIpcChildWrapper@qqipc@qqimpl@@QEAA_NPEBD@Z
?InitChildIpc@QQIpcChildWrapper@qqipc@qqimpl@@QEAAXXZ
?InitLog@QQIpcChildWrapper@qqipc@qqimpl@@QEAAXHPEAX@Z
?SetChildReceiveCallback@QQIpcChildWrapper@qqipc@qqimpl@@QEAAXP6AXPEAXPEADH1H@Z@Z

kernel32

WideCharToMultiByte
MultiByteToWideChar
SetLastError
GetLastError
FindNextFileW
HeapSize
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
FindFirstFileW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetTimeZoneInformation
SetEndOfFile
SetStdHandle
HeapReAlloc
SetFilePointerEx
GetFileSizeEx
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
FindClose
GetCurrentDirectoryW
SetConsoleTitleW
AllocConsole
SetConsoleOutputCP
IsValidLocale
SetConsoleCP
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapFree
HeapAlloc
ExitProcess
FreeConsole
GlobalFree
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetFileType
SetEnvironmentVariableW
LoadLibraryExW
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
LCMapStringEx
InitOnceComplete
InitOnceBeginInitialize
GetStringTypeW
GetFileInformationByHandleEx
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
FindFirstFileExW
GetLocaleInfoEx
FormatMessageA
LocalFree
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
SetFilePointer
GetFileSize
GetEnvironmentVariableW
GetCurrentProcessId
GetModuleHandleA
RtlUnwind
GlobalAlloc
GetTickCount
MulDiv
VerSetConditionMask
GetCommandLineW
lstrcmpW
GetModuleFileNameW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
DeleteCriticalSection
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
WaitForSingleObject
CreateEventW
SetEvent
CloseHandle
SetThreadPriority
GetCurrentThreadId
Sleep
TerminateThread
RaiseException
SizeofResource
GetCurrentProcess
GetStdHandle
LoadResource
FindResourceW
VirtualQuery
GetModuleHandleW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
LocalFileTimeToFileTime
QueryPerformanceFrequency
SystemTimeToFileTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
ReadFile
WriteFile
CreateFileW
GlobalLock
GlobalUnlock
GlobalSize
VerifyVersionInfoW

user32

GetDC
GetWindowLongW
PostQuitMessage
IsWindowVisible
ClientToScreen
DrawTextW
GetParent
MapWindowPoints
GetDesktopWindow
FindWindowW
InflateRect
SetForegroundWindow
MessageBoxW
SetWindowRgn
MonitorFromRect
GetWindowPlacement
IsZoomed
SetClipboardData
EmptyClipboard
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
GetAsyncKeyState
GetSysColor
SetCursor
UnionRect
PtInRect
UpdateLayeredWindow
IntersectRect
IsRectEmpty
GetClientRect
GetUpdateRect
MoveWindow
EndPaint
BeginPaint
ReleaseCapture
SetCapture
GetFocus
GetKeyState
ScreenToClient
InvalidateRect
SetWindowTextW
GetCursorPos
GetPropW
SetPropW
CallWindowProcW
GetWindowLongPtrW
SendMessageW
GetSystemMetrics
SetWindowPos
IsIconic
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
ShowWindow
SetFocus
EnableWindow
GetWindow
SetWindowLongW
IsWindow
SetWindowLongPtrW
GetClassInfoExW
RegisterClassW
LoadCursorW
MonitorFromPoint
ReleaseDC
KillTimer
CharNextW
OffsetRect
DefWindowProcW
PostMessageW
DestroyWindow
CreateWindowExW
UnregisterClassW
WaitMessage
RegisterClassExW
DispatchMessageW
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
GetQueueStatus
TranslateMessage

comdlg32

GetSaveFileNameW

shell32

DragFinish
ShellExecuteW
DragQueryFileW

winmm

timeGetTime
timeSetEvent
timeKillEvent

gdiplus

GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteFontFamily
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateMatrix
GdipDeleteMatrix
GdipGetWorldTransform
GdipTranslateMatrix
GdipRotateMatrix
GdipSetWorldTransform
GdipDrawImage
GdipCreateFromHDC
GdipDrawImageRectRect
GdiplusStartup
GdiplusShutdown
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipCreateSolidFill
GdipDeleteBrush
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImagePalette
GdipScaleMatrix
GdipSetSmoothingMode
GdipCreatePen1
GdipDeletePen
GdipDrawArc
GdipCreateLineBrushFromRect
GdipSetLineBlend
GdipCreatePen2
GdipDrawImageRect
GdipImageRotateFlip
GdipLoadImageFromFile
GdipSetStringFormatLineAlign
GdipClonePen
GdipSetPenWidth
GdipGetPenWidth
GdipSetPenColor
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenDashCap197819
GdipGetPenStartCap
GdipGetPenEndCap
GdipGetPenDashCap197819
GdipCloneBrush
GdipGetPenLineJoin
GdipSetPenDashStyle
GdipGetPenDashStyle
GdipCreateBitmapFromHBITMAP
GdipCreateTexture
GdipCreatePath
GdipClonePath
GdipResetPath
GdipSetPathFillMode
GdipGetPathFillMode
GdipStartPathFigure
GdipClosePathFigure
GdipAddPathLineI
GdipAddPathLine2I
GdipAddPathBezierI
GdipAddPathCurveI
GdipAddPathRectangleI
GdipAddPathEllipseI
GdipAddPathArcI
GdipAddPathPieI
GdipAddPathPolygonI
GdipGetPathWorldBoundsI
GdipIsVisiblePathPointI
GdipIsOutlineVisiblePathPointI
GdipTransformPath
GdipDeletePath
GdipSetStringFormatAlign
GdipFillRectangle
GdipDrawLineI
GdipDrawBezierI
GdipDrawRectangleI
GdipDrawPath
GdipNewInstalledFontCollection
GdipGetFontCollectionFamilyCount
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipCreateHBITMAPFromBitmap
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree
GdipCreateBitmapFromFile
GdipSetPenLineJoin
GdipGetFamily
GdipAddPathString
GdipGetFontSize
GdipGetFontStyle
GdipCreateBitmapFromScan0
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipFillPath
GdipDrawString
GdipDrawEllipseI
GdipFillEllipseI
GdipAddPathArc
GdipAddPathLine
GdipCreatePathGradientFromPath
GdipSetPathGradientWrapMode
GdipSetPathGradientPresetBlend
GdipCreateRegionPath
GdipDeleteRegion
GdipMeasureString
GdipBitmapApplyEffect
GdipSetEffectParameters
GdipDeleteEffect
GdipSetClipRegion
GdipCreateEffect
GdipSetStringFormatFlags

comctl32

_TrackMouseEvent
ord17

imm32

ImmSetOpenStatus
ImmReleaseContext
ImmSetCompositionWindow
ImmGetOpenStatus
ImmGetContext

shlwapi

PathIsRelativeW
PathFileExistsW

msimg32

AlphaBlend

uiautomationcore

UiaRaiseAutomationPropertyChangedEvent
UiaRaiseAutomationEvent
UiaReturnRawElementProvider
UiaHostProviderFromHwnd
UiaClientsAreListening

gdi32

CreateRectRgnIndirect
BitBlt
CreateRoundRectRgn
CreateDCW
GetDIBits
ExtSelectClipRgn
DeleteObject
GetObjectW
GetDeviceCaps
GetStockObject
CreateDIBSection
GetTextExtentPoint32W
GetObjectA
SetTextColor
SetBkMode
SetStretchBltMode
SetWindowOrgEx
DeleteDC
CreateFontIndirectW
GetWindowOrgEx
RestoreDC
SaveDC
CreateCompatibleDC
StretchBlt
AddFontResourceExW
AddFontMemResourceEx
SelectObject

ole32

CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SafeArrayGetElemsize
SysAllocString
SafeArrayGetElement
SafeArrayDestroy
SafeArrayCreateVector
SafeArrayPutElement

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQScreenShotNT-Plus/README.md
QQScreenShotNT-Plus/config.ini
QQScreenShotNT-Plus/ntplugin/baidusearch.py
QQScreenShotNT-Plus/ntplugin/baidusoutu.py
QQScreenShotNT-Plus/ntplugin/baidutran.py
QQScreenShotNT-Plus/ntplugin/googlesearch.py
QQScreenShotNT-Plus/ntplugin/googletran.py
QQScreenShotNT-Plus/ntplugin/saveocr.py
QQScreenShotNT-Plus/ntplugin/yandexsoutu.py
QQScreenShotNT-Plus/ntplugin/youdaotran.py
QQScreenShotNT-Plus/parent-ipc-core-x64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

c1a5d6b218f18af863c2aa58d356b421

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

parent-ipc-core-x64.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
AssignProcessToJobObject
CancelIo
CloseHandle
CompareStringW
ConnectNamedPipe
CreateDirectoryW
CreateEventW
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateNamedPipeW
CreateProcessW
CreateThread
DecodePointer
DeleteCriticalSection
DeleteFileW
DeleteProcThreadAttributeList
DuplicateHandle
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStringsW
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNativeSystemInfo
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessId
GetProductInfo
GetQueuedCompletionStatus
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadId
GetThreadPriority
GetTickCount
GetUserDefaultLCID
GetVersionExW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeProcThreadAttributeList
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32QueryWorkingSetEx
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LocalFree
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
PostQueuedCompletionStatus
QueryPerformanceCounter
QueryPerformanceFrequency
QueryThreadCycleTime
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureContext
RtlCaptureStackBackTrace
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwind
RtlUnwindEx
RtlVirtualUnwind
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetHandleInformation
SetLastError
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
UnmapViewOfFile
UpdateProcThreadAttribute
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WaitNamedPipeW
WideCharToMultiByte
WriteConsoleW
WriteFile

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateProcessAsUserW
EventRegister
EventUnregister
EventWrite
InitializeAcl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
SystemFunction036

dbghelp

SymCleanup
SymFromAddr
SymGetLineFromAddr64
SymGetSearchPathW
SymInitialize
SymSetOptions
SymSetSearchPathW

user32

AllowSetForegroundWindow
CreateWindowExW
DefWindowProcW
DestroyWindow
DispatchMessageW
GetQueueStatus
GetWindowLongPtrW
KillTimer
MsgWaitForMultipleObjectsEx
PeekMessageW
PostMessageW
PostQuitMessage
RegisterClassExW
SetTimer
SetWindowLongPtrW
TranslateMessage
UnregisterClassW
wsprintfW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

shell32

CommandLineToArgvW

ole32

CoInitializeEx
CoRegisterInitializeSpy
CoRevokeInitializeSpy
CoUninitialize

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetHandleVerifier

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 12B

.tls
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 70B

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQScreenShotNT-Plus/python311.dll
.dll windows:6 windows x64 arch:x64

5714829f48aacde8f83e3e5f0ead1f49

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2013, 12:00

Not After

15/01/2038, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

17/01/2022, 00:00

Not After

15/01/2025, 23:59

Subject

CN=Python Software Foundation,O=Python Software Foundation,L=Beaverton,ST=Oregon,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:80:7e:79:1e:36:fb:33:fa:20:90:d1:64:58:b3:37:44:cd:08:32:f6:30:d8:9c:d8:5b:96:e6:92:e0:82:75
Signer

Actual PE Digest

fe:80:7e:79:1e:36:fb:33:fa:20:90:d1:64:58:b3:37:44:cd:08:32:f6:30:d8:9c:d8:5b:96:e6:92:e0:82:75

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\1\b\bin\amd64\python311.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

getsockopt
send
WSAGetLastError

api-ms-win-core-path-l1-1-0

PathCchSkipRoot
PathCchCombineEx
PathCchFindExtension

bcrypt

BCryptGenRandom

advapi32

RegEnumKeyExW
RegDeleteKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueW
RegFlushKey
RegCreateKeyExW
RegSaveKeyW
RegSetValueExW
RegLoadKeyW
RegCreateKeyW
RegConnectRegistryW
RegDeleteValueW
RegEnumValueW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegSetValueW

kernel32

HeapAlloc
GetProcessHeap
IsDebuggerPresent
InitializeSListHead
GetCurrentProcessId
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
TlsGetValue
TlsFree
GetCurrentThread
GetModuleFileNameW
CompareStringOrdinal
GetFileAttributesW
GetLocaleInfoA
GetACP
RemoveVectoredExceptionHandler
SetErrorMode
RaiseException
AddVectoredExceptionHandler
GetCurrentProcess
SetEndOfFile
UnmapViewOfFile
DuplicateHandle
GetLastError
FlushViewOfFile
CloseHandle
GetSystemInfo
SetFilePointerEx
CreateFileMappingA
GetFileSize
OpenFileMappingA
MapViewOfFile
CreateDirectoryW
GetFileInformationByHandleEx
FindFirstFileW
Process32First
SetHandleInformation
GetConsoleScreenBufferInfo
SetLastError
GetHandleInformation
GetFullPathNameW
FindNextFileW
GetStdHandle
DeviceIoControl
TerminateProcess
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
SetEnvironmentVariableW
CreatePipe
CreateHardLinkW
FindClose
GetVolumePathNameW
CreateFileW
OpenProcess
SetFileAttributesW
CreateToolhelp32Snapshot
GetFileInformationByHandle
GetFileAttributesExW
GetDiskFreeSpaceExW
DeleteFileW
Process32Next
LoadLibraryW
GetActiveProcessorCount
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcAddress
MoveFileExW
GetModuleHandleW
CreateSymbolicLinkW
GetSystemTimeAsFileTime
GetFileType
GetProcessTimes
GenerateConsoleCtrlEvent
SetEvent
CreateEventA
WaitForMultipleObjects
WaitForSingleObject
Sleep
GetTimeZoneInformation
TlsAlloc
SetWaitableTimerEx
ResetEvent
GetThreadTimes
CreateWaitableTimerExW
MultiByteToWideChar
GetConsoleMode
ReadConsoleW
WaitForSingleObjectEx
WriteConsoleW
GetNumberOfConsoleInputEvents
WideCharToMultiByte
GetStringTypeW
ReadFile
CancelIo
SetNamedPipeHandleState
WaitNamedPipeA
CreateNamedPipeA
WriteFile
InitializeProcThreadAttributeList
PeekNamedPipe
OpenFileMappingW
GetModuleHandleA
GetVersion
LCMapStringEx
UpdateProcThreadAttribute
CreateFileA
DeleteProcThreadAttributeList
GetOverlappedResult
ExitProcess
CreateProcessW
CreateFileMappingW
VirtualQuery
ConnectNamedPipe
GetExitCodeProcess
VirtualFree
VirtualAlloc
ExpandEnvironmentStringsW
GetErrorMode
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
CreateSemaphoreA
FormatMessageW
FreeLibrary
LoadLibraryExW
LocalFree
GetConsoleOutputCP
GetConsoleCP
OutputDebugStringW
GetSystemTimeAdjustment
GetTickCount64
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExW
TlsSetValue
HeapFree
GetCurrentThreadId

vcruntime140

memchr
memcmp
memmove
memcpy
wcschr
wcsrchr
strchr
strrchr
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-stdio-l1-1-0

_open_osfhandle
__stdio_common_vfprintf
_wfopen
setvbuf
__stdio_common_vswprintf
fclose
__stdio_common_vsprintf
_setmode
rewind
__acrt_iob_func
_commit
_locking
_wopen
_kbhit
getc
ungetc
_lseeki64
ftell
fflush
feof
fgets
_get_osfhandle
_chsize_s
fputs
_isatty
_fileno
_lseek
_dup2
ferror
_close
fputc
fwrite
_open
_read
_dup
_write
fread
clearerr
puts

api-ms-win-crt-environment-l1-1-0

getenv
_wputenv_s
_wgetcwd
_wgetenv
__p__wenviron
_wputenv

api-ms-win-crt-locale-l1-1-0

localeconv
setlocale

api-ms-win-crt-string-l1-1-0

wcscmp
wcsncmp
strcmp
wcsnlen
wcsncpy_s
strncmp
isalnum
wcscat_s
tolower
toupper
strcspn
wcscoll
isxdigit
wcstok_s
wcsxfrm
isdigit
_stricmp
strncpy
_wcsicmp
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_cexit
__fpe_flt_rounds
_getpid
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_set_abort_behavior
signal
_exit
_initterm
raise
abort
_initialize_onexit_table
_beginthreadex
__sys_errlist
__sys_nerr
_endthreadex
_wsystem
exit
_errno
strerror
_execute_onexit_table
_set_thread_local_invalid_parameter_handler

api-ms-win-crt-convert-l1-1-0

mbstowcs
wcstol
strtoul
strtol
wcstombs

api-ms-win-crt-math-l1-1-0

exp2
tanh
erfc
sqrt
cbrt
cosh
erf
pow
log10
frexp
fmod
floor
tan
atan
atan2
_fdclass
_dclass
nextafter
exp
fabs
acosh
log1p
log
acos
expm1
_fdopen
atanh
asin
copysign
ldexp
hypot
asinh
modf
sin
round
sinh
cos
ceil

api-ms-win-crt-time-l1-1-0

__timezone
_tzset
strftime
clock
_time64
_mktime64
__daylight
_gmtime64_s
_localtime64_s

api-ms-win-crt-process-l1-1-0

_wexecv
_wspawnv
_wexecve
_cwait
_wspawnve

api-ms-win-crt-heap-l1-1-0

free
malloc
_heapmin
realloc
calloc

api-ms-win-crt-conio-l1-1-0

_putwch
_ungetwch
_getwche
_getche
_getch
_ungetch
_putch
_getwch

api-ms-win-crt-filesystem-l1-1-0

_umask
_wstat64i32

Exports

Exports

PyAIter_Check
PyArg_Parse
PyArg_ParseTuple
PyArg_ParseTupleAndKeywords
PyArg_UnpackTuple
PyArg_VaParse
PyArg_VaParseTupleAndKeywords
PyArg_ValidateKeywordArguments
PyAsyncGen_New
PyAsyncGen_Type
PyBaseObject_Type
PyBool_FromLong
PyBool_Type
PyBuffer_FillContiguousStrides
PyBuffer_FillInfo
PyBuffer_FromContiguous
PyBuffer_GetPointer
PyBuffer_IsContiguous
PyBuffer_Release
PyBuffer_SizeFromFormat
PyBuffer_ToContiguous
PyByteArrayIter_Type
PyByteArray_AsString
PyByteArray_Concat
PyByteArray_FromObject
PyByteArray_FromStringAndSize
PyByteArray_Resize
PyByteArray_Size
PyByteArray_Type
PyBytesIter_Type
PyBytes_AsString
PyBytes_AsStringAndSize
PyBytes_Concat
PyBytes_ConcatAndDel
PyBytes_DecodeEscape
PyBytes_FromFormat
PyBytes_FromFormatV
PyBytes_FromObject
PyBytes_FromString
PyBytes_FromStringAndSize
PyBytes_Repr
PyBytes_Size
PyBytes_Type
PyCFunction_Call
PyCFunction_GetFlags
PyCFunction_GetFunction
PyCFunction_GetSelf
PyCFunction_New
PyCFunction_NewEx
PyCFunction_Type
PyCMethod_New
PyCMethod_Type
PyCallIter_New
PyCallIter_Type
PyCallable_Check
PyCapsule_GetContext
PyCapsule_GetDestructor
PyCapsule_GetName
PyCapsule_GetPointer
PyCapsule_Import
PyCapsule_IsValid
PyCapsule_New
PyCapsule_SetContext
PyCapsule_SetDestructor
PyCapsule_SetName
PyCapsule_SetPointer
PyCapsule_Type
PyCell_Get
PyCell_New
PyCell_Set
PyCell_Type
PyClassMethodDescr_Type
PyClassMethod_New
PyClassMethod_Type
PyCode_Addr2Line
PyCode_Addr2Location
PyCode_GetCellvars
PyCode_GetCode
PyCode_GetFreevars
PyCode_GetVarnames
PyCode_New
PyCode_NewEmpty
PyCode_NewWithPosOnlyArgs
PyCode_Optimize
PyCode_Type
PyCodec_BackslashReplaceErrors
PyCodec_Decode
PyCodec_Decoder
PyCodec_Encode
PyCodec_Encoder
PyCodec_IgnoreErrors
PyCodec_IncrementalDecoder
PyCodec_IncrementalEncoder
PyCodec_KnownEncoding
PyCodec_LookupError
PyCodec_NameReplaceErrors
PyCodec_Register
PyCodec_RegisterError
PyCodec_ReplaceErrors
PyCodec_StreamReader
PyCodec_StreamWriter
PyCodec_StrictErrors
PyCodec_Unregister
PyCodec_XMLCharRefReplaceErrors
PyCompile_OpcodeStackEffect
PyCompile_OpcodeStackEffectWithJump
PyComplex_AsCComplex
PyComplex_FromCComplex
PyComplex_FromDoubles
PyComplex_ImagAsDouble
PyComplex_RealAsDouble
PyComplex_Type
PyConfig_Clear
PyConfig_InitIsolatedConfig
PyConfig_InitPythonConfig
PyConfig_Read
PyConfig_SetArgv
PyConfig_SetBytesArgv
PyConfig_SetBytesString
PyConfig_SetString
PyConfig_SetWideStringList
PyContextToken_Type
PyContextVar_Get
PyContextVar_New
PyContextVar_Reset
PyContextVar_Set
PyContextVar_Type
PyContext_Copy
PyContext_CopyCurrent
PyContext_Enter
PyContext_Exit
PyContext_New
PyContext_Type
PyCoro_New
PyCoro_Type
PyDescr_IsData
PyDescr_NewClassMethod
PyDescr_NewGetSet
PyDescr_NewMember
PyDescr_NewMethod
PyDescr_NewWrapper
PyDictItems_Type
PyDictIterItem_Type
PyDictIterKey_Type
PyDictIterValue_Type
PyDictKeys_Type
PyDictProxy_New
PyDictProxy_Type
PyDictRevIterItem_Type
PyDictRevIterKey_Type
PyDictRevIterValue_Type
PyDictValues_Type
PyDict_Clear
PyDict_Contains
PyDict_Copy
PyDict_DelItem
PyDict_DelItemString
PyDict_GetItem
PyDict_GetItemString
PyDict_GetItemWithError
PyDict_Items
PyDict_Keys
PyDict_Merge
PyDict_MergeFromSeq2
PyDict_New
PyDict_Next
PyDict_SetDefault
PyDict_SetItem
PyDict_SetItemString
PyDict_Size
PyDict_Type
PyDict_Update
PyDict_Values
PyEllipsis_Type
PyEnum_Type
PyErr_BadArgument
PyErr_BadInternalCall
PyErr_CheckSignals
PyErr_Clear
PyErr_Display
PyErr_ExceptionMatches
PyErr_Fetch
PyErr_Format
PyErr_FormatV
PyErr_GetExcInfo
PyErr_GetHandledException
PyErr_GivenExceptionMatches
PyErr_NewException
PyErr_NewExceptionWithDoc
PyErr_NoMemory
PyErr_NormalizeException
PyErr_Occurred
PyErr_Print
PyErr_PrintEx
PyErr_ProgramText
PyErr_ProgramTextObject
PyErr_RangedSyntaxLocationObject
PyErr_ResourceWarning
PyErr_Restore
PyErr_SetExcFromWindowsErr
PyErr_SetExcFromWindowsErrWithFilename
PyErr_SetExcFromWindowsErrWithFilenameObject
PyErr_SetExcFromWindowsErrWithFilenameObjects
PyErr_SetExcInfo
PyErr_SetFromErrno
PyErr_SetFromErrnoWithFilename
PyErr_SetFromErrnoWithFilenameObject
PyErr_SetFromErrnoWithFilenameObjects
PyErr_SetFromWindowsErr
PyErr_SetFromWindowsErrWithFilename
PyErr_SetHandledException
PyErr_SetImportError
PyErr_SetImportErrorSubclass
PyErr_SetInterrupt
PyErr_SetInterruptEx
PyErr_SetNone
PyErr_SetObject
PyErr_SetString
PyErr_SyntaxLocation
PyErr_SyntaxLocationEx
PyErr_SyntaxLocationObject
PyErr_WarnEx
PyErr_WarnExplicit
PyErr_WarnExplicitFormat
PyErr_WarnExplicitObject
PyErr_WarnFormat
PyErr_WriteUnraisable
PyEval_AcquireLock
PyEval_AcquireThread
PyEval_CallFunction
PyEval_CallMethod
PyEval_CallObjectWithKeywords
PyEval_EvalCode
PyEval_EvalCodeEx
PyEval_EvalFrame
PyEval_EvalFrameEx
PyEval_GetBuiltins
PyEval_GetFrame
PyEval_GetFuncDesc
PyEval_GetFuncName
PyEval_GetGlobals
PyEval_GetLocals
PyEval_InitThreads
PyEval_MergeCompilerFlags
PyEval_ReleaseLock
PyEval_ReleaseThread
PyEval_RestoreThread
PyEval_SaveThread
PyEval_SetProfile
PyEval_SetTrace
PyEval_ThreadsInitialized
PyExc_ArithmeticError
PyExc_AssertionError
PyExc_AttributeError
PyExc_BaseException
PyExc_BaseExceptionGroup
PyExc_BlockingIOError
PyExc_BrokenPipeError
PyExc_BufferError
PyExc_BytesWarning
PyExc_ChildProcessError
PyExc_ConnectionAbortedError
PyExc_ConnectionError
PyExc_ConnectionRefusedError
PyExc_ConnectionResetError
PyExc_DeprecationWarning
PyExc_EOFError
PyExc_EncodingWarning
PyExc_EnvironmentError
PyExc_Exception
PyExc_FileExistsError
PyExc_FileNotFoundError
PyExc_FloatingPointError
PyExc_FutureWarning
PyExc_GeneratorExit
PyExc_IOError
PyExc_ImportError
PyExc_ImportWarning
PyExc_IndentationError
PyExc_IndexError
PyExc_InterruptedError
PyExc_IsADirectoryError
PyExc_KeyError
PyExc_KeyboardInterrupt
PyExc_LookupError
PyExc_MemoryError
PyExc_ModuleNotFoundError
PyExc_NameError
PyExc_NotADirectoryError
PyExc_NotImplementedError
PyExc_OSError
PyExc_OverflowError
PyExc_PendingDeprecationWarning
PyExc_PermissionError
PyExc_ProcessLookupError
PyExc_RecursionError
PyExc_ReferenceError
PyExc_ResourceWarning
PyExc_RuntimeError
PyExc_RuntimeWarning
PyExc_StopAsyncIteration
PyExc_StopIteration
PyExc_SyntaxError
PyExc_SyntaxWarning
PyExc_SystemError
PyExc_SystemExit
PyExc_TabError
PyExc_TimeoutError
PyExc_TypeError
PyExc_UnboundLocalError
PyExc_UnicodeDecodeError
PyExc_UnicodeEncodeError
PyExc_UnicodeError
PyExc_UnicodeTranslateError
PyExc_UnicodeWarning
PyExc_UserWarning
PyExc_ValueError
PyExc_Warning
PyExc_WindowsError
PyExc_ZeroDivisionError
PyExceptionClass_Name
PyException_GetCause
PyException_GetContext
PyException_GetTraceback
PyException_SetCause
PyException_SetContext
PyException_SetTraceback
PyFile_FromFd
PyFile_GetLine
PyFile_NewStdPrinter
PyFile_OpenCode
PyFile_OpenCodeObject
PyFile_SetOpenCodeHook
PyFile_WriteObject
PyFile_WriteString
PyFilter_Type
PyFloat_AsDouble
PyFloat_FromDouble
PyFloat_FromString
PyFloat_GetInfo
PyFloat_GetMax
PyFloat_GetMin
PyFloat_Pack2
PyFloat_Pack4
PyFloat_Pack8
PyFloat_Type
PyFloat_Unpack2
PyFloat_Unpack4
PyFloat_Unpack8
PyFrame_FastToLocals
PyFrame_FastToLocalsWithError
PyFrame_GetBack
PyFrame_GetBuiltins
PyFrame_GetCode
PyFrame_GetGenerator
PyFrame_GetGlobals
PyFrame_GetLasti
PyFrame_GetLineNumber
PyFrame_GetLocals
PyFrame_LocalsToFast
PyFrame_New
PyFrame_Type
PyFrozenSet_New
PyFrozenSet_Type
PyFunction_GetAnnotations
PyFunction_GetClosure
PyFunction_GetCode
PyFunction_GetDefaults
PyFunction_GetGlobals
PyFunction_GetKwDefaults
PyFunction_GetModule
PyFunction_New
PyFunction_NewWithQualName
PyFunction_SetAnnotations
PyFunction_SetClosure
PyFunction_SetDefaults
PyFunction_SetKwDefaults
PyFunction_Type
PyGC_Collect
PyGC_Disable
PyGC_Enable
PyGC_IsEnabled
PyGILState_Check
PyGILState_Ensure
PyGILState_GetThisThreadState
PyGILState_Release
PyGen_New
PyGen_NewWithQualName
PyGen_Type
PyGetSetDescr_Type
PyHash_GetFuncDef
PyImport_AddModule
PyImport_AddModuleObject
PyImport_AppendInittab
PyImport_ExecCodeModule
PyImport_ExecCodeModuleEx
PyImport_ExecCodeModuleObject
PyImport_ExecCodeModuleWithPathnames
PyImport_ExtendInittab
PyImport_FrozenModules
PyImport_GetImporter
PyImport_GetMagicNumber
PyImport_GetMagicTag
PyImport_GetModule
PyImport_GetModuleDict
PyImport_Import
PyImport_ImportFrozenModule
PyImport_ImportFrozenModuleObject
PyImport_ImportModule
PyImport_ImportModuleLevel
PyImport_ImportModuleLevelObject
PyImport_ImportModuleNoBlock
PyImport_Inittab
PyImport_ReloadModule
PyIndex_Check
PyInstanceMethod_Function
PyInstanceMethod_New
PyInstanceMethod_Type
PyInterpreterState_Clear
PyInterpreterState_Delete
PyInterpreterState_Get
PyInterpreterState_GetDict
PyInterpreterState_GetID
PyInterpreterState_Head
PyInterpreterState_Main
PyInterpreterState_New
PyInterpreterState_Next
PyInterpreterState_ThreadHead
PyIter_Check
PyIter_Next
PyIter_Send
PyListIter_Type
PyListRevIter_Type
PyList_Append
PyList_AsTuple
PyList_GetItem
PyList_GetSlice
PyList_Insert
PyList_New
PyList_Reverse
PyList_SetItem
PyList_SetSlice
PyList_Size
PyList_Sort
PyList_Type
PyLongRangeIter_Type
PyLong_AsDouble
PyLong_AsLong
PyLong_AsLongAndOverflow
PyLong_AsLongLong
PyLong_AsLongLongAndOverflow
PyLong_AsSize_t
PyLong_AsSsize_t
PyLong_AsUnsignedLong
PyLong_AsUnsignedLongLong
PyLong_AsUnsignedLongLongMask
PyLong_AsUnsignedLongMask
PyLong_AsVoidPtr
PyLong_FromDouble
PyLong_FromLong
PyLong_FromLongLong
PyLong_FromSize_t
PyLong_FromSsize_t
PyLong_FromString
PyLong_FromUnicodeObject
PyLong_FromUnsignedLong
PyLong_FromUnsignedLongLong
PyLong_FromVoidPtr
PyLong_GetInfo
PyLong_Type
PyMap_Type
PyMapping_Check
PyMapping_GetItemString
PyMapping_HasKey
PyMapping_HasKeyString
PyMapping_Items
PyMapping_Keys
PyMapping_Length
PyMapping_SetItemString
PyMapping_Size
PyMapping_Values
PyMarshal_ReadLastObjectFromFile
PyMarshal_ReadLongFromFile
PyMarshal_ReadObjectFromFile
PyMarshal_ReadObjectFromString
PyMarshal_ReadShortFromFile
PyMarshal_WriteLongToFile
PyMarshal_WriteObjectToFile
PyMarshal_WriteObjectToString
PyMem_Calloc
PyMem_Free
PyMem_GetAllocator
PyMem_Malloc
PyMem_RawCalloc
PyMem_RawFree
PyMem_RawMalloc
PyMem_RawRealloc
PyMem_Realloc
PyMem_SetAllocator
PyMem_SetupDebugHooks

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PyRuntim
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25bf9dd933cf3958c64d9932927246e8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 835KB - Virtual size: 834KB

.rdata Size: 191KB - Virtual size: 190KB

.data Size: 19KB - Virtual size: 26KB

.pdata Size: 40KB - Virtual size: 40KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 6KB

9f990d308401ca66062ae75f451d4aba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

python311

mmmojocall

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 357KB - Virtual size: 357KB

.data Size: 22KB - Virtual size: 33KB

.pdata Size: 53KB - Virtual size: 53KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 7KB - Virtual size: 6KB

286a6b426529825e7df289c431d3f6be

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mmmojocall

kernel32

user32

comdlg32

shell32

winmm

gdiplus

comctl32

imm32

shlwapi

msimg32

uiautomationcore

gdi32

ole32

oleaut32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 524KB - Virtual size: 523KB

.data Size: 49KB - Virtual size: 57KB

.pdata Size: 80KB - Virtual size: 79KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 314KB - Virtual size: 314KB

.reloc Size: 19KB - Virtual size: 19KB

c1a5d6b218f18af863c2aa58d356b421

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

.text
Size: 835KB - Virtual size: 834KB

.rdata
Size: 191KB - Virtual size: 190KB

.data
Size: 19KB - Virtual size: 26KB

.pdata
Size: 40KB - Virtual size: 40KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 357KB - Virtual size: 357KB

.data
Size: 22KB - Virtual size: 33KB

.pdata
Size: 53KB - Virtual size: 53KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 7KB - Virtual size: 6KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 524KB - Virtual size: 523KB

.data
Size: 49KB - Virtual size: 57KB

.pdata
Size: 80KB - Virtual size: 79KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 314KB - Virtual size: 314KB

.reloc
Size: 19KB - Virtual size: 19KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 204KB - Virtual size: 204KB

.data
Size: 10KB - Virtual size: 32KB

.pdata
Size: 51KB - Virtual size: 51KB

.00cfg
Size: 512B - Virtual size: 40B

.retplne
Size: 512B - Virtual size: 12B

.tls
Size: 512B - Virtual size: 289B

.voltbl
Size: 512B - Virtual size: 70B

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 7KB - Virtual size: 6KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:1f:14:1b:8b:30:0d:25:f3:14:eb:23:0c:d0:d1:dd
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

fe:80:7e:79:1e:36:fb:33:fa:20:90:d1:64:58:b3:37:44:cd:08:32:f6:30:d8:9c:d8:5b:96:e6:92:e0:82:75
Signer

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 1.0MB - Virtual size: 1.3MB

.pdata
Size: 140KB - Virtual size: 140KB

PyRuntim
Size: 163KB - Virtual size: 162KB