discordrat | Onnx File Installer[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Onnx File Installer.rar
Size

286KB
MD5

40213d4463924b5cfe42addc74e10efc
SHA1

e7ee2cbf5be424a687563807181dcebe80169d20
SHA256

d624951bfc5e38a018beb94c1c8acb97a6becca52e6d069b156b5e55608f857a
SHA512

3052564b1100c8712a372a4c1a716210358df0f56e495901dd48928c18476ebc3130b4270a61b8d3d66f3bcda2872da1d4b16027f5388f1b00d8085ad973372e
SSDEEP

6144:6IxCIvis/TCDzWVVEfG2EkwCDGs1qA/bCAgUjr1xRkyWskk:6yRwrUkw0Gs1qMgUndkmZ

Score

10^/10

discordrat

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI0MzM1NDI0NDI1NDI3MzYzNw.GUkt7C.Pcja3LSm_8Cp1CqJOlASW0-GzRtoJOOBBsmJcg
server_id
1232533200622845975

Signatures

Discordrat family
discordrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Onnx File Installer.exe
unpack001/libcurl.dll

Files

Onnx File Installer.rar
.rar
HOW TO USE.txt
Onnx File Installer.exe
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
api-ms-win-crt-stdio-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:01:b2:4a:37:c6:c9:7e:01:68:86:00:01:00:00:01:b2
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:07

Not After

08-08-2019 20:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

da:34:6d:89:13:fd:ec:58:53:71:21:ab:91:c1:2a:fc:56:4c:a2:fe:f2:1a:67:de:84:30:3b:47:31:38:5b:1c
Signer

Actual PE Digest

da:34:6d:89:13:fd:ec:58:53:71:21:ab:91:c1:2a:fc:56:4c:a2:fe:f2:1a:67:de:84:30:3b:47:31:38:5b:1c

Digest Algorithm

sha256

PE Digest Matches

true

ba:e9:ed:3c:48:cf:9b:9e:72:b3:43:07:6a:35:f1:53:91:af:5f:0c
Signer

Actual PE Digest

ba:e9:ed:3c:48:cf:9b:9e:72:b3:43:07:6a:35:f1:53:91:af:5f:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-stdio-l1-1-0.pdb

Exports

Exports

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfprintf_p
__stdio_common_vfprintf_s
__stdio_common_vfscanf
__stdio_common_vfwprintf
__stdio_common_vfwprintf_p
__stdio_common_vfwprintf_s
__stdio_common_vfwscanf
__stdio_common_vsnprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vsprintf_p
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__stdio_common_vswprintf
__stdio_common_vswprintf_p
__stdio_common_vswprintf_s
__stdio_common_vswscanf
_chsize
_chsize_s
_close
_commit
_creat
_dup
_dup2
_eof
_fclose_nolock
_fcloseall
_fflush_nolock
_fgetc_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filelength
_filelengthi64
_fileno
_flushall
_fputc_nolock
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_ftell_nolock
_ftelli64
_ftelli64_nolock
_fwrite_nolock
_get_fmode
_get_osfhandle
_get_printf_count_output
_get_stream_buffer_pointers
_getc_nolock
_getcwd
_getdcwd
_getmaxstdio
_getw
_getwc_nolock
_getws
_getws_s
_isatty
_kbhit
_locking
_lseek
_lseeki64
_mktemp
_mktemp_s
_open
_open_osfhandle
_pclose
_pipe
_popen
_putc_nolock
_putw
_putwc_nolock
_putws
_read
_rmtmp
_set_fmode
_set_printf_count_output
_setmaxstdio
_setmode
_sopen
_sopen_dispatch
_sopen_s
_tell
_telli64
_tempnam
_ungetc_nolock
_ungetwc_nolock
_wcreat
_wfdopen
_wfopen
_wfopen_s
_wfreopen
_wfreopen_s
_wfsopen
_wmktemp
_wmktemp_s
_wopen
_wpopen
_write
_wsopen
_wsopen_dispatch
_wsopen_s
_wtempnam
_wtmpnam
_wtmpnam_s
clearerr
clearerr_s
fclose
feof
ferror
fflush
fgetc
fgetpos
fgets
fgetwc
fgetws
fopen
fopen_s
fputc
fputs
fputwc
fputws
fread
fread_s
freopen
freopen_s
fseek
fsetpos
ftell
fwrite
getc
getchar
gets
gets_s
getwc
getwchar
putc
putchar
puts
putwc
putwchar
rewind
setbuf
setvbuf
tmpfile
tmpfile_s
tmpnam
tmpnam_s
ungetc
ungetwc

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
api-ms-win-crt-string-l1-1-0.dll
.dll windows:10 windows x64 arch:x64

Code Sign

33:00:00:01:b2:4a:37:c6:c9:7e:01:68:86:00:01:00:00:01:b2
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:11

Not After

26-07-2019 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-07-2018 20:07

Not After

08-08-2019 20:07

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:6a:7f:87:f7:64:2e:22:83:6d:be:56:03:8b:2a:94:76:c0:10:e1:c0:23:02:7c:e8:b4:f4:01:cb:96:50:ef
Signer

Actual PE Digest

72:6a:7f:87:f7:64:2e:22:83:6d:be:56:03:8b:2a:94:76:c0:10:e1:c0:23:02:7c:e8:b4:f4:01:cb:96:50:ef

Digest Algorithm

sha256

PE Digest Matches

true

45:89:0a:e3:19:4f:e2:5b:f6:04:c2:87:7d:09:48:4d:98:22:f9:08
Signer

Actual PE Digest

45:89:0a:e3:19:4f:e2:5b:f6:04:c2:87:7d:09:48:4d:98:22:f9:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-crt-string-l1-1-0.pdb

Exports

Exports

__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__strncnt
__wcsncnt
_isalnum_l
_isalpha_l
_isblank_l
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_isprint_l
_ispunct_l
_isspace_l
_isupper_l
_iswalnum_l
_iswalpha_l
_iswblank_l
_iswcntrl_l
_iswcsym_l
_iswcsymf_l
_iswctype_l
_iswdigit_l
_iswgraph_l
_iswlower_l
_iswprint_l
_iswpunct_l
_iswspace_l
_iswupper_l
_iswxdigit_l
_isxdigit_l
_memccpy
_memicmp
_memicmp_l
_strcoll_l
_strdup
_stricmp
_stricmp_l
_stricoll
_stricoll_l
_strlwr
_strlwr_l
_strlwr_s
_strlwr_s_l
_strncoll
_strncoll_l
_strnicmp
_strnicmp_l
_strnicoll
_strnicoll_l
_strnset
_strnset_s
_strrev
_strset
_strset_s
_strupr
_strupr_l
_strupr_s
_strupr_s_l
_strxfrm_l
_tolower
_tolower_l
_toupper
_toupper_l
_towlower_l
_towupper_l
_wcscoll_l
_wcsdup
_wcsicmp
_wcsicmp_l
_wcsicoll
_wcsicoll_l
_wcslwr
_wcslwr_l
_wcslwr_s
_wcslwr_s_l
_wcsncoll
_wcsncoll_l
_wcsnicmp
_wcsnicmp_l
_wcsnicoll
_wcsnicoll_l
_wcsnset
_wcsnset_s
_wcsrev
_wcsset
_wcsset_s
_wcsupr
_wcsupr_l
_wcsupr_s
_wcsupr_s_l
_wcsxfrm_l
_wctype
is_wctype
isalnum
isalpha
isblank
iscntrl
isdigit
isgraph
isleadbyte
islower
isprint
ispunct
isspace
isupper
iswalnum
iswalpha
iswascii
iswblank
iswcntrl
iswctype
iswdigit
iswgraph
iswlower
iswprint
iswpunct
iswspace
iswupper
iswxdigit
isxdigit
mblen
mbrlen
memcpy_s
memmove_s
memset
strcat
strcat_s
strcmp
strcoll
strcpy
strcpy_s
strcspn
strlen
strncat
strncat_s
strncmp
strncpy
strncpy_s
strnlen
strpbrk
strspn
strtok
strtok_s
strxfrm
tolower
toupper
towctrans
towlower
towupper
wcscat
wcscat_s
wcscmp
wcscoll
wcscpy
wcscpy_s
wcscspn
wcslen
wcsncat
wcsncat_s
wcsncmp
wcsncpy
wcsncpy_s
wcsnlen
wcspbrk
wcsspn
wcstok
wcstok_s
wcsxfrm
wctype
wmemcpy_s
wmemmove_s

Sections

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
libcurl.dll
.dll windows:6 windows x64 arch:x64

9a4ddbe07217dde8376bb7c577388155

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\src\vcpkg\buildtrees\curl\x64-windows-rel\lib\libcurl.pdb

Imports

ws2_32

htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
__WSAFDIsSet
listen
accept
gethostname
freeaddrinfo
getaddrinfo
inet_ntop
WSAIoctl
WSASetLastError
select
WSAStartup
WSACleanup
recvfrom
sendto
socket
getsockname
getpeername
connect
bind
WSAGetLastError
send
closesocket
WSACloseEvent
inet_pton
getsockopt
setsockopt
recv
ntohs
htons

zlib1

inflateInit_
inflateInit2_
zlibVersion
inflate
inflateEnd

advapi32

CryptAcquireContextW
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain

bcrypt

BCryptGenRandom

kernel32

GetModuleHandleW
GetSystemDirectoryW
QueryPerformanceFrequency
FormatMessageW
SetLastError
GetLastError
GetCurrentProcessId
MoveFileExW
LoadLibraryW
GetEnvironmentVariableA
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
WaitForSingleObjectEx
CloseHandle
GetProcAddress
FreeLibrary
WideCharToMultiByte
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
VerSetConditionMask
GetModuleHandleA
VerifyVersionInfoW
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
Sleep
CreateFileW
MultiByteToWideChar
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
strstr
wcschr
memcmp
memmove
memchr
strrchr
strchr
memset
memcpy

api-ms-win-crt-string-l1-1-0

wcspbrk
strpbrk
strspn
wcsncmp
_strdup
strncmp
strcspn
wcsncpy
_wcsdup
strcmp
strncpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fputs
__stdio_common_vsscanf
_read
fflush
ftell
fclose
__stdio_common_vsprintf
fputc
feof
_fileno
fgets
_wopen
_wfopen
_fseeki64
fread
_lseeki64
_write
fwrite
fseek
_close

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
wcstombs
strtol
atoi

api-ms-win-crt-time-l1-1-0

_time64
strftime
_gmtime64

api-ms-win-crt-runtime-l1-1-0

_errno
_beginthreadex
_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
__sys_nerr
__sys_errlist

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-filesystem-l1-1-0

_waccess
_unlink
_wstat64
_fstat64

api-ms-win-crt-heap-l1-1-0

malloc
realloc
free
calloc

api-ms-win-crt-math-l1-1-0

_fdopen

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 76KB - Virtual size: 76KB

.rsrc Size: 1KB - Virtual size: 1KB

Code Sign

33:00:00:01:b2:4a:37:c6:c9:7e:01:68:86:00:01:00:00:01:b2Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

da:34:6d:89:13:fd:ec:58:53:71:21:ab:91:c1:2a:fc:56:4c:a2:fe:f2:1a:67:de:84:30:3b:47:31:38:5b:1cSigner

ba:e9:ed:3c:48:cf:9b:9e:72:b3:43:07:6a:35:f1:53:91:af:5f:0cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.rdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 1008B

Code Sign

33:00:00:01:b2:4a:37:c6:c9:7e:01:68:86:00:01:00:00:01:b2Certificate

Extended Key Usages

61:33:26:1a:00:00:00:00:00:31Certificate

Key Usages

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

72:6a:7f:87:f7:64:2e:22:83:6d:be:56:03:8b:2a:94:76:c0:10:e1:c0:23:02:7c:e8:b4:f4:01:cb:96:50:efSigner

45:89:0a:e3:19:4f:e2:5b:f6:04:c2:87:7d:09:48:4d:98:22:f9:08Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Exports

Exports

Sections

.rdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 1008B

9a4ddbe07217dde8376bb7c577388155

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

zlib1

advapi32

crypt32

bcrypt

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 389KB - Virtual size: 388KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 9KB - Virtual size: 11KB

.text
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 1KB - Virtual size: 1KB

33:00:00:01:b2:4a:37:c6:c9:7e:01:68:86:00:01:00:00:01:b2
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

da:34:6d:89:13:fd:ec:58:53:71:21:ab:91:c1:2a:fc:56:4c:a2:fe:f2:1a:67:de:84:30:3b:47:31:38:5b:1c
Signer

ba:e9:ed:3c:48:cf:9b:9e:72:b3:43:07:6a:35:f1:53:91:af:5f:0c
Signer

.rdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 1008B

33:00:00:01:b2:4a:37:c6:c9:7e:01:68:86:00:01:00:00:01:b2
Certificate

61:33:26:1a:00:00:00:00:00:31
Certificate

33:00:00:02:39:b2:b4:e8:2a:22:34:49:2f:00:00:00:00:02:39
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

72:6a:7f:87:f7:64:2e:22:83:6d:be:56:03:8b:2a:94:76:c0:10:e1:c0:23:02:7c:e8:b4:f4:01:cb:96:50:ef
Signer

45:89:0a:e3:19:4f:e2:5b:f6:04:c2:87:7d:09:48:4d:98:22:f9:08
Signer

.rdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 1008B

.text
Size: 389KB - Virtual size: 388KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 9KB - Virtual size: 11KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB