quasar | PDennSploit[.]v1[.]2[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

PDennSploit.v1.2.rar
Size

14.6MB
MD5

02fe9fa2e704e45e4c3fe465eb291a1a
SHA1

8d186108459351721c5b67ae150578518953c115
SHA256

d981d6d8221ccbf1501cb19aef7d25fac9e987070a05bb3e6654b736a7cc4a57
SHA512

514e56d8dc8b8753ee459830dca550e3a68b2d3544d965faac5f6448b71e6ce0be2fc13040647e5d8cc71caa15b1f82fe066bbeaa4fc7b624a95e8ebe1f2d11f
SSDEEP

393216:+GVCaQKdRL+Q1EvjoGkMz86GWiRd1dVPkupd:+KfQSLJEXzrXiD1zPkm

Score

10^/10

office vmprotect quasar

Malware Config

Extracted

Family

quasar

Version

1.4.0.0

Botnet

Office

espinyskibidi-40205.portmap.host:40205

Mutex

CdrjrrWbtRopP1ic7E

Attributes

encryption_key
P2ctPN6uGReD4W1dEypm
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Client
subdirectory
Microsoft

Signatures

Quasar family
quasar

Quasar payload 1 IoCs

resource	yara_rule
static1/unpack001/PDennSploit v1.2/Updater.exe	family_quasar

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/PDennSploit v1.2/lib/editor/ace/snippets/jsNodes.dll	vmprotect

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PDennSploit v1.2/PDennSploit.exe
unpack001/PDennSploit v1.2/Updater.exe
unpack001/PDennSploit v1.2/lib/EasyExploits.dll
unpack001/PDennSploit v1.2/lib/FastColoredTextBox.dll
unpack001/PDennSploit v1.2/lib/PDennAPI.dll
unpack001/PDennSploit v1.2/lib/WeAreDevs_API.dll
unpack001/PDennSploit v1.2/lib/editor/ace/snippets/jsNodes.dll
unpack001/PDennSploit v1.2/lib/exploit-main.dll

Files

PDennSploit.v1.2.rar
.rar
PDennSploit v1.2/PDennSploit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/PDennSploit.exe.config
PDennSploit v1.2/READ.txt
PDennSploit v1.2/Updater.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/EasyExploits.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Co\source\repos\EasyExploits\EasyExploits\obj\Release\EasyExploits.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/FastColoredTextBox.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects_CSharp\FastColoredTextBox\FastColoredTextBox\obj\Debug\FastColoredTextBox.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/Microsoft.Web.WebView2.Core.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:f0:91:dc:7a:c1:f7:bd:75:d0:33:76:08:e9:74:42:cf:8a:21:65:6e:68:b8:ad:13:a7:f0:1b:33:39:c9:34
Signer

Actual PE Digest

2e:f0:91:dc:7a:c1:f7:bd:75:d0:33:76:08:e9:74:42:cf:8a:21:65:6e:68:b8:ad:13:a7:f0:1b:33:39:c9:34

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/Microsoft.Web.WebView2.Core.xml
.js .xml polyglot
PDennSploit v1.2/lib/Microsoft.Web.WebView2.WinForms.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:54:ca:2b:f3:cb:9d:da:a6:75:00:00:00:00:02:54
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5f:3f:53:6a:f4:fe:f0:7e:29:72:f3:5b:48:29:1f:c9:0b:3e:4a:a8:41:ce:6e:00:f6:2f:06:98:02:4e:a3:ee
Signer

Actual PE Digest

5f:3f:53:6a:f4:fe:f0:7e:29:72:f3:5b:48:29:1f:c9:0b:3e:4a:a8:41:ce:6e:00:f6:2f:06:98:02:4e:a3:ee

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\release\net45\Microsoft.Web.WebView2.WinForms.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/Microsoft.Web.WebView2.WinForms.xml
.xml
PDennSploit v1.2/lib/Microsoft.Web.WebView2.Wpf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:b4:8d:29:98:5b:3d:3d:c4:55:0f:5e:bf:1e:cc:17:ef:7e:dc:d1:12:c2:15:d5:d7:3d:b7:37:7d:d3:d2:59
Signer

Actual PE Digest

a3:b4:8d:29:98:5b:3d:3d:c4:55:0f:5e:bf:1e:cc:17:ef:7e:dc:d1:12:c2:15:d5:d7:3d:b7:37:7d:d3:d2:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/Microsoft.Web.WebView2.Wpf.xml
.xml
PDennSploit v1.2/lib/PDennAPI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Zexea\Desktop\RobloxHacksAPI\RobloxHacksAPI\obj\Debug\RobloxHacksAPI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/PDennSploit.pdb
PDennSploit v1.2/lib/Siticone.UI.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:ae
Certificate

Issuer

CN=Siticone Root CA

Not Before

05/02/2020, 06:42

Not After

22/10/2030, 17:00

Subject

CN=Siticone Technology

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0
Signer

Actual PE Digest

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/WeAreDevs_API.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\burne\Documents\GitHub\Exploit-API\WeAreDevs_API\obj\Release\WeAreDevs_API.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 602KB - Virtual size: 602KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/editor/Editor.html
.html .js polyglot
PDennSploit v1.2/lib/editor/ace/ace.js
.js
PDennSploit v1.2/lib/editor/ace/ext-beautify.js
.js
PDennSploit v1.2/lib/editor/ace/ext-code_lens.js
.js
PDennSploit v1.2/lib/editor/ace/ext-elastic_tabstops_lite.js
.js
PDennSploit v1.2/lib/editor/ace/ext-emmet.js
.js
PDennSploit v1.2/lib/editor/ace/ext-error_marker.js
.js
PDennSploit v1.2/lib/editor/ace/ext-keybinding_menu.js
.js
PDennSploit v1.2/lib/editor/ace/ext-language_tools.js
.js
PDennSploit v1.2/lib/editor/ace/ext-linking.js
.js
PDennSploit v1.2/lib/editor/ace/ext-modelist.js
.js
PDennSploit v1.2/lib/editor/ace/ext-options.js
.js
PDennSploit v1.2/lib/editor/ace/ext-prompt.js
.js
PDennSploit v1.2/lib/editor/ace/ext-rtl.js
.js
PDennSploit v1.2/lib/editor/ace/ext-searchbox.js
.js
PDennSploit v1.2/lib/editor/ace/ext-settings_menu.js
.js
PDennSploit v1.2/lib/editor/ace/ext-spellcheck.js
.js
PDennSploit v1.2/lib/editor/ace/ext-split.js
.js
PDennSploit v1.2/lib/editor/ace/ext-static_highlight.js
.js
PDennSploit v1.2/lib/editor/ace/ext-statusbar.js
.js
PDennSploit v1.2/lib/editor/ace/ext-textarea.js
.js
PDennSploit v1.2/lib/editor/ace/ext-themelist.js
.js
PDennSploit v1.2/lib/editor/ace/ext-whitespace.js
.js
PDennSploit v1.2/lib/editor/ace/keybinding-emacs.js
.js
PDennSploit v1.2/lib/editor/ace/keybinding-sublime.js
.js
PDennSploit v1.2/lib/editor/ace/keybinding-vim.js
.js
PDennSploit v1.2/lib/editor/ace/keybinding-vscode.js
.js
PDennSploit v1.2/lib/editor/ace/mode-lua.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/abap.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/abc.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/actionscript.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/ada.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/apache_conf.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/apex.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/applescript.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/aql.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/asciidoc.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/asl.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/assembly_x86.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/autohotkey.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/batchfile.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/bro.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/c9search.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/c_cpp.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/cirru.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/clojure.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/cobol.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/coffee.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/coldfusion.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/crystal.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/csharp.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/csound_document.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/csound_orchestra.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/csound_score.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/csp.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/css.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/curly.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/d.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/dart.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/diff.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/django.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/dockerfile.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/dot.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/drools.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/edifact.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/eiffel.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/ejs.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/elixir.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/elm.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/erlang.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/forth.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/fortran.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/fsharp.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/fsl.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/ftl.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/gcode.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/gherkin.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/gitignore.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/glsl.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/gobstones.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/golang.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/graphqlschema.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/groovy.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/haml.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/handlebars.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/haskell.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/haskell_cabal.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/haxe.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/hjson.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/html.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/html_elixir.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/html_ruby.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/ini.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/io.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/jack.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/jade.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/java.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/javascript.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/jsNodes.dll
.dll windows:6 windows x86 arch:x86

327685ec5e89b5f01257754aa01d94b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs

crypt32

CertFreeCertificateChain

wldap32

ord45

normaliz

IdnToAscii

kernel32

TerminateProcess
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetKeyState
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptDestroyHash

msvcp140

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDeviceAndSwapChain

imm32

ImmSetCompositionWindow

xinput1_4

ord4

wininet

InternetOpenUrlA

urlmon

URLOpenBlockingStreamA

vcruntime140

_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

_lseeki64

api-ms-win-crt-string-l1-1-0

strncpy

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-convert-l1-1-0

strtoll

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_CIatan2

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_localtime64

api-ms-win-crt-filesystem-l1-1-0

_access

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 733KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PDennSploit v1.2/lib/editor/ace/snippets/json.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/json5.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/jsoniq.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/jsp.js
.js .vbs
PDennSploit v1.2/lib/editor/ace/snippets/jssm.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/jsx.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/julia.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/kotlin.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/latex.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/less.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/liquid.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/lisp.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/livescript.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/logiql.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/logtalk.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/lsl.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/lua.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/luapage.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/lucene.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/makefile.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/markdown.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/mask.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/matlab.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/maze.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/mel.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/mixal.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/mushcode.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/mysql.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/nginx.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/nim.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/nix.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/nsis.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/nunjucks.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/objectivec.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/ocaml.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/pascal.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/perl.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/perl6.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/pgsql.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/php.js
.js .ps1
PDennSploit v1.2/lib/editor/ace/snippets/php_laravel_blade.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/pig.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/plain_text.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/powershell.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/praat.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/prolog.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/properties.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/protobuf.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/puppet.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/python.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/r.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/razor.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/rdoc.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/red.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/redshift.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/rhtml.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/rst.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/ruby.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/rust.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/sass.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/scad.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/scala.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/scheme.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/scss.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/sh.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/sjs.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/slim.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/smarty.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/snippets.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/soy_template.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/space.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/sparql.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/sql.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/sqlserver.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/stylus.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/svg.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/swift.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/tcl.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/terraform.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/tex.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/text.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/textile.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/toml.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/tsx.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/turtle.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/twig.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/typescript.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/vala.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/vbscript.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/velocity.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/verilog.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/vhdl.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/visualforce.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/wollok.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/xml.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/xquery.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/yaml.js
.js
PDennSploit v1.2/lib/editor/ace/snippets/zeek.js
.js
PDennSploit v1.2/lib/editor/ace/theme-ambiance.js
.js
PDennSploit v1.2/lib/editor/ace/theme-chaos.js
.js
PDennSploit v1.2/lib/editor/ace/theme-chrome.js
.js
PDennSploit v1.2/lib/editor/ace/theme-clouds.js
.js
PDennSploit v1.2/lib/editor/ace/theme-clouds_midnight.js
.js
PDennSploit v1.2/lib/editor/ace/theme-cobalt.js
.js
PDennSploit v1.2/lib/editor/ace/theme-crimson_editor.js
.js
PDennSploit v1.2/lib/editor/ace/theme-dawn.js
.js
PDennSploit v1.2/lib/editor/ace/theme-dracula.js
.js
PDennSploit v1.2/lib/editor/ace/theme-dreamweaver.js
.js
PDennSploit v1.2/lib/editor/ace/theme-eclipse.js
.js
PDennSploit v1.2/lib/editor/ace/theme-github.js
.js
PDennSploit v1.2/lib/editor/ace/theme-gob.js
.js
PDennSploit v1.2/lib/editor/ace/theme-gruvbox.js
.js
PDennSploit v1.2/lib/editor/ace/theme-idle_fingers.js
.js
PDennSploit v1.2/lib/editor/ace/theme-iplastic.js
.js
PDennSploit v1.2/lib/editor/ace/theme-katzenmilch.js
.js
PDennSploit v1.2/lib/editor/ace/theme-kr_theme.js
.js
PDennSploit v1.2/lib/editor/ace/theme-kuroir.js
.js
PDennSploit v1.2/lib/editor/ace/theme-merbivore.js
.js
PDennSploit v1.2/lib/editor/ace/theme-merbivore_soft.js
.js
PDennSploit v1.2/lib/editor/ace/theme-mono_industrial.js
.js
PDennSploit v1.2/lib/editor/ace/theme-monokai.js
.js
PDennSploit v1.2/lib/editor/ace/theme-pastel_on_dark.js
.js
PDennSploit v1.2/lib/editor/ace/theme-solarized_dark.js
.js
PDennSploit v1.2/lib/editor/ace/theme-solarized_light.js
.js
PDennSploit v1.2/lib/editor/ace/theme-sqlserver.js
.js
PDennSploit v1.2/lib/editor/ace/theme-terminal.js
.js
PDennSploit v1.2/lib/editor/ace/theme-textmate.js
.js
PDennSploit v1.2/lib/editor/ace/theme-tomorrow.js
.js
PDennSploit v1.2/lib/editor/ace/theme-tomorrow_night.js
.js
PDennSploit v1.2/lib/editor/ace/theme-tomorrow_night_blue.js
.js
PDennSploit v1.2/lib/editor/ace/theme-tomorrow_night_bright.js
.js
PDennSploit v1.2/lib/editor/ace/theme-tomorrow_night_eighties.js
.js
PDennSploit v1.2/lib/editor/ace/theme-twilight.js
.js
PDennSploit v1.2/lib/editor/ace/theme-vibrant_ink.js
.js
PDennSploit v1.2/lib/editor/ace/theme-xcode.js
.js
PDennSploit v1.2/lib/editor/ace/worker-coffee.js
.js
PDennSploit v1.2/lib/editor/ace/worker-css.js
.js
PDennSploit v1.2/lib/editor/ace/worker-html.js
.js
PDennSploit v1.2/lib/editor/ace/worker-javascript.js
.js
PDennSploit v1.2/lib/editor/ace/worker-json.js
.js
PDennSploit v1.2/lib/editor/ace/worker-lua.js
.js
PDennSploit v1.2/lib/editor/ace/worker-php.js
.js
PDennSploit v1.2/lib/editor/ace/worker-xml.js
.js
PDennSploit v1.2/lib/editor/ace/worker-xquery.js
.js
PDennSploit v1.2/lib/exploit-main.dll
.dll windows:6 windows x86 arch:x86

924c3a5e9d2f9569e65c2259af8e39bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dbghelp

SymCleanup
SymGetLineFromAddr
SymGetSymFromAddr
UnDecorateSymbolName
SymFunctionTableAccess
StackWalk
SymInitialize
SymGetModuleBase

kernel32

QueryPerformanceCounter
SetConsoleTitleA
VirtualQuery
ReadFile
CreateNamedPipeA
SetConsoleMode
DisconnectNamedPipe
GetConsoleMode
DisableThreadLibraryCalls
FreeConsole
FreeLibrary
VerifyVersionInfoW
AllocConsole
ConnectNamedPipe
EnterCriticalSection
WakeAllConditionVariable
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetLastError
QueryPerformanceFrequency
LocalFree
GetEnvironmentVariableA
WaitForMultipleObjects
FormatMessageA
PeekNamedPipe
GetFileType
CreateDirectoryW
FindClose
FindNextFileW
WaitForSingleObjectEx
MoveFileExW
FormatMessageW
SetLastError
GetFileAttributesExW
GetTickCount
LoadLibraryW
GetModuleHandleW
GetSystemDirectoryW
SleepEx
InitializeCriticalSectionEx
GlobalUnlock
SetFileInformationByHandle
AreFileApisANSI
GetFileInformationByHandleEx
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetTickCount64
InitOnceComplete
InitOnceBeginInitialize
GetStdHandle
SetConsoleTextAttribute
GetConsoleWindow
GetCurrentProcessId
GetProcAddress
GetCurrentThread
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
CreateEventW
ResetEvent
Sleep
SetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
GetFileSizeEx
TerminateProcess
GetModuleHandleA
GetCurrentProcess
GetModuleFileNameA
CloseHandle
VerSetConditionMask
CreateFileW
FindFirstFileExW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

UnregisterClassA
CreateWindowExA
DefWindowProcA
GetWindowLongA
CallWindowProcA
SetWindowLongA
ShowWindow
GetWindowRect
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
MessageBoxA
GetCursorPos
RegisterClassExA
DestroyWindow
GetSystemMenu
MonitorFromPoint
DeleteMenu
keybd_event
GetSystemMetrics
MapVirtualKeyA
mouse_event
SendInput
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
IsChild
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos

advapi32

CryptCreateHash
GetCurrentHwProfileA
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
CryptDestroyHash
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptHashData

shell32

ShellExecuteA

msvcp140

??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Random_device@std@@YAIXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Xbad_function_call@std@@YAXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Strxfrm
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z
?tolower@?$ctype@D@std@@QBEDD@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xinvalid_argument@std@@YAXPBD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
_Query_perf_frequency
_Query_perf_counter
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
_Thrd_sleep
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

vcruntime140

memmove
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_terminate
strstr
strchr
_purecall
memset
memcpy
strrchr
memchr
wcschr
__current_exception
__current_exception_context
_CxxThrowException
_except_handler4_common
memcmp
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
realloc
free
malloc

api-ms-win-crt-runtime-l1-1-0

system
_invalid_parameter_noinfo_noreturn
exit
abort
_beginthreadex
_errno
__sys_errlist
__sys_nerr
_getpid
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate

api-ms-win-crt-string-l1-1-0

tolower
isalnum
strncpy
strnlen
strncmp
_strdup
isupper
_wcsdup
wcspbrk
wcsncpy
wcsncmp
strpbrk
strcspn
strspn

api-ms-win-crt-stdio-l1-1-0

fclose
__stdio_common_vsprintf_s
fputc
_lseeki64
fgetc
__stdio_common_vfprintf
fwrite
fgets
_wopen
_read
_write
fgetpos
fflush
freopen_s
ungetc
_close
feof
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vsscanf
__stdio_common_vsprintf
_wfopen
setvbuf
__acrt_iob_func
fseek
ftell

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
_localtime64
strftime

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wstat64
_lock_file
_unlink
_unlock_file
_fstat64

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-convert-l1-1-0

strtol
strtoll
wcstombs
strtoull
strtod
atoi
strtoul

api-ms-win-crt-math-l1-1-0

_dsign
_libm_sse2_acos_precise
_libm_sse2_cos_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
ceil
floor
ldexp
_dclass

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

ws2_32

accept
__WSAFDIsSet
htonl
listen
getaddrinfo
WSACleanup
select
recvfrom
sendto
ioctlsocket
WSAStartup
gethostname
WSAIoctl
freeaddrinfo
WSASetLastError
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket

crypt32

CertOpenStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertCloseStore
CertEnumCertificatesInStore
CryptStringToBinaryW
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertFindCertificateInStore
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore

wldap32

ord46
ord219
ord14
ord145
ord73
ord208
ord41
ord117
ord26
ord27
ord127
ord167
ord142
ord79
ord301
ord147
ord133
ord216

Sections

.text
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sfdsadf
Size: - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sfdsadf
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sfdsadf
Size: 6.4MB - Virtual size: 6.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 233B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PDennSploit v1.2/runtimes/win-arm64/native/WebView2Loader.dll
PDennSploit v1.2/runtimes/win-x64/native/WebView2Loader.dll
.dll windows:5 windows x64 arch:x64

dc9fbafd0b96c0a640df70f088bfd2b0

Code Sign

33:00:00:02:54:ca:2b:f3:cb:9d:da:a6:75:00:00:00:00:02:54
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:6f:61:66:a9:cb:47:19:a0:09:44:06:06:92:82:a8:43:82:db:4b:93:c9:59:da:ff:07:50:b4:79:96:48:8e
Signer

Actual PE Digest

e4:6f:61:66:a9:cb:47:19:a0:09:44:06:06:92:82:a8:43:82:db:4b:93:c9:59:da:ff:07:50:b4:79:96:48:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WebView2Loader.dll.pdb

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDennSploit v1.2/runtimes/win-x86/native/WebView2Loader.dll
.dll windows:5 windows x86 arch:x86

608537c42a46a95b31cc1ef01ab6eeb0

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:33

Not After

01/09/2022, 18:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:4f:41:19:71:d6:76:ba:93:54:33:cc:19:83:63:2b:d7:e5:e7:3c:e3:79:e3:80:9a:9b:58:6b:0b:05:24:ed
Signer

Actual PE Digest

45:4f:41:19:71:d6:76:ba:93:54:33:cc:19:83:63:2b:d7:e5:e7:3c:e3:79:e3:80:9a:9b:58:6b:0b:05:24:ed

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WebView2Loader.dll.pdb

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 36B

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 266KB - Virtual size: 265KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 283KB - Virtual size: 282KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 7KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 320KB - Virtual size: 320KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

2e:f0:91:dc:7a:c1:f7:bd:75:d0:33:76:08:e9:74:42:cf:8a:21:65:6e:68:b8:ad:13:a7:f0:1b:33:39:c9:34Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 357KB - Virtual size: 356KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:02:54:ca:2b:f3:cb:9d:da:a6:75:00:00:00:00:02:54Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

5f:3f:53:6a:f4:fe:f0:7e:29:72:f3:5b:48:29:1f:c9:0b:3e:4a:a8:41:ce:6e:00:f6:2f:06:98:02:4e:a3:eeSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 23KB - Virtual size: 23KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 266KB - Virtual size: 265KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 283KB - Virtual size: 282KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

2e:f0:91:dc:7a:c1:f7:bd:75:d0:33:76:08:e9:74:42:cf:8a:21:65:6e:68:b8:ad:13:a7:f0:1b:33:39:c9:34
Signer

.text
Size: 357KB - Virtual size: 356KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:54:ca:2b:f3:cb:9d:da:a6:75:00:00:00:00:02:54
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

5f:3f:53:6a:f4:fe:f0:7e:29:72:f3:5b:48:29:1f:c9:0b:3e:4a:a8:41:ce:6e:00:f6:2f:06:98:02:4e:a3:ee
Signer

.text
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:55:18:1d:a4:2e:e0:86:fc:15:00:00:00:00:02:55
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

a3:b4:8d:29:98:5b:3d:3d:c4:55:0f:5e:bf:1e:cc:17:ef:7e:dc:d1:12:c2:15:d5:d7:3d:b7:37:7d:d3:d2:59
Signer

.text
Size: 30KB - Virtual size: 30KB

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 12B

3a:93:0b:19:8f:29:72:9a:49:b0:8b:f3:6d:f8:17:ae
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

34:8f:92:bf:68:07:1b:a4:18:d3:f6:b4:4e:02:5a:2c:51:c0:51:c0
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 602KB - Virtual size: 602KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B