DotNetZip.pdb
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
HackUs Mail Access/Hackus.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
HackUs Mail Access.rar
-
Size
153.2MB
-
MD5
4676d40e988ae6e3ba14bc680710fe5b
-
SHA1
52c748bbedf4cbf693d9b15f56894d328d00093c
-
SHA256
16f69f838d83f7552b8a5712e26f2452bb7ddf7654a779dc62361a7af86351a2
-
SHA512
a57135f1d55dfba31e851cf50a0f424b27f026c54513fc3cea089b7f72bd6e97ae1b79d04e3ee3cf74b334f6e9cd60552e4daab5b1be61a003f6555bd1672a98
-
SSDEEP
3145728:68jJRp/YRMb4d+x0DqKJBcJQcjsem2TkoFAlWw2SNQpHgqAkj/rX:rjrs+Bxj02BFA4w32dAkj/D
Score
7/10
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule static1/unpack001/HackUs Mail Access/Hackus.exe net_reactor -
Unsigned PE 8 IoCs
Checks for missing Authenticode signature.
resource unpack001/HackUs Mail Access/DotNetZip.dll unpack001/HackUs Mail Access/Hackus.exe unpack001/HackUs Mail Access/HandyControl.dll unpack001/HackUs Mail Access/MailBee.NET.dll unpack001/HackUs Mail Access/Newtonsoft.Json.dll unpack001/HackUs Mail Access/System.Windows.Controls.Ribbon.dll unpack001/HackUs Mail Access/ToolGood.Words.dll unpack001/HackUs Mail Access/xNet.dll
Files
-
HackUs Mail Access.rar.rar
-
HackUs Mail Access/.hackus/Settings.cfg
-
HackUs Mail Access/.hackus/serverdatabase.db
-
HackUs Mail Access/DotNetZip.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 460KB - Virtual size: 459KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 926B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/Hackus.exe.exe windows:4 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 299KB - Virtual size: 299KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
HackUs Mail Access/HandyControl.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
HandyControl.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/MailBee.NET.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/Newtonsoft.Json.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 676KB - Virtual size: 676KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/Requests.hreq
-
HackUs Mail Access/System.Data.SQLite.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01/10/2021, 00:00Not After12/12/2024, 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before29/03/2022, 00:00Not After14/03/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01/10/2021, 00:00Not After12/12/2024, 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before29/03/2022, 00:00Not After14/03/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
3c:7a:2d:bd:31:80:db:68:c8:30:b5:fe:6b:29:c6:84:93:e8:66:65:11:a9:52:d5:ce:6e:fa:3e:01:c4:4d:8e:0a:a2:ce:9b:a4:e7:ea:39:21:e6:97:80:41:da:bb:42:91:12:bf:7d:9f:80:fe:59:be:47:70:a9:ca:77:65:9aSigner
Actual PE Digest3c:7a:2d:bd:31:80:db:68:c8:30:b5:fe:6b:29:c6:84:93:e8:66:65:11:a9:52:d5:ce:6e:fa:3e:01:c4:4d:8e:0a:a2:ce:9b:a4:e7:ea:39:21:e6:97:80:41:da:bb:42:91:12:bf:7d:9f:80:fe:59:be:47:70:a9:ca:77:65:9aDigest Algorithmsha512PE Digest Matchestrue9f:6c:2f:d1:2e:5f:a8:b3:e6:c8:f4:db:80:d9:89:6c:9a:c7:a5:e9Signer
Actual PE Digest9f:6c:2f:d1:2e:5f:a8:b3:e6:c8:f4:db:80:d9:89:6c:9a:c7:a5:e9Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 372KB - Virtual size: 371KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/System.Windows.Controls.Ribbon.dll.dll windows:4 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
System.Windows.Controls.Ribbon.pdb
Sections
.text Size: 715KB - Virtual size: 714KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/ToolGood.Words.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/x64/GoSrp.dll.dll windows:6 windows x64 arch:x64
89a4197aa5208b7c888e03377c864240
Code Sign
01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before19/09/2018, 00:00Not After28/01/2028, 12:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before15/06/2016, 00:00Not After15/06/2024, 00:00SubjectCN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
23:f4:b4:91:12:3a:c4:cd:bd:68:04:2dCertificate
IssuerCN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BENot Before29/10/2020, 09:57Not After30/10/2023, 09:57SubjectSERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before28/01/2021, 11:08Not After01/03/2032, 11:08SubjectCN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before10/12/2014, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
06:06:f5:be:66:9f:e9:76:3f:cb:cd:d3:50:cd:18:e0:4b:c4:64:6e:a7:d9:9b:d5:ab:82:20:a2:2b:b2:59:c1Signer
Actual PE Digest06:06:f5:be:66:9f:e9:76:3f:cb:cd:d3:50:cd:18:e0:4b:c4:64:6e:a7:d9:9b:d5:ab:82:20:a2:2b:b2:59:c1Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
PostQueuedCompletionStatus
QueryPerformanceCounter
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile
msvcrt
__dllonexit
__iob_func
_amsg_exit
_beginthread
_errno
_initterm
_lock
_onexit
_unlock
abort
calloc
fprintf
free
fwrite
malloc
memcpy
signal
strlen
strncmp
vfprintf
Exports
Exports
GenerateProofs
GenerateVerifier
GetModulusKey
SetTest
_cgo_dummy_export
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 164KB - Virtual size: 163KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 1024B - Virtual size: 720B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.xdata Size: 1024B - Virtual size: 616B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 305KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 172B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 88B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 47KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/x64/SQLite.Interop.dll.dll windows:6 windows x64 arch:x64
a42f73521c784fa06f1d886fcbcefcba
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01/10/2021, 00:00Not After12/12/2024, 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before29/03/2022, 00:00Not After14/03/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01/10/2021, 00:00Not After12/12/2024, 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before29/03/2022, 00:00Not After14/03/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ec:0d:a0:c5:47:c8:2f:fa:97:b8:a9:3d:32:61:63:a0:c1:77:1b:e6:7c:c1:af:e4:d1:6c:63:21:ac:26:74:b3:a9:dc:37:d0:59:c6:ae:e4:f4:2b:96:9e:84:d6:2e:17:e8:07:e4:70:76:62:cb:83:80:e4:fb:04:48:55:33:73Signer
Actual PE Digestec:0d:a0:c5:47:c8:2f:fa:97:b8:a9:3d:32:61:63:a0:c1:77:1b:e6:7c:c1:af:e4:d1:6c:63:21:ac:26:74:b3:a9:dc:37:d0:59:c6:ae:e4:f4:2b:96:9e:84:d6:2e:17:e8:07:e4:70:76:62:cb:83:80:e4:fb:04:48:55:33:73Digest Algorithmsha512PE Digest Matchestrue89:58:79:5d:49:b8:d2:5c:45:4d:aa:3c:75:f5:13:96:c9:21:64:30Signer
Actual PE Digest89:58:79:5d:49:b8:d2:5c:45:4d:aa:3c:75:f5:13:96:c9:21:64:30Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
C:\dev\sqlite\dotnet-private\bin\2015\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb
Imports
mscoree
StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo
wintrust
WinVerifyTrust
kernel32
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
WriteConsoleW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
AreFileApisANSI
SetEnvironmentVariableA
RaiseException
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
lstrcmpiW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
user32
wsprintfW
advapi32
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
Exports
Exports
SI02815e94e2c315f7
SI039413da2b10b773
SI054e3c8468772b2b
SI0628e029b7e108db
SI077534168313d3ed
SI0938f783b19237a0
SI0a886fd4c720116f
SI0bdc6d0c384d2e10
SI0ce1fad4c4f4a7fb
SI0cff507887d45bcd
SI0d6b1c4a8f9f99d4
SI0da8b85fb82501d5
SI11726a584883eb5b
SI13396627163b7740
SI157f8e08193aa53b
SI1773c1143669a2d4
SI179fdc030276548d
SI1d81196412d3ef05
SI1def9b218f2b4647
SI1e14e4ca4a95bf49
SI1f188bbd4af5db07
SI21a888837ee363be
SI2205f161df7092bc
SI23fce3fb79cbb177
SI24f086e117ed378d
SI255d44cceccc3fc7
SI2560e79b9e8e0efc
SI258150823cbe6bde
SI2711207af0065fc8
SI27b50b0098946eb0
SI28dd7560c8be508f
SI294b84466eaff39a
SI2a4d8b6ad44eebf1
SI2a62764d0ab77e14
SI2b645959c9369085
SI2d11646dfe5d0c6a
SI2eb4079ca3a05cbf
SI2f014207a555e535
SI33ef63550c5242fb
SI341218eede1b5e9b
SI37a08ac191c978d9
SI386737cd2a0fdd19
SI3997e7de4e90e1b3
SI3ae1edd0b6623730
SI3c17a08e4bd9b715
SI3ce20b46a489236f
SI3f6b70ecace50eb3
SI43bfa22e745af6d8
SI44d6ee46b9c95458
SI45fe9413d5eae770
SI473a804e6f038305
SI475081909f1229d5
SI47e966d3c8ed1d1c
SI486b02ac296e0b17
SI4b285cf3ba62c252
SI4ca8ca7236e6114c
SI4d5fafa34f690772
SI4edf79ad44a9cff4
SI4ee0a8e4fbaae675
SI506e50fb03c2d89a
SI528b790fd6ac4633
SI55f8c019b2e5ed58
SI56aabcf29f5e6720
SI56bf96ba405a1160
SI577edba978146092
SI57cb62b7ae61cb1b
SI599b44278adc9bc1
SI5b8ed01c5811b4d5
SI5bb9251d9841cbec
SI5ca7a2a9e7f1b871
SI5f6198a74f6a66c1
SI5f81f83484be3abd
SI5f8c56b9ec22dac6
SI609a818d5fbe9ac9
SI61339d837097a253
SI6199891c0152daea
SI61ebe33d35212c42
SI6527c62a1dabea11
SI66864656aba1350f
SI670f4f88bee34d06
SI690e97ad40a6d636
SI6986c52c0c452cc1
SI6b1ea8359a4bab8f
SI6c336868b0a5fe32
SI6d1c17b1fb262865
SI6d7b2699ee23d3f8
SI6e43416f0f0e0e16
SI72ec7143af42ede1
SI74043e952a2cd403
SI7520d000053e0d14
SI772bd4b1b0106e5b
SI782e3aea35580db5
SI7a5090ee686ee20d
SI7b32bbd817c65bb8
SI7ba05ce94ad6ec39
SI7c80035d85f12db7
SI7cec4139b0e05c44
SI7d59e220321e2f41
SI7d92c115a9fdcf4b
SI7e589f074eae40b8
SI7f61887459ad69d9
SI7fbe039e0a0a9e80
SI7fca2652f71267db
SI8181a48bde70c668
SI870da7e43adb4ee2
SI89eaf1bd7a956980
SI8a4e5681c1906ed7
SI8a4f24784a6e0dd7
SI9086cecb6f6cb06e
SI9142d5013e275b68
SI917c1d969e6de20e
SI92a9d705cf067ce9
SI95b0bda85d917b2e
SI962c27000aacea2e
SI98872790d4e8efd1
SI9a7f75f0346092f5
SI9a83e170c880ff66
SI9cb60bb60df261b3
SI9ce43ab9f0988669
SI9d59c342e257f634
SI9ee262799bd281d7
SI9eee50437bcc1191
SI9f7fed40b32f2518
SIa2d290f3cce83950
SIa3d8d3d7074939f8
SIa3f72e1fcd28493d
SIa487294f7b3982b5
SIa56f9b6b87626f82
SIa6ac334abbe174be
SIa6adfe554ffc7cbf
SIa97f15c7a9a3fcec
SIac17d6653268c29d
SIac40f022a187cea2
SIac721dd2e74c9941
SIafaf563ba75328fe
SIb01052dff9582bba
SIb3a01e7c57f0fe15
SIb3a698858b4f4c1e
SIb3adde975ae37b85
SIb4c632894b76cc1d
SIb534977cefbb73a0
SIb7ca6c18f9b627e3
SIb8b2ca972163fd1d
SIb90da090982f4b08
SIbadadf3b9880be1c
SIbae16952f377e56d
SIbaf8241fbd0ce62c
SIbbb652829bd5e949
SIbbe901f293754481
SIbbfce5c96068face
SIbcc66e0ffc3a4a1a
SIbf23d3c9d85dbdc9
SIc15bffd7e1940157
SIc28680a63df4f588
SIc2f1bb5274db50ad
SIc5e7050b98faec6c
SIc62437a375ae6e3e
SIc6bf4b86ca97d9ec
SIc6d60081c2db6a17
SIc8187efca8c1cb7a
SIcd04f8e391a31c9f
SIcdd4568419784a8a
SIcf8c2c23760a4499
SId02b7e5e97e1e93a
SId2c7880f24f06d7c
SId2c89445431c35db
SId644b1bddd2a2bbd
SId6fdbb9d0d4025e5
SId81be8ee89587e08
SId81cf9ee807123a7
SId8f3329973466732
SId8f792fefa4b5275
SId93ded5c6e4c47cf
SIdeafee00e45abdd7
SIdff2308d05ffee18
SIe1f990609c49e19e
SIe2c7699ad7342993
SIe43bdb992e04bab8
SIe51ef6b50d4bca6d
SIe8488cc730a7a082
SIea4bbb6d1ee2a307
SIea85a8543a7ed080
SIeab73374c21d5265
SIebbb430d08e906d0
SIee287d5c749c90fb
SIef4f0710e0d4fe79
SIefe0985609bde5e8
SIf17d2cb586e5ed0b
SIf317063645427306
SIf36d68994f8a3dbc
SIf55420fc5e7a71c7
SIf5788ad6b55cce99
SIf78f8f1191d53f8b
SIf7e752fd3d0936c7
SIfc766c3d655f3fe2
SIfd60417394c54f67
SIfdd143ea824fb4f0
SIff65f01991d44537
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 265KB - Virtual size: 264KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 18KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 71KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/x86/GoSrp.dll.dll windows:6 windows x86 arch:x86
c800f0a4163237c93b016b6842cc085e
Code Sign
01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate
IssuerCN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BENot Before19/09/2018, 00:00Not After28/01/2028, 12:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before15/06/2016, 00:00Not After15/06/2024, 00:00SubjectCN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
23:f4:b4:91:12:3a:c4:cd:bd:68:04:2dCertificate
IssuerCN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BENot Before29/10/2020, 09:57Not After30/10/2023, 09:57SubjectSERIALNUMBER=CHE-354.686.492,CN=Proton Technologies AG,O=Proton Technologies AG,STREET=Route de la Galaise 32,L=Plan-les-Ouates,ST=Geneva,C=CH,1.2.840.113549.1.9.1=#0c0f61646d696e4070726f746f6e2e6d65,1.3.6.1.4.1.311.60.2.1.2=#130647656e657661,1.3.6.1.4.1.311.60.2.1.3=#13024348,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
01:a8:f7:25:76:dc:7b:14:7a:18:63:9e:8d:4d:eb:37Certificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before28/01/2021, 11:08Not After01/03/2032, 11:08SubjectCN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before10/12/2014, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
d4:0f:ee:7a:b5:77:b3:55:82:9b:ff:11:2f:21:ca:c6:a8:83:1f:0c:bc:65:5b:36:30:39:27:cf:92:a5:19:0dSigner
Actual PE Digestd4:0f:ee:7a:b5:77:b3:55:82:9b:ff:11:2f:21:ca:c6:a8:83:1f:0c:bc:65:5b:36:30:39:27:cf:92:a5:19:0dDigest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL
Imports
kernel32
AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
PostQueuedCompletionStatus
QueryPerformanceCounter
ResumeThread
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile
msvcrt
__dllonexit
_amsg_exit
_beginthread
_errno
_initterm
_iob
_lock
_onexit
_unlock
abort
calloc
fprintf
free
fwrite
malloc
strlen
strncmp
vfprintf
Exports
Exports
GenerateProofs
GenerateVerifier
GetModulusKey
SetTest
_cgo_dummy_export
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 142KB - Virtual size: 142KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1014KB - Virtual size: 1013KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.bss Size: - Virtual size: 143KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 172B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.CRT Size: 512B - Virtual size: 44B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 32B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 77KB - Virtual size: 77KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/x86/SQLite.Interop.dll.dll windows:6 windows x86 arch:x86
39ace63b362beb47a2a7a8202a5c4f2d
Code Sign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01/10/2021, 00:00Not After12/12/2024, 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before29/03/2022, 00:00Not After14/03/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before29/04/2021, 00:00Not After28/04/2036, 23:59SubjectCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
05:0c:c7:2c:cf:31:ae:9b:2e:36:41:0a:d0:ee:98:92Certificate
IssuerCN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=USNot Before01/10/2021, 00:00Not After12/12/2024, 23:59SubjectSERIALNUMBER=364617-96,CN=Mistachkin Systems (Joseph Mistachkin),O=Mistachkin Systems (Joseph Mistachkin),L=Beaverton,ST=Oregon,C=US,1.3.6.1.4.1.311.60.2.1.2=#13064f7265676f6e,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#130f427573696e65737320456e74697479Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate
IssuerCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USNot Before29/03/2022, 00:00Not After14/03/2033, 23:59SubjectCN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate
IssuerCN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=USNot Before23/03/2022, 00:00Not After22/03/2037, 23:59SubjectCN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
30:47:a1:bf:b7:9d:63:a0:74:29:ca:ab:c2:34:ff:2b:d6:e0:fb:c0:37:4e:4f:e8:36:22:ac:72:d5:cd:e7:d6:f1:ce:a2:07:5c:95:06:70:19:f2:d9:53:70:4b:8c:8f:a2:90:b8:73:33:e5:67:6b:64:cc:19:8e:40:7d:16:d8Signer
Actual PE Digest30:47:a1:bf:b7:9d:63:a0:74:29:ca:ab:c2:34:ff:2b:d6:e0:fb:c0:37:4e:4f:e8:36:22:ac:72:d5:cd:e7:d6:f1:ce:a2:07:5c:95:06:70:19:f2:d9:53:70:4b:8c:8f:a2:90:b8:73:33:e5:67:6b:64:cc:19:8e:40:7d:16:d8Digest Algorithmsha512PE Digest Matchestrue56:88:38:ce:29:25:be:3c:8c:3c:c9:2e:fb:b2:ec:23:d3:d0:84:f1Signer
Actual PE Digest56:88:38:ce:29:25:be:3c:8c:3c:c9:2e:fb:b2:ec:23:d3:d0:84:f1Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
C:\dev\sqlite\dotnet-private\bin\2015\Win32\ReleaseNativeOnlyStatic\SQLite.Interop.pdb
Imports
mscoree
StrongNameSignatureVerificationEx
StrongNameTokenFromAssembly
StrongNameFreeBuffer
CorBindToRuntimeEx
StrongNameErrorInfo
wintrust
WinVerifyTrust
kernel32
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
lstrlenW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
GetModuleFileNameW
SetEnvironmentVariableW
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
GetEnvironmentVariableW
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
ReadFile
CreateFileA
LoadLibraryA
lstrcatW
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
WriteConsoleW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SetEnvironmentVariableA
AreFileApisANSI
DecodePointer
SetStdHandle
RaiseException
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushViewOfFile
MapViewOfFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetACP
GetTimeZoneInformation
GetStringTypeW
GetStdHandle
GetFileType
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
user32
wsprintfW
advapi32
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptDeriveKey
CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptDestroyKey
Exports
Exports
SI02815e94e2c315f7
SI039413da2b10b773
SI054e3c8468772b2b
SI0628e029b7e108db
SI077534168313d3ed
SI0938f783b19237a0
SI0a886fd4c720116f
SI0bdc6d0c384d2e10
SI0cff507887d45bcd
SI0d6b1c4a8f9f99d4
SI0da8b85fb82501d5
SI11726a584883eb5b
SI13396627163b7740
SI157f8e08193aa53b
SI1773c1143669a2d4
SI179fdc030276548d
SI1d81196412d3ef05
SI1def9b218f2b4647
SI1e14e4ca4a95bf49
SI1f188bbd4af5db07
SI21a888837ee363be
SI23fce3fb79cbb177
SI24f086e117ed378d
SI255d44cceccc3fc7
SI2560e79b9e8e0efc
SI258150823cbe6bde
SI2711207af0065fc8
SI28dd7560c8be508f
SI294b84466eaff39a
SI2a62764d0ab77e14
SI2b645959c9369085
SI2d11646dfe5d0c6a
SI2eb4079ca3a05cbf
SI2f014207a555e535
SI33ef63550c5242fb
SI341218eede1b5e9b
SI386737cd2a0fdd19
SI3997e7de4e90e1b3
SI3c17a08e4bd9b715
SI3ce20b46a489236f
SI43bfa22e745af6d8
SI44d6ee46b9c95458
SI45fe9413d5eae770
SI475081909f1229d5
SI47e966d3c8ed1d1c
SI486b02ac296e0b17
SI528b790fd6ac4633
SI55f8c019b2e5ed58
SI56bf96ba405a1160
SI599b44278adc9bc1
SI5b8ed01c5811b4d5
SI5ca7a2a9e7f1b871
SI5f6198a74f6a66c1
SI5f81f83484be3abd
SI5f8c56b9ec22dac6
SI609a818d5fbe9ac9
SI61339d837097a253
SI6199891c0152daea
SI61ebe33d35212c42
SI66864656aba1350f
SI670f4f88bee34d06
SI690e97ad40a6d636
SI6986c52c0c452cc1
SI6b1ea8359a4bab8f
SI6c336868b0a5fe32
SI6d1c17b1fb262865
SI6d7b2699ee23d3f8
SI72ec7143af42ede1
SI74043e952a2cd403
SI7520d000053e0d14
SI7a5090ee686ee20d
SI7ba05ce94ad6ec39
SI7c80035d85f12db7
SI7cec4139b0e05c44
SI7d59e220321e2f41
SI7e589f074eae40b8
SI7f61887459ad69d9
SI7fbe039e0a0a9e80
SI7fca2652f71267db
SI8181a48bde70c668
SI870da7e43adb4ee2
SI89eaf1bd7a956980
SI8a4e5681c1906ed7
SI9086cecb6f6cb06e
SI9142d5013e275b68
SI92a9d705cf067ce9
SI95b0bda85d917b2e
SI962c27000aacea2e
SI98872790d4e8efd1
SI9a83e170c880ff66
SI9ce43ab9f0988669
SI9d59c342e257f634
SI9f7fed40b32f2518
SIa2d290f3cce83950
SIa3f72e1fcd28493d
SIa487294f7b3982b5
SIa56f9b6b87626f82
SIa6ac334abbe174be
SIa6adfe554ffc7cbf
SIa97f15c7a9a3fcec
SIac17d6653268c29d
SIb01052dff9582bba
SIb3a01e7c57f0fe15
SIb3a698858b4f4c1e
SIb3adde975ae37b85
SIb7ca6c18f9b627e3
SIb8b2ca972163fd1d
SIb90da090982f4b08
SIbadadf3b9880be1c
SIbae16952f377e56d
SIbaf8241fbd0ce62c
SIbbe901f293754481
SIbbfce5c96068face
SIbcc66e0ffc3a4a1a
SIbf23d3c9d85dbdc9
SIc15bffd7e1940157
SIc2f1bb5274db50ad
SIc5e7050b98faec6c
SIc6d60081c2db6a17
SIc8187efca8c1cb7a
SIcd04f8e391a31c9f
SIcdd4568419784a8a
SIcf8c2c23760a4499
SId2c7880f24f06d7c
SId2c89445431c35db
SId644b1bddd2a2bbd
SId6fdbb9d0d4025e5
SId81be8ee89587e08
SId81cf9ee807123a7
SId93ded5c6e4c47cf
SIdeafee00e45abdd7
SIdff2308d05ffee18
SIe1f990609c49e19e
SIea85a8543a7ed080
SIeab73374c21d5265
SIebbb430d08e906d0
SIee287d5c749c90fb
SIef4f0710e0d4fe79
SIf17d2cb586e5ed0b
SIf317063645427306
SIf36d68994f8a3dbc
SIf55420fc5e7a71c7
SIf5788ad6b55cce99
SIf78f8f1191d53f8b
SIf7e752fd3d0936c7
SIfc766c3d655f3fe2
SIfdd143ea824fb4f0
SIff65f01991d44537
_SI0ce1fad4c4f4a7fb@8
_SI2205f161df7092bc@12
_SI27b50b0098946eb0@12
_SI2a4d8b6ad44eebf1@12
_SI37a08ac191c978d9@12
_SI3ae1edd0b6623730@8
_SI3f6b70ecace50eb3@44
_SI473a804e6f038305@8
_SI4b285cf3ba62c252@4
_SI4ca8ca7236e6114c@4
_SI4d5fafa34f690772@8
_SI4edf79ad44a9cff4@24
_SI4ee0a8e4fbaae675@0
_SI506e50fb03c2d89a@12
_SI56aabcf29f5e6720@16
_SI577edba978146092@4
_SI57cb62b7ae61cb1b@12
_SI5bb9251d9841cbec@4
_SI6527c62a1dabea11@20
_SI6e43416f0f0e0e16@12
_SI772bd4b1b0106e5b@4
_SI782e3aea35580db5@12
_SI7b32bbd817c65bb8@0
_SI7d92c115a9fdcf4b@8
_SI8a4f24784a6e0dd7@4
_SI917c1d969e6de20e@12
_SI9a7f75f0346092f5@20
_SI9cb60bb60df261b3@32
_SI9ee262799bd281d7@4
_SI9eee50437bcc1191@12
_SIa3d8d3d7074939f8@12
_SIac40f022a187cea2@12
_SIac721dd2e74c9941@12
_SIafaf563ba75328fe@4
_SIb4c632894b76cc1d@20
_SIb534977cefbb73a0@12
_SIbbb652829bd5e949@112
_SIc28680a63df4f588@12
_SIc62437a375ae6e3e@8
_SIc6bf4b86ca97d9ec@4
_SId02b7e5e97e1e93a@8
_SId8f3329973466732@12
_SId8f792fefa4b5275@4
_SIe2c7699ad7342993@36
_SIe43bdb992e04bab8@8
_SIe51ef6b50d4bca6d@8
_SIe8488cc730a7a082@12
_SIea4bbb6d1ee2a307@8
_SIefe0985609bde5e8@12
_SIfd60417394c54f67@12
sqlite3_cryptoapi_init
sqlite3_fts5_init
sqlite3_fts_init
sqlite3_percentile_init
sqlite3_regexp_init
sqlite3_sha_init
sqlite3_totype_init
sqlite3_vtshim_init
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 162KB - Virtual size: 161KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 11KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 168B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HackUs Mail Access/xNet.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 97KB - Virtual size: 97KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ