C:\Users\scarf\source\repos\Extreme.Net\obj\Debug\Extreme.Net.pdb
Overview
overview
7Static
static
3ShadowGen ...rp.exe
windows7-x64
7ShadowGen ...rp.exe
windows11-21h2-x64
7shadowgen.pyc
windows10-2004-x64
3shadowgen.pyc
windows11-21h2-x64
3ShadowGen ...et.dll
windows10-1703-x64
1ShadowGen ...et.dll
windows11-21h2-x64
1ShadowGen ...en.exe
windows10-2004-x64
7ShadowGen ...en.exe
windows11-21h2-x64
7ShadowGen ...er.dll
windows7-x64
1ShadowGen ...er.dll
windows11-21h2-x64
1ShadowGen ...it.dll
windows10-1703-x64
1ShadowGen ...it.dll
windows11-21h2-x64
1ShadowGen ...32.exe
windows10-1703-x64
1ShadowGen ...32.exe
windows11-21h2-x64
1ShadowGen ...ef.exe
windows7-x64
1ShadowGen ...ef.exe
windows11-21h2-x64
1ShadowGen ...32.dll
windows10-1703-x64
1ShadowGen ...32.dll
windows11-21h2-x64
1ShadowGen ...oc.dll
windows11-21h2-x64
1ShadowGen ...oc.dll
windows11-21h2-x64
1Behavioral task
behavioral1
Sample
ShadowGen By ShadowOxygen/CefSharp.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
ShadowGen By ShadowOxygen/CefSharp.exe
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
shadowgen.pyc
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
shadowgen.pyc
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
ShadowGen By ShadowOxygen/Extreme.Net.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
ShadowGen By ShadowOxygen/Extreme.Net.dll
Resource
win11-20240508-en
Behavioral task
behavioral7
Sample
ShadowGen By ShadowOxygen/ShadowGen By ShadowOxygen.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral8
Sample
ShadowGen By ShadowOxygen/ShadowGen By ShadowOxygen.exe
Resource
win11-20240426-en
Behavioral task
behavioral9
Sample
ShadowGen By ShadowOxygen/WebDriver.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
ShadowGen By ShadowOxygen/WebDriver.dll
Resource
win11-20240508-en
Behavioral task
behavioral11
Sample
ShadowGen By ShadowOxygen/Xceed.Wpf.Toolkit.dll
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
ShadowGen By ShadowOxygen/Xceed.Wpf.Toolkit.dll
Resource
win11-20240426-en
Behavioral task
behavioral13
Sample
ShadowGen By ShadowOxygen/bin32.exe
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
ShadowGen By ShadowOxygen/bin32.exe
Resource
win11-20240419-en
Behavioral task
behavioral15
Sample
ShadowGen By ShadowOxygen/libcef.exe
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
ShadowGen By ShadowOxygen/libcef.exe
Resource
win11-20240508-en
Behavioral task
behavioral17
Sample
ShadowGen By ShadowOxygen/msacm32.dll
Resource
win10-20240404-en
Behavioral task
behavioral18
Sample
ShadowGen By ShadowOxygen/msacm32.dll
Resource
win11-20240508-en
Behavioral task
behavioral19
Sample
ShadowGen By ShadowOxygen/secproc.dll
Resource
win11-20240426-en
Behavioral task
behavioral20
Sample
ShadowGen By ShadowOxygen/secproc.dll
Resource
win11-20240508-en
General
-
Target
ShadowGen By ShadowOxygen.zip
-
Size
7.1MB
-
MD5
1335e1b6848903165e7ffaa8727a5aca
-
SHA1
10048e4fb9cfbd64c46a42384b50662b93f32135
-
SHA256
296cd8d9dbf290b38ac03cab0586e0f34efb6618b32adb45a2e41ea2e054cd32
-
SHA512
d42e7827a863b382f9bd357795927f1488b947cd20ae6c041d4def6553e60c4d6b43277be2fbb67580b7388a82cef02d5b461dce3c11a94c83e40c51ad1a9aae
-
SSDEEP
196608:jn+11bfMX7Cr/L9ajOgkxOLZuqK+0V4KQyUohzr:DuDH4jOB4Ls3+0VlPVr
Malware Config
Signatures
-
Detects Pyinstaller 1 IoCs
Processes:
resource yara_rule static1/unpack001/ShadowGen By ShadowOxygen/CefSharp.dll pyinstaller -
Unsigned PE 8 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/ShadowGen By ShadowOxygen/CefSharp.dll unpack001/ShadowGen By ShadowOxygen/Extreme.Net.dll unpack001/ShadowGen By ShadowOxygen/ShadowGen By ShadowOxygen.exe unpack001/ShadowGen By ShadowOxygen/WebDriver.dll unpack001/ShadowGen By ShadowOxygen/Xceed.Wpf.Toolkit.dll unpack001/ShadowGen By ShadowOxygen/bin32.lib unpack001/ShadowGen By ShadowOxygen/libcef.lib unpack001/ShadowGen By ShadowOxygen/secproc.dll
Files
-
ShadowGen By ShadowOxygen.zip.zip
-
ShadowGen By ShadowOxygen/CefSharp.dll.exe windows:5 windows x64 arch:x64
a62ff465f3ead2e578f02d3a2d749b7b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
GetLastError
SetDllDirectoryW
GetModuleFileNameW
GetProcAddress
GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
GetShortPathNameW
FormatMessageW
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
SetEndOfFile
HeapReAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetCommandLineA
ReadFile
CreateFileW
GetDriveTypeW
GetFileType
CloseHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
GetFullPathNameA
CreateDirectoryW
RemoveDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
SetStdHandle
SetConsoleCtrlHandler
DeleteFileW
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
SetEnvironmentVariableA
GetFileAttributesExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
HeapSize
RaiseException
ws2_32
ntohl
Sections
.text Size: 133KB - Virtual size: 132KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 61KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.gfids Size: 512B - Virtual size: 172B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 81KB - Virtual size: 80KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
shadowgen.pyc
-
ShadowGen By ShadowOxygen/Extreme.Net.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
mscoree
_CorDllMain
Sections
.text Size: 117KB - Virtual size: 117KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShadowGen By ShadowOxygen/LICENSE
-
ShadowGen By ShadowOxygen/ShadowGen By ShadowOxygen.exe.exe windows:6 windows x86 arch:x86
204f8acbceac04eec436de56f594c55b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
MultiByteToWideChar
LoadLibraryExA
CreateFileW
CloseHandle
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
GetCurrentThreadId
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
RaiseException
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
VirtualQuery
FreeLibrary
GetProcAddress
RtlUnwind
GetModuleFileNameW
LoadLibraryExW
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetFilePointerEx
HeapSize
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
version
VerQueryValueW
Sections
.text Size: 225KB - Virtual size: 224KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.msvcjmc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 74KB - Virtual size: 74KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShadowGen By ShadowOxygen/WebDriver.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 1012B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShadowGen By ShadowOxygen/Xceed.Wpf.Toolkit.dll.dll windows:4 windows x86 arch:x86
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
D:\Dev\ExtendedWPFToolkit\Release\3.5.0\OpenSource\Generated\Src\Xceed.Wpf.Toolkit\obj\Release\Xceed.Wpf.Toolkit.pdb
Imports
mscoree
_CorDllMain
Sections
.text Size: 1.1MB - Virtual size: 1.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShadowGen By ShadowOxygen/bin32.lib.exe windows:6 windows x86 arch:x86
0392634acac147c03d108c2d046e7996
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryExW
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
GetStringTypeW
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
HeapReAlloc
HeapFree
HeapAlloc
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
SetFilePointerEx
HeapSize
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CloseHandle
WriteConsoleW
Sections
.text Size: 182KB - Virtual size: 181KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ShadowGen By ShadowOxygen/libcef.lib.exe windows:6 windows x86 arch:x86
b66f87cf58494faf62e606c7906acafe
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
MultiByteToWideChar
CreateFileW
GetCurrentThreadId
WideCharToMultiByte
LCMapStringEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
CompareStringEx
GetCPInfo
CloseHandle
QueryPerformanceCounter
GetStringTypeW
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapReAlloc
GetTimeZoneInformation
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
WriteConsoleW
winhttp
WinHttpReceiveResponse
Sections
.text Size: 160KB - Virtual size: 160KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 44KB - Virtual size: 43KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
ShadowGen By ShadowOxygen/msacm32.dll.dll windows:10 windows x86 arch:x86
d708117077f81f5ebb8a7ce8dab0b96b
Code Sign
33:00:00:01:c4:22:b2:f7:9b:79:3d:ac:b2:00:00:00:00:01:c4Certificate
IssuerCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before03-07-2018 20:45Not After26-07-2019 20:45SubjectCN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
61:07:76:56:00:00:00:00:00:08Certificate
IssuerCN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before19-10-2011 18:41Not After19-10-2026 18:51SubjectCN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
e3:64:04:69:25:10:88:de:3a:54:50:63:59:34:87:31:dc:6d:85:71:52:d3:a1:d4:19:23:73:ff:c1:e4:c5:c9Signer
Actual PE Digeste3:64:04:69:25:10:88:de:3a:54:50:63:59:34:87:31:dc:6d:85:71:52:d3:a1:d4:19:23:73:ff:c1:e4:c5:c9Digest Algorithmsha256PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
msacm32.pdb
Imports
msvcrt
_vsnwprintf
memcmp
_initterm
_except_handler4_common
memcpy
free
_amsg_exit
_XcptFilter
iswctype
malloc
memset
ntdll
NtClose
RtlOpenCurrentUser
api-ms-win-core-registry-l1-1-0
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueA
RegEnumKeyExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExW
RegEnumKeyExW
RegQueryValueExA
api-ms-win-core-privateprofile-l1-1-0
WritePrivateProfileStringW
GetProfileStringW
GetPrivateProfileStringW
api-ms-win-core-processthreads-l1-1-0
TlsFree
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
TlsGetValue
TerminateProcess
TlsAlloc
TlsSetValue
api-ms-win-core-registry-l2-1-0
RegDeleteKeyA
RegOpenKeyW
RegDeleteKeyW
RegCreateKeyW
RegCreateKeyA
RegOpenKeyA
api-ms-win-core-string-l2-1-0
CharNextW
CharLowerBuffW
CharPrevW
api-ms-win-core-libraryloader-l1-2-0
LockResource
GetModuleFileNameW
LoadResource
FreeResource
LoadStringW
GetProcAddress
GetModuleHandleW
SizeofResource
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
SetEvent
CreateEventW
EnterCriticalSection
InitializeCriticalSection
ResetEvent
DeleteCriticalSection
WaitForSingleObject
api-ms-win-core-heap-l2-1-0
GlobalFree
LocalFree
GlobalAlloc
LocalAlloc
api-ms-win-core-string-obsolete-l1-1-0
lstrlenA
lstrcmpW
api-ms-win-core-heap-obsolete-l1-1-0
GlobalReAlloc
GlobalUnlock
GlobalHandle
GlobalLock
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-core-memory-l1-1-0
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
api-ms-win-core-libraryloader-l1-2-1
FindResourceW
api-ms-win-core-string-l1-1-0
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte
api-ms-win-core-localization-l1-2-0
GetACP
api-ms-win-core-errorhandling-l1-1-0
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetTickCount
api-ms-win-mm-misc-l1-1-0
SendDriverMessage
CloseDriver
OpenDriver
api-ms-win-mm-mme-l1-1-0
waveInGetDevCapsW
waveOutGetNumDevs
waveOutGetDevCapsW
waveOutOpen
waveInOpen
waveInGetNumDevs
api-ms-win-core-apiquery-l1-1-0
ApiSetQueryApiSetPresence
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
XRegThunkEntry
acmDriverAddA
acmDriverAddW
acmDriverClose
acmDriverDetailsA
acmDriverDetailsW
acmDriverEnum
acmDriverID
acmDriverMessage
acmDriverOpen
acmDriverPriority
acmDriverRemove
acmFilterChooseA
acmFilterChooseW
acmFilterDetailsA
acmFilterDetailsW
acmFilterEnumA
acmFilterEnumW
acmFilterTagDetailsA
acmFilterTagDetailsW
acmFilterTagEnumA
acmFilterTagEnumW
acmFormatChooseA
acmFormatChooseW
acmFormatDetailsA
acmFormatDetailsW
acmFormatEnumA
acmFormatEnumW
acmFormatSuggest
acmFormatTagDetailsA
acmFormatTagDetailsW
acmFormatTagEnumA
acmFormatTagEnumW
acmGetVersion
acmMessage32
acmMetrics
acmStreamClose
acmStreamConvert
acmStreamMessage
acmStreamOpen
acmStreamPrepareHeader
acmStreamReset
acmStreamSize
acmStreamUnprepareHeader
Sections
.text Size: 69KB - Virtual size: 69KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
ShadowGen By ShadowOxygen/nitro_gift_codes.txt
-
ShadowGen By ShadowOxygen/secproc.dll.dll windows:10 windows x86 arch:x86
1b3ad66a3bd78a19068f0e837f379b1e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
secproc.pdb
Imports
msvcrt
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_CxxThrowException
_XcptFilter
_amsg_exit
wcsncmp
_wcstoi64
??0exception@@QAE@ABQBD@Z
memcpy
wcsrchr
_wcsnicmp
wcsstr
wcstol
wcscpy_s
_wcsicmp
??0exception@@QAE@ABV0@@Z
_initterm
_lock
_unlock
__dllonexit
wcstombs
_onexit
??1type_info@@UAE@XZ
_callnewh
malloc
free
memmove
__CxxFrameHandler3
_purecall
_except_handler4_common
memcmp
memset
api-ms-win-core-memory-l1-1-0
VirtualProtect
VirtualAlloc
VirtualFree
api-ms-win-core-errorhandling-l1-1-0
RaiseException
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
api-ms-win-core-synch-l1-1-0
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateMutexA
ReleaseMutex
WaitForSingleObject
api-ms-win-core-processthreads-l1-1-0
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
api-ms-win-core-libraryloader-l1-2-0
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
DisableThreadLibraryCalls
api-ms-win-core-errorhandling-l1-1-2
RaiseFailFastException
api-ms-win-core-handle-l1-1-0
CloseHandle
api-ms-win-eventing-classicprovider-l1-1-0
GetTraceLoggerHandle
GetTraceEnableLevel
TraceMessage
UnregisterTraceGuids
GetTraceEnableFlags
api-ms-win-core-sysinfo-l1-1-0
GetSystemTimeAsFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetTickCount
GetVersionExA
api-ms-win-core-file-l1-1-0
GetLogicalDriveStringsW
GetFileAttributesExW
GetDriveTypeW
GetVolumeInformationW
CreateFileA
CreateFileW
SetFilePointer
SetFileTime
GetFileTime
CompareFileTime
ReadFile
WriteFile
api-ms-win-core-com-l1-1-0
CoTaskMemFree
api-ms-win-core-timezone-l1-1-0
FileTimeToSystemTime
SystemTimeToFileTime
api-ms-win-core-heap-l2-1-0
LocalFree
crypt32
CertVerifyCertificateChainPolicy
CryptUnprotectData
api-ms-win-core-version-l1-1-0
GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW
api-ms-win-core-libraryloader-l1-2-1
LoadLibraryW
api-ms-win-core-synch-l1-2-0
Sleep
api-ms-win-core-profile-l1-1-0
QueryPerformanceCounter
cryptsp
CryptDestroyHash
CryptSetKeyParam
CryptSetHashParam
CryptExportKey
CryptHashData
CryptAcquireContextW
CryptGenKey
CryptDeriveKey
CryptCreateHash
CryptDecrypt
CryptGenRandom
CryptEncrypt
CryptContextAddRef
CryptReleaseContext
CryptSignHashA
CryptDestroyKey
CryptImportKey
CryptDuplicateKey
CryptGetKeyParam
CryptGetHashParam
CryptVerifySignatureA
CryptGetDefaultProviderW
api-ms-win-eventing-obsolete-l1-1-0
RegisterTraceGuidsA
api-ms-win-core-toolhelp-l1-1-0
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
wintrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust
msdrm
DRMGetUnboundLicenseAttributeCount
DRMGetUnboundLicenseObject
DRMGetUnboundLicenseAttribute
DRMGetUnboundLicenseObjectCount
DRMCloseQueryHandle
DRMParseUnboundLicense
api-ms-win-core-registry-l1-1-0
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
api-ms-win-core-io-l1-1-0
DeviceIoControl
api-ms-win-core-delayload-l1-1-1
ResolveDelayLoadedAPI
api-ms-win-core-delayload-l1-1-0
DelayLoadFailureHook
Exports
Exports
SPAttest
SPBindLicense
SPCheckEnvironmentSecurity
SPCloseHandle
SPCommit
SPCreateDecryptor
SPCreateEnablingPrincipal
SPCreateEncryptor
SPCreatePCE
SPCreateSecurityProcessor
SPDecrypt
SPDecryptFinal
SPDecryptUpdate
SPEnableAndEncrypt
SPEnablePublishingLicense
SPEncrypt
SPEncryptFinal
SPEncryptUpdate
SPGetBoundRightKey
SPGetCurrentTime
SPGetInfo
SPGetLicenseAttribute
SPGetLicenseAttributeCount
SPGetLicenseObject
SPGetLicenseObjectCount
SPGetProcAddress
SPIsActivated
SPLoadLibrary
SPRegisterRevocationList
SPSign
Sections
.text Size: 321KB - Virtual size: 321KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.didat Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ