Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Target
Setup.rar
Size
10.2MB
MD5
04b8b776ecc6bfc29ed35e29b348676a
SHA1
33115867b8feda5f4053861fe72ccb54b9da4d57
SHA256
7bdcd02e33aee2a01a66cd98b8fb045b7cc7386b3a08c3841698a668fe353c5a
SHA512
ca211c4947db511d42b06cb03fd72672c60db86d9aafddb9ed3cff107d687d99d6b404aed458c57ace481c0d61099e439bd55956e075b3479b7ead47133fc37d
SSDEEP
196608:D06p2yRw1hPTY2DgOIh1hcJGlNBVdhQ2zLKYJCF0vyyrH+hd1bJGAL:DR8+eZdDGh1eJsBVPQvYJk0Jb+hdDGW
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
WriteFile
WriteConsoleW
WerSetFlags
WerGetFlags
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
TlsAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
RaiseFailFastException
PostQueuedCompletionStatus
LoadLibraryW
LoadLibraryExW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetErrorMode
GetEnvironmentStringsW
GetCurrentThreadId
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
C:\NetFXDev1\binaries\x86ret\bin\i386\VSSetup\Utils\boxstub.pdb
CreateWellKnownSid
InitializeSecurityDescriptor
SetEntriesInAclW
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DecryptFileW
GetTickCount
SetEnvironmentVariableW
GetLastError
ExpandEnvironmentStringsW
CreateProcessW
Sleep
WaitForSingleObject
GetExitCodeProcess
CloseHandle
SetFileAttributesW
InitializeCriticalSection
CreateEventW
GetEnvironmentVariableW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCommandLineW
lstrlenW
CompareStringW
LocalFree
CreateDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetDriveTypeW
CreateFileW
DeviceIoControl
SetErrorMode
RemoveDirectoryW
MoveFileExW
GetProcAddress
GetSystemDirectoryW
LoadLibraryW
GetModuleHandleW
CreateThread
LocalAlloc
RaiseException
ExitThread
WaitForMultipleObjects
ResetEvent
CreateEventA
GetSystemInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetModuleHandleA
GetVersionExA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
SetEndOfFile
DuplicateHandle
ReadFile
SetFilePointerEx
GlobalFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
LCMapStringW
FreeLibrary
InterlockedExchange
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
GetStringTypeW
HeapSize
HeapReAlloc
IsProcessorFeaturePresent
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileA
GetLocalTime
GetComputerNameW
lstrlenA
FormatMessageW
GetSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
DeleteFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
GetCurrentDirectoryW
SetCurrentDirectoryW
GetProcessHeap
GlobalAlloc
LoadLibraryA
ord17
UuidToStringW
UuidCreate
RpcStringFreeW
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
PathRemoveExtensionW
MessageBoxW
GetTopWindow
GetWindowThreadProcessId
GetWindow
SendMessageW
PostMessageW
DialogBoxParamW
GetDlgItem
SetWindowTextW
EndDialog
PostQuitMessage
LoadStringW
SetWindowLongW
GetWindowLongW
CharUpperW
SysAllocString
VariantClear
?dwPlaceholder@@3PAEA
_DecodePointerInternal@4
_EncodePointerInternal@4
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
MpSvc.pdb
terminate
abort
_initialize_onexit_table
_initialize_narrow_environment
_execute_onexit_table
_beginthreadex
_seh_filter_dll
_initterm_e
_initterm
_cexit
_configure_narrow_argv
_crt_atexit
_invalid_parameter_noinfo_noreturn
_errno
_register_onexit_function
_invalid_parameter_noinfo
__stdio_common_vsnprintf_s
fgetc
ungetc
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fwrite
_wfsopen
fseek
fputc
fread
_get_stream_buffer_pointers
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vswscanf
__stdio_common_vswprintf_s
__stdio_common_vswprintf
__stdio_common_vsnwprintf_s
fclose
iswdigit
islower
iswlower
wcscpy_s
iswspace
wmemmove_s
wcsncmp
strcspn
_wcsicmp
wcsnlen
tolower
towlower
towupper
toupper
iswalpha
isdigit
_wcsnicmp
strncmp
strcpy_s
isspace
iswxdigit
wcspbrk
_wcsdup
isupper
__strncnt
_isctype_l
strnlen
iswupper
wcscmp
SetThreadToken
GetFileSecurityW
InitializeSecurityDescriptor
InitializeAcl
SetSecurityInfo
GetKernelObjectSecurity
SetKernelObjectSecurity
AddAccessAllowedAceEx
DuplicateTokenEx
TraceMessage
QueryServiceConfig2W
EventWriteTransfer
EventUnregister
CloseServiceHandle
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
RegQueryValueExW
RegCloseKey
ConvertSidToStringSidW
CheckTokenMembership
ConvertStringSidToSidW
AllocateAndInitializeSid
OpenSCManagerW
QueryServiceStatus
NotifyServiceStatusChangeW
StartServiceW
QueryServiceStatusEx
OpenServiceW
EventRegister
LookupAccountSidW
LookupAccountNameW
GetTokenInformation
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegUnLoadKeyW
RegLoadKeyW
RegDeleteValueW
RegEnumValueW
OpenProcessToken
RegisterServiceCtrlHandlerExW
CreateServiceW
SetServiceStatus
DeleteService
StartServiceCtrlDispatcherW
MakeAbsoluteSD
EventActivityIdControl
QueryServiceConfigW
RegOpenKeyExW
ChangeServiceConfigW
ControlService
EqualSid
IsValidSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetLengthSid
DuplicateToken
OpenThreadToken
CreateWellKnownSid
RegGetKeySecurity
StopTraceW
StartTraceW
CreateProcessAsUserW
RegCopyTreeW
AdjustTokenPrivileges
LookupPrivilegeValueW
ChangeServiceConfig2W
ImpersonateLoggedOnUser
RevertToSelf
GetSecurityDescriptorOwner
DeleteAce
GetNamedSecurityInfoW
CopySid
SetNamedSecurityInfoW
GetAce
SetSecurityDescriptorOwner
SetFileSecurityW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
LsaNtStatusToWinError
IsWellKnownSid
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
FreeSid
InitiateSystemShutdownExW
CryptStringToBinaryW
CryptBinaryToStringW
CertVerifyCertificateChainPolicy
GetProcessTimes
CopyFileW
CreateDirectoryW
GetFileInformationByHandleEx
GetFileAttributesExW
GetDiskFreeSpaceExW
CopyFileExW
GetDriveTypeW
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
LocalFree
SleepEx
GetFileSizeEx
ReadFile
TryAcquireSRWLockExclusive
TryEnterCriticalSection
InitializeCriticalSection
LCMapStringW
SwitchToThread
UnregisterWaitEx
GetEnvironmentVariableW
ExpandEnvironmentStringsW
lstrcmpW
MapViewOfFile
CreateFileMappingW
FindClose
FindNextFileW
CreateProcessW
GetModuleFileNameW
UnmapViewOfFile
DeleteFiber
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
GetVolumePathNameW
CreateFiberEx
SwitchToFiber
ConvertThreadToFiber
IsThreadAFiber
ConvertFiberToThread
SystemTimeToFileTime
CreateThreadpoolTimer
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolWork
SetThreadpoolThreadMaximum
CreateThreadpool
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CloseThreadpool
FlushFileBuffers
QueryFullProcessImageNameW
CreateMutexW
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
ReadProcessMemory
DuplicateHandle
QueryDosDeviceW
K32GetProcessMemoryInfo
SetEnvironmentVariableA
GetFileInformationByHandle
FindCloseChangeNotification
GetTempFileNameW
FindNextChangeNotification
FindFirstChangeNotificationW
GetSystemTime
InitializeSRWLock
WaitForMultipleObjects
FindStringOrdinal
lstrcmpiW
K32GetModuleInformation
K32GetModuleBaseNameW
VirtualQuery
FindResourceW
LoadResource
LockResource
SizeofResource
CreateThread
LoadLibraryW
GetLogicalDrives
OpenProcess
ProcessIdToSessionId
WideCharToMultiByte
MultiByteToWideChar
OpenThread
ReleaseSRWLockShared
AcquireSRWLockShared
GetExitCodeProcess
CreateHardLinkW
MoveFileExW
GetTempPathW
SetEnvironmentVariableW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
RtlCompareMemory
SystemTimeToTzSpecificLocalTime
GetTickCount64
CompareStringEx
WaitForMultipleObjectsEx
GetCPInfo
LCMapStringEx
DecodePointer
SleepConditionVariableSRW
DeleteFileW
WakeConditionVariable
WakeAllConditionVariable
GetTickCount
CompareFileTime
GetPackagesByPackageFamily
PackageIdFromFullName
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
GetLocaleInfoEx
CreateFileW
GetFinalPathNameByHandleW
DeviceIoControl
LoadLibraryExA
GetTimeFormatW
VirtualProtect
GetExitCodeThread
GetDateFormatW
ConvertDefaultLocale
GetLocaleInfoW
GetComputerNameExW
QueryPerformanceFrequency
FormatMessageA
SetThreadPriority
GetCurrentThread
GetThreadPriority
GetSystemPowerStatus
GetSystemWindowsDirectoryW
CreateSemaphoreW
LoadLibraryExW
RtlUnwind
InitializeCriticalSectionEx
EncodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapSetInformation
GetNativeSystemInfo
GetSystemDirectoryW
OpenEventW
SetFilePointerEx
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
ChangeTimerQueueTimer
InterlockedPushEntrySList
RtlUnwindEx
InitializeSListHead
QueryPerformanceCounter
CreateEventW
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
SetErrorMode
DeleteTimerQueueTimer
FreeLibrary
Sleep
IsDebuggerPresent
DebugBreak
GetModuleHandleW
GetProcessHeap
GetCurrentProcessId
CreateMutexExW
GetProcAddress
HeapAlloc
CloseHandle
OpenSemaphoreW
WaitForSingleObjectEx
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetFileAttributesW
InitializeConditionVariable
CreateTimerQueueTimer
WriteFile
RegisterWaitForSingleObject
GetSystemInfo
CreateJobObjectW
RpcImpersonateClient
RpcRevertToSelf
UuidCompare
NdrServerCall2
NdrServerCallAll
UuidFromStringW
RpcServerUnregisterIf
RpcEpUnregister
RpcBindingVectorFree
RpcServerRegisterIfEx
RpcEpRegisterW
RpcServerInqBindings
RpcServerUseProtseqEpW
RpcServerUseProtseqW
RpcServerRegisterAuthInfoW
RpcStringFreeW
RpcBindingInqAuthClientW
RpcStringBindingParseW
RpcBindingToStringBindingW
UuidCreate
UuidHash
WTHelperGetProvSignerFromChain
CryptCATAdminCalcHashFromFileHandle
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminEnumCatalogFromHash
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
MkParseDisplayNameEx
SetInformationJobObject
QueryInformationJobObject
AssignProcessToJobObject
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
NtQueryInformationProcess
RtlTimeToTimeFields
MpConfigDelValue
MpConfigInitialize
MpConfigOpen
MpHandleClose
MpConfigIteratorEnum
MpManagerOpen
MpConfigIteratorClose
MpConfigClose
MpManagerVersionQuery
MpConfigSetValue
MpAllocMemory
MpConfigRegisterForNotifications
MpConfigUnregisterNotifications
MpConfigIteratorOpen
MpConfigUninitialize
MpNotificationRegister
MpThreatLocalizedInfoQuery
MpUpdateStart
MpUpdateControl
MpQueryEngineConfigDword
MpScanStart
MpScanControl
MpConveySampleSubmissionResult
MpThreatOpen
MpConfigGetValueAlloc
MpConfigGetValue
MpThreatEnumerate
MpDynamicSignatureOpen
MpFreeMemory
MpClientUtilExportFunctions
MpDynamicSignatureEnumerate
MpUtilsExportFunctions
MpDebugExportFunctions
MpManagerStatusQueryEx
MpIsRtpAutoEnable
MpAddDynamicSignatureFile
MpErrorMessageFormat
_realloc_base
malloc
_free_base
_calloc_base
_malloc_base
_callnewh
calloc
realloc
free
atol
_wcstod_l
_ui64tow_s
_i64tow_s
_ui64toa_s
_i64toa_s
wcstoul
wcstol
wcstoll
wcstoull
_wtol
_wtoi
_itow_s
wcstoumax
strtod
strtof
rand
srand
_create_locale
___lc_codepage_func
localeconv
___lc_collate_cp_func
_free_locale
_unlock_locales
_lock_locales
setlocale
___mb_cur_max_func
___lc_locale_name_func
__pctype_func
frexp
pow
ldexp
ceilf
powf
_Getdays
_Strftime
_W_Getmonths
_Gettnames
_W_Gettnames
_Wcsftime
_Getmonths
_W_Getdays
ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptFinishHash
SubscribeServiceChangeNotifications
UnsubscribeServiceChangeNotifications
_lock_file
_unlock_file
ServiceCrtMain
ValidateDrop
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ