SecuriteInfo[.]com[.]W32[.]AIDetect[.]malware1[.]14311[.]14948

Resubmissions

10-06-2024 21:32

240610-1drlvasajl 10

23-04-2021 16:42

210423-hge38eda1j 8

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.W32.AIDetect.malware1.14311.14948
Size

2.5MB
MD5

ae8f9d9b8344d52f0872dfdc852e1dd4
SHA1

7e9f4259cc193465317ee48b8428b36e74028390
SHA256

95b5d0e36464afc8391a9d056926e5859506ead18937669554bde42f7a6d135b
SHA512

27928930215dbb9217247d846c570a756b46866b17b0832c9de7c8a800e3d0457f64c28ddfb4a66372f3837695e8f1a5645804f222ac7344284facb68bc79b21
SSDEEP

49152:qFUy7w/OQkyXuS18WPu8vE2uajZ3/qUlppUAr/n7oi/dyXUETzBJi3:qFnekR+08s2uaX9tdyZTzBJi3

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.W32.AIDetect.malware1.14311.14948
unpack001/CachemanControlPanel.exe
unpack001/libblkmaker-0.1-6.dll
unpack001/libgcc_s_seh-1.dll
unpack001/libgraph31.dll
unpack001/libgstcontroller-1.0-0.dll
unpack001/libogg-0.dll
unpack001/libxml3.dll
unpack001/zlib.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

SecuriteInfo.com.W32.AIDetect.malware1.14311.14948
.exe windows:4 windows x86 arch:x86

ced282d9b261d1462772017fe2f6972b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
ReadFile
GetTempFileNameA
WriteFile
RemoveDirectoryA
CreateProcessA
CreateFileA
GetLastError
CreateThread
CreateDirectoryA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersion
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CachemanControlPanel.exe
.exe windows:6 windows x86 arch:x86

9b671cf405c7ab3b3d5afa005657b1b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\storage\SIV32X\pdb\VCL\codecs\Obj\storage\build\Release\p.pdb

Imports

kernel32

ExitProcess
GetProcAddress
GetWindowsDirectoryW
LoadLibraryA
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetTimeZoneInformation
CloseHandle
SetEvent
ResetEvent
CreateMutexW
CreateEventW
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
LoadLibraryW
GetSystemInfo
HeapReAlloc
DeleteFileW
DeleteFileA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetFileAttributesW
CreateFileW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
HeapFree
HeapCreate
GetModuleFileNameA
AreFileApisANSI
InitializeCriticalSection
GetCurrentThreadId
GetModuleHandleW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetStringTypeW
GetCPInfo
LoadLibraryExA
WerRegisterFile
RtlUnwind
RaiseException
InterlockedPushEntrySList
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
GetStdHandle
FindClose
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetFilePointerEx
ReadConsoleW
GetFileSizeEx
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCurrentDirectoryW
WriteConsoleW
GetExitCodeThread
ReadFile
GetNativeSystemInfo
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
WaitForSingleObject

user32

GetActiveWindow
MessageBoxA

bcrypt

BCryptGenRandom
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Qt5Concurrentd.dll
.dll windows:6 windows x86 arch:x86

1943dc99c33806b1b133be1a6381273c

Code Sign

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-10-2020 00:00

Not After

31-12-2023 12:00

Subject

CN=The Qt Company Oy,O=The Qt Company Oy,L=Oulu,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:14:3b:48:06:00:1b:26:8a:58:d8:ae:67:82:76:ae:7d:70:04:bb:94:19:7c:e4:be:ed:ed:4b:28:36:e6:51
Signer

Actual PE Digest

eb:14:3b:48:06:00:1b:26:8a:58:d8:ae:67:82:76:ae:7d:70:04:bb:94:19:7c:e4:be:ed:ed:4b:28:36:e6:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\qt\work\qt\qtbase\lib\Qt5Concurrentd.pdb

Imports

qt5cored

?isCanceled@QFutureInterfaceBase@@QBE_NXZ
?isPaused@QFutureInterfaceBase@@QBE_NXZ
?waitForResume@QFutureInterfaceBase@@QAEXXZ
??0QSemaphore@@QAE@H@Z
??1QSemaphore@@QAE@XZ
?acquire@QSemaphore@@QAEXH@Z
?release@QSemaphore@@QAEXH@Z
?qt_assert_x@@YAXPBD00H@Z
?setProgressRange@QFutureInterfaceBase@@QAEXHH@Z
?data@QArrayData@@QAEPAXXZ
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPAU1@II@Z
?sharedNull@QArrayData@@SAPAU1@XZ
?deadlineNSecs@QDeadlineTimer@@QBE_JXZ
?current@QDeadlineTimer@@SA?AV1@W4TimerType@Qt@@@Z
?maxThreadCount@QThreadPool@@QBEHXZ
?setProgressValue@QFutureInterfaceBase@@QAEXH@Z
?reportException@QFutureInterfaceBase@@QAEXABVQException@@@Z
??1ExceptionStore@QtPrivate@@QAE@XZ
??0ExceptionStore@QtPrivate@@QAE@XZ
?throwPossibleException@ExceptionStore@QtPrivate@@QAEXXZ
?setException@ExceptionStore@QtPrivate@@QAEXABVQException@@@Z
?qt_assert@@YAXPBD0H@Z
??0QUnhandledException@@QAE@XZ
??1QUnhandledException@@UAE@XZ
?tryStart@QThreadPool@@QAE_NPAVQRunnable@@@Z
?globalInstance@QThreadPool@@SAPAV1@XZ
?setAutoDelete@QRunnable@@QAEX_N@Z
??1QRunnable@@UAE@XZ
??0QRunnable@@QAE@XZ
?qBadAlloc@@YAXXZ

kernel32

QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW

vcruntime140d

_purecall
memcpy
__CxxFrameHandler3
memmove
memset
_CxxThrowException
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list

ucrtbased

_invalid_parameter
_CrtDbgReport
terminate
_except1
_initterm
_initterm_e
_free_dbg
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit

Exports

Exports

??0BlockSizeManager@QtConcurrent@@QAE@H@Z
??0BlockSizeManagerV2@QtConcurrent@@QAE@H@Z
??0ThreadEngineBase@QtConcurrent@@QAE@XZ
??1BlockSizeManager@QtConcurrent@@QAE@XZ
??1ThreadEngineBase@QtConcurrent@@UAE@XZ
??_7ThreadEngineBase@QtConcurrent@@6B@
?acquireBarrierSemaphore@ThreadEngineBase@QtConcurrent@@QAEXXZ
?blockSize@BlockSizeManager@QtConcurrent@@QAEHXZ
?blockSize@BlockSizeManagerV2@QtConcurrent@@QAEHXZ
?blockSizeMaxed@BlockSizeManager@QtConcurrent@@AAE_NXZ
?blockSizeMaxed@BlockSizeManagerV2@QtConcurrent@@AAE_NXZ
?finish@ThreadEngineBase@QtConcurrent@@MAEXXZ
?handleException@ThreadEngineBase@QtConcurrent@@AAEXABVQException@@@Z
?isCanceled@ThreadEngineBase@QtConcurrent@@QAE_NXZ
?isProgressReportingEnabled@ThreadEngineBase@QtConcurrent@@QAE_NXZ
?run@ThreadEngineBase@QtConcurrent@@EAEXXZ
?setProgressRange@ThreadEngineBase@QtConcurrent@@QAEXHH@Z
?setProgressValue@ThreadEngineBase@QtConcurrent@@QAEXH@Z
?shouldStartThread@ThreadEngineBase@QtConcurrent@@MAE_NXZ
?shouldThrottleThread@ThreadEngineBase@QtConcurrent@@MAE_NXZ
?start@ThreadEngineBase@QtConcurrent@@MAEXXZ
?startBlocking@ThreadEngineBase@QtConcurrent@@QAEXXZ
?startSingleThreaded@ThreadEngineBase@QtConcurrent@@QAEXXZ
?startThread@ThreadEngineBase@QtConcurrent@@QAEXXZ
?startThreadInternal@ThreadEngineBase@QtConcurrent@@AAE_NXZ
?startThreads@ThreadEngineBase@QtConcurrent@@AAEXXZ
?threadExit@ThreadEngineBase@QtConcurrent@@AAEXXZ
?threadFunction@ThreadEngineBase@QtConcurrent@@MAE?AW4ThreadFunctionResult@2@XZ
?threadThrottleExit@ThreadEngineBase@QtConcurrent@@AAE_NXZ
?timeAfterUser@BlockSizeManager@QtConcurrent@@QAEXXZ
?timeAfterUser@BlockSizeManagerV2@QtConcurrent@@QAEXXZ
?timeBeforeUser@BlockSizeManager@QtConcurrent@@QAEXXZ
?timeBeforeUser@BlockSizeManagerV2@QtConcurrent@@QAEXXZ
?waitForResume@ThreadEngineBase@QtConcurrent@@QAEXXZ

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 265B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libblkmaker-0.1-6.dll
.dll windows:4 windows x64 arch:x64

3189653b33febddfff74fcb72215558d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libbase58-0

b58_sha256_impl
b58check
b58tobin

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
_amsg_exit
_initterm
_lock
_onexit
_stricmp
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memmove
memset
realloc
signal
strlen
strncmp
vfprintf

ws2_32

htonl

Exports

Exports

_blkmk_b58check
_blkmk_b58tobin
_blkmk_bin2hex
_blkmk_dblsha256
_blkmk_extranonce
_blkmk_hex2bin
_blktxn_free
blkmk_address_to_script
blkmk_append_coinbase_safe
blkmk_append_coinbase_safe2
blkmk_assemble_submission2_
blkmk_get_data
blkmk_get_mdata
blkmk_init_generation
blkmk_init_generation2
blkmk_init_generation3
blkmk_sample_data_
blkmk_sha256_impl
blkmk_time_left
blkmk_work_left
blktmpl_addcaps
blktmpl_capabilityname
blktmpl_create
blktmpl_free
blktmpl_get_longpoll
blktmpl_get_submitold
blktmpl_getcapability

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 849B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 129B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libgcc_s_seh-1.dll
.dll windows:4 windows x64 arch:x64

b8547353b6beb87cf7560462f9aacd11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RaiseException
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcpy
memset
realloc
signal
strlen
strncmp
vfprintf

libwinpthread-1

pthread_getspecific
pthread_key_create
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock
pthread_once
pthread_setspecific

Exports

Exports

_GCC_specific_handler
_Unwind_Backtrace
_Unwind_DeleteException
_Unwind_FindEnclosingFunction
_Unwind_ForcedUnwind
_Unwind_GetCFA
_Unwind_GetDataRelBase
_Unwind_GetGR
_Unwind_GetIP
_Unwind_GetIPInfo
_Unwind_GetLanguageSpecificData
_Unwind_GetRegionStart
_Unwind_GetTextRelBase
_Unwind_RaiseException
_Unwind_Resume
_Unwind_Resume_or_Rethrow
_Unwind_SetGR
_Unwind_SetIP
__absvdi2
__absvsi2
__absvti2
__addtf3
__addvdi3
__addvsi3
__addvti3
__ashlti3
__ashrti3
__bswapdi2
__bswapsi2
__clear_cache
__clrsbdi2
__clrsbti2
__clzdi2
__clzti2
__cmpti2
__ctzdi2
__ctzti2
__divdc3
__divmodti4
__divsc3
__divtc3
__divtf3
__divti3
__divxc3
__emutls_get_address
__emutls_register_common
__enable_execute_stack
__eqtf2
__extenddftf2
__extendsftf2
__extendxftf2
__ffsdi2
__ffsti2
__fixdfti
__fixsfti
__fixtfdi
__fixtfsi
__fixtfti
__fixunsdfdi
__fixunsdfti
__fixunssfdi
__fixunssfti
__fixunstfdi
__fixunstfsi
__fixunstfti
__fixunsxfdi
__fixunsxfti
__fixxfti
__floatditf
__floatsitf
__floattidf
__floattisf
__floattitf
__floattixf
__floatunditf
__floatunsitf
__floatuntidf
__floatuntisf
__floatuntitf
__floatuntixf
__gcc_personality_seh0
__getf2
__gttf2
__letf2
__lshrti3
__lttf2
__modti3
__muldc3
__mulsc3
__multc3
__multf3
__multi3
__mulvdi3
__mulvsi3
__mulvti3
__mulxc3
__negtf2
__negti2
__negvdi2
__negvsi2
__negvti2
__netf2
__paritydi2
__parityti2
__popcountdi2
__popcountti2
__powidf2
__powisf2
__powitf2
__powixf2
__subtf3
__subvdi3
__subvsi3
__subvti3
__trunctfdf2
__trunctfsf2
__trunctfxf2
__ucmpti2
__udivmodti4
__udivti3
__umodti3
__unordtf2

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libgraph31.dll
.dll windows:6 windows x86 arch:x86

281dc1ba5e44a848176932d8a5f61463

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
GetFileAttributesW
DisableThreadLibraryCalls
lstrcatW
WriteConsoleW
CloseHandle
CreateFileW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
DecodePointer

shell32

SHGetFolderPathW

ole32

CoInitialize
CoCreateInstance

Exports

Exports

checkrgb

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libgstcontroller-1.0-0.dll
.dll windows:4 windows x64 arch:x64

63b56b15fb47744ebec32e307eeadfff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgstreamer-1.0-0

_gst_debug_category_new
_gst_debug_min
gst_control_binding_get_g_value_array
gst_control_binding_get_type
gst_control_binding_get_value
gst_control_binding_get_value_array
gst_control_binding_sync_values
gst_control_source_get_type
gst_control_source_get_value
gst_control_source_get_value_array
gst_debug_log
gst_object_get_control_binding
gst_object_get_type
gst_object_replace
gst_object_sync_values
gst_object_unref
gst_util_guint64_to_gdouble

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery

msvcrt

__dllonexit
__iob_func
__setusermatherr
_amsg_exit
_errno
_initterm
_lock
_onexit
_unlock
abort
calloc
fprintf
free
malloc
signal
strlen
strncmp
vfprintf

libglib-2.0-0

g_free
g_intern_static_string
g_log
g_malloc0
g_malloc0_n
g_mutex_clear
g_mutex_init
g_mutex_lock
g_mutex_unlock
g_once_init_enter
g_once_init_leave
g_queue_push_tail
g_return_if_fail_warning
g_sequence_foreach
g_sequence_free
g_sequence_get
g_sequence_get_begin_iter
g_sequence_insert_sorted
g_sequence_iter_is_begin
g_sequence_iter_is_end
g_sequence_iter_next
g_sequence_iter_prev
g_sequence_lookup
g_sequence_new
g_sequence_remove
g_sequence_search
g_slice_alloc0
g_slice_copy
g_slice_free1
g_strdup

libgobject-2.0-0

g_boxed_type_register_static
g_cclosure_marshal_generic
g_enum_register_static
g_object_class_install_properties
g_object_class_install_property
g_object_new
g_object_set_property
g_param_spec_boolean
g_param_spec_double
g_param_spec_enum
g_param_spec_int64
g_param_spec_object
g_param_spec_uint64
g_signal_emit
g_signal_new
g_type_check_instance_is_a
g_type_check_value
g_type_class_add_private
g_type_class_adjust_private_offset
g_type_class_peek_parent
g_type_instance_get_private
g_type_name
g_type_parent
g_type_register_static_simple
g_value_dup_object
g_value_get_boolean
g_value_get_double
g_value_get_enum
g_value_get_int64
g_value_get_object
g_value_get_uint64
g_value_init
g_value_set_boolean
g_value_set_double
g_value_set_enum
g_value_set_float
g_value_set_int
g_value_set_int64
g_value_set_long
g_value_set_object
g_value_set_uint
g_value_set_uint64
g_value_set_ulong
g_value_unset
g_weak_ref_clear
g_weak_ref_get
g_weak_ref_init
g_weak_ref_set

Exports

Exports

gst_argb_control_binding_get_type
gst_argb_control_binding_new
gst_control_point_copy
gst_control_point_free
gst_control_point_get_type
gst_direct_control_binding_get_type
gst_direct_control_binding_new
gst_direct_control_binding_new_absolute
gst_interpolation_control_source_get_type
gst_interpolation_control_source_new
gst_interpolation_mode_get_type
gst_lfo_control_source_get_type
gst_lfo_control_source_new
gst_lfo_waveform_get_type
gst_proxy_control_binding_get_type
gst_proxy_control_binding_new
gst_timed_value_control_invalidate_cache
gst_timed_value_control_source_find_control_point_iter
gst_timed_value_control_source_get_all
gst_timed_value_control_source_get_count
gst_timed_value_control_source_get_type
gst_timed_value_control_source_set
gst_timed_value_control_source_set_from_list
gst_timed_value_control_source_unset
gst_timed_value_control_source_unset_all
gst_trigger_control_source_get_type
gst_trigger_control_source_new

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libogg-0.dll
.dll windows:4 windows x64 arch:x64

94f2fe1caa9c8d99363121e2fcf9e37c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__dllonexit
__iob_func
__mb_cur_max
_amsg_exit
_errno
_initterm
_lock
_onexit
_unlock
abort
atoi
calloc
fputc
free
getenv
localeconv
malloc
memchr
memcmp
memcpy
memmove
realloc
setlocale
signal
strchr
strerror
strlen
strncmp
wcslen

Exports

Exports

ogg_packet_clear
ogg_page_bos
ogg_page_checksum_set
ogg_page_continued
ogg_page_eos
ogg_page_granulepos
ogg_page_packets
ogg_page_pageno
ogg_page_serialno
ogg_page_version
ogg_stream_check
ogg_stream_clear
ogg_stream_destroy
ogg_stream_eos
ogg_stream_flush
ogg_stream_flush_fill
ogg_stream_init
ogg_stream_iovecin
ogg_stream_packetin
ogg_stream_packetout
ogg_stream_packetpeek
ogg_stream_pagein
ogg_stream_pageout
ogg_stream_pageout_fill
ogg_stream_reset
ogg_stream_reset_serialno
ogg_sync_buffer
ogg_sync_check
ogg_sync_clear
ogg_sync_destroy
ogg_sync_init
ogg_sync_pageout
ogg_sync_pageseek
ogg_sync_reset
ogg_sync_wrote
oggpackB_adv
oggpackB_adv1
oggpackB_bits
oggpackB_bytes
oggpackB_get_buffer
oggpackB_look
oggpackB_look1
oggpackB_read
oggpackB_read1
oggpackB_readinit
oggpackB_reset
oggpackB_write
oggpackB_writealign
oggpackB_writecheck
oggpackB_writeclear
oggpackB_writecopy
oggpackB_writeinit
oggpackB_writetrunc
oggpack_adv
oggpack_adv1
oggpack_bits
oggpack_bytes
oggpack_get_buffer
oggpack_look
oggpack_look1
oggpack_read
oggpack_read1
oggpack_readinit
oggpack_reset
oggpack_write
oggpack_writealign
oggpack_writecheck
oggpack_writeclear
oggpack_writecopy
oggpack_writeinit
oggpack_writetrunc

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libxml3.dll
.dll windows:6 windows x86 arch:x86

1f172576ce8ae1af7eee56cace741547

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\libcrypto-1_1-x64\StartupManager\Bin\RelWithDebI.pdb

Imports

kernel32

LoadLibraryA
SetCurrentDirectoryW
GetProcAddress
WriteConsoleW
DisableThreadLibraryCalls
GetModuleHandleA
GetModuleFileNameW
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetEnvironmentVariableW
GetComputerNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
Sleep
CreateFileW
FlushFileBuffers
SetFilePointer
WriteFile
CloseHandle
SetEvent
GetStdHandle
GetLastError
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
GetCurrentThreadId
SetThreadPriority
GetExitCodeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteFileW
GetFileAttributesW
GetFileAttributesExW
RemoveDirectoryW
SetEndOfFile
MoveFileExW
GetCurrentDirectoryW
WideCharToMultiByte
CreateEventW
ReadFile
FindClose
FindFirstFileW
FindNextFileW
ResetEvent
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForSingleObjectEx
InitializeCriticalSectionEx
GetModuleHandleW
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleOutputCP
GetFileSizeEx
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA

Exports

Exports

ParseXml
stream_word_bits
zfp_codec_version
zfp_library_version
zfp_version_string

Sections

.text
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
settings.xml
vcruntime140.dll
.dll windows:6 windows x86 arch:x86

b06d4116da69a513992d529f84731e6f

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:31

Not After

02-12-2021 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:01:91:01:b4:4d:b6:27:bd:81:a6:a5:6b:88:23:69:69:d1:e7:8a:38:80:a9:55:cc:db:68:2e:b0:31:9f:d9
Signer

Actual PE Digest

ad:01:91:01:b4:4d:b6:27:bd:81:a6:a5:6b:88:23:69:69:d1:e7:8a:38:80:a9:55:cc:db:68:2e:b0:31:9f:d9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\3\s\\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

DeleteCriticalSection
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
RtlUnwind
VirtualQuery
EncodePointer
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
EnterCriticalSection
LeaveCriticalSection
TlsSetValue
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsFree

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_chkesp
_except_handler2
_except_handler3
_except_handler4_common
_get_purecall_handler
_get_unexpected
_global_unwind2
_is_exception_typeof
_local_unwind2
_local_unwind4
_longjmpex
_purecall
_seh_longjmp_unwind
_seh_longjmp_unwind4
_set_purecall_handler
_set_se_translator
_setjmp3
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib.dll
.dll windows:6 windows x64 arch:x64

6787bd109e844482fe60fc5ebfa98a36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vcruntime140

memchr
memset
__C_specific_handler
__std_type_info_destroy_list
memcpy

api-ms-win-crt-stdio-l1-1-0

_lseeki64
_wopen
_close
_write
_read
__stdio_common_vsprintf
_open

api-ms-win-crt-heap-l1-1-0

free
malloc

api-ms-win-crt-convert-l1-1-0

wcstombs

api-ms-win-crt-runtime-l1-1-0

_cexit
_errno
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
strerror

kernel32

GetCurrentThreadId
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
RtlCaptureContext
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess

Exports

Exports

adler32
adler32_combine
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

ced282d9b261d1462772017fe2f6972b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 212KB - Virtual size: 212KB

9b671cf405c7ab3b3d5afa005657b1b0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

bcrypt

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 482KB - Virtual size: 481KB

.data Size: 65KB - Virtual size: 107KB

_RDATA Size: 10KB - Virtual size: 9KB

.rsrc Size: 247KB - Virtual size: 246KB

1943dc99c33806b1b133be1a6381273c

Code Sign

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

eb:14:3b:48:06:00:1b:26:8a:58:d8:ae:67:82:76:ae:7d:70:04:bb:94:19:7c:e4:be:ed:ed:4b:28:36:e6:51Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5cored

kernel32

vcruntime140d

ucrtbased

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 265B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

3189653b33febddfff74fcb72215558d

Headers

File Characteristics

Imports

libbase58-0

kernel32

msvcrt

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 212KB - Virtual size: 212KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 482KB - Virtual size: 481KB

.data
Size: 65KB - Virtual size: 107KB

_RDATA
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 247KB - Virtual size: 246KB

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

eb:14:3b:48:06:00:1b:26:8a:58:d8:ae:67:82:76:ae:7d:70:04:bb:94:19:7c:e4:be:ed:ed:4b:28:36:e6:51
Signer

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 265B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 400B

.rdata
Size: 1024B - Virtual size: 724B

.pdata
Size: 1024B - Virtual size: 924B

.xdata
Size: 1024B - Virtual size: 812B

.bss
Size: - Virtual size: 2KB

.edata
Size: 1024B - Virtual size: 849B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 92B

/4
Size: 512B - Virtual size: 272B

/19
Size: 14KB - Virtual size: 14KB

/31
Size: 1KB - Virtual size: 1KB

/45
Size: 2KB - Virtual size: 2KB

/57
Size: 2KB - Virtual size: 1KB

/70
Size: 512B - Virtual size: 129B

/81
Size: 4KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 512B - Virtual size: 128B

.rdata
Size: 3KB - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 3KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 100B

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB