ProximaCentauriB_Exploring_Unknown-12thMay[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

ProximaCentauriB_Exploring_Unknown-12thMay.zip
Size

250.0MB
MD5

caa114258daaa4a0762bd0f7dcf40728
SHA1

a5d270c9dccda6ec847ec0e4edb54e473c9aefa2
SHA256

e112ab2d037c9482422821feae2ad5ba25614222c5ca0b82dc3f15768d4a3bac
SHA512

dc1b63cf696544ace80562cadf7ca94cfc901646241192717535a88bfeec988d39ad6b18c868407d0e8e942d1a058bf8c26beff184a785276602428fba655855
SSDEEP

6291456:wjwhnbStSoKNYJgWz4MyJBCrthx09nriyi1iRiXiWJLJiGbr:2whbaSLSuJBEthx09rilh

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 6 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/english.dll	acprotect
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/french.dll	acprotect
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/german.dll	acprotect
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/path.dll	acprotect
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/path2.0.dll	acprotect
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/spanish.dll	acprotect

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/Fonts.exe	upx
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/explore_unknown/Start.exe	upx
static1/unpack004/GameLoader.exe	upx
static1/unpack004/conf.exe	upx
static1/unpack004/prom5.exe	upx
static1/unpack004/prom5a.exe	upx
static1/unpack004/prom5b.exe	upx
static1/unpack004/prom5bs.exe	upx
static1/unpack004/prom5s.exe	upx
static1/unpack004/prompt.exe	upx
static1/unpack004/prompt10.exe	upx
static1/unpack004/prompt15.exe	upx
static1/unpack004/prompt20.exe	upx
static1/unpack004/prompt_patch4.exe	upx
static1/unpack004/prompt_patch5.exe	upx
static1/unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/prompt9.exe	upx

Unsigned PE 38 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/CODMPathfinder.exe
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/CODMPathfinder_Week.exe
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/Fonts.exe
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/adb.exe
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/english.dll
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/explore_unknown/ProximaCentauriB.exe
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/explore_unknown/Start.exe
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/french.dll
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/german.dll
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/helper.exe
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/path.dll
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/path2.0.dll
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/path3.0.dll
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/prompt1.exe
unpack004/GameLoader.exe
unpack004/GameSuccess.exe
unpack004/adb.exe
unpack004/conf.exe
unpack004/mosem32.dll
unpack004/mosem64.dll
unpack004/prom5.exe
unpack004/prom5a.exe
unpack004/prom5b.exe
unpack004/prom5bs.exe
unpack004/prom5s.exe
unpack004/prompt.exe
unpack004/prompt10.exe
unpack004/prompt15.exe
unpack004/prompt15b32.exe
unpack004/prompt1632.exe
unpack004/prompt17.exe
unpack004/prompt20.exe
unpack004/prompt_patch4.exe
unpack004/prompt_patch5.exe
unpack004/shpch.dll
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/prompt8.dll
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/prompt9.exe
unpack001/ProximaCentauriB_Exploring_Unknown-12thMay/spanish.dll

Files

ProximaCentauriB_Exploring_Unknown-12thMay.zip
.zip
ProximaCentauriB_Exploring_Unknown-12thMay/AdbPath64.dll
.dll windows:6 windows x86 arch:x86

c64cac39044626770353879245ea25e4

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:4b:a8:7a:a5:0c:b9:b1:99:5e:36:94:4b:f9:b3:cf:b5:ba:0b:02:61:7e:07:c2:80:1f:94:c8:92:f9:63:42
Signer

Actual PE Digest

0b:4b:a8:7a:a5:0c:b9:b1:99:5e:36:94:4b:f9:b3:cf:b5:ba:0b:02:61:7e:07:c2:80:1f:94:c8:92:f9:63:42

Digest Algorithm

sha256

PE Digest Matches

true

e7:3f:26:8f:5a:37:f3:81:9d:dd:0f:24:04:a3:03:5b:f1:84:d1:c2
Signer

Actual PE Digest

e7:3f:26:8f:5a:37:f3:81:9d:dd:0f:24:04:a3:03:5b:f1:84:d1:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\code\android\donut\development\host\windows\usb\api\objfre_wxp_x86\i386\AdbWinApi.pdb

Imports

ole32

CoCreateInstance

kernel32

GetACP
SetLastError
CloseHandle
GetLastError
DeviceIoControl
WriteFile
ReadFile
GetOverlappedResult
CreateFileW
WideCharToMultiByte
Sleep
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetSystemDirectoryW
RaiseException
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetVersionExA
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
OutputDebugStringA
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
GetModuleHandleW
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PBG@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SGPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SG?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SG?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SG?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/Bunifu_UI_v1.43.apx
ProximaCentauriB_Exploring_Unknown-12thMay/Bunifu_UI_v1.44.apx
ProximaCentauriB_Exploring_Unknown-12thMay/Bunifu_UI_v1.45.apx
ProximaCentauriB_Exploring_Unknown-12thMay/Bunifu_UI_v1.49.apx
ProximaCentauriB_Exploring_Unknown-12thMay/CODMPathfinder.exe
.exe windows:5 windows x86 arch:x86

ead364a9564def7dbab3c2916879f461

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

ole32

CreateStreamOnHGlobal

msvcrt

isxdigit

comctl32

InitializeFlatSB

wininet

InternetGetConnectedState

comdlg32

PageSetupDlgW

winmm

timeGetTime

winspool.drv

SetPrinterW

d3d9

Direct3DCreate9

winhttp

WinHttpWriteData

wtsapi32

WTSSendMessageW

Exports

Exports

TMethodImplementationIntercept
��1�U�� '��\A�x�N݉e~+kY�#��q%-n$Nt=�ͱr��ٮ��a)�~4[�#�TJ:��D��=|!DG��ᅯ�۔�7��&#��>&" w餹� ��M}.=>��J�Q�Ȗ�@�GauK:j6�� J��b3�~��>��}�r��b��@�P��-��Z�Db��b ��p��a��קX��F��`�A�R��u�n�i��n��(��0&0uAxt^��%��f�x+��ʦ��~�;)2Hz��/Q��7��/�G��[��O�Zf�g�Z� %�:�� ,��z�g��[7��U��l��:lΫ�0�o2�l��}̚��}�r�-�+@v�6�<!��y��P�Tg��o]�#��ǌ�k��*a�gJ��4*B��O: $?�$��_��7f��f��-��b�L�k� $�� BS}F��[�rW�k4UGT��)q$�9n��~�|�a�� {2j�R�`��k��L��m9D��D0�.�D�@��b�ne#�� S�fXX��a��]AƔ��Qz�ܓ{�}�.�َW��Oc^��`Ue�+!��ṏmD��_�t@W׍X��^�T�tV<�1(��{1��^k5(�&R�2&��'��_�f��cFڳ�G�=R�Q��ڕ��<v��b��$A#��'fZ)=&@��ۍ�Z�U㪪� �5�i�x�Iy��RȤ��}?�jR7��x�1 m�K��ñ(��#��d�z�ޙ<��s�x��F��9�Xa]gAA�W��xx<�&��V��n�B&��+��!�Xy?xZ�\��#^�aD�ݼNh�IrSx�ZJ��q��qT>�e��o'�4k� �FEy��"�ww�B�~�Dz�&��~��+D�z}�S��+d��:z�3sy�]w�U�4��Y��È&�j6�Y��O=��۳��UH'��>�&��R��嶔��7��.M�m��Y��*k9��/?Mq��L��GȚbWG;��:A� Ԋ�1�φ��)��@��fBw�kP�"k;��T>X�8R-��'�#J'�}@�� "Kx��7�4��E:��}�:��L�Z��F�Y�cid��y�[�^��3�� >��R�YV��Iw��@��U��ן��H҃i��u^X^s�s��7p��M��B�: /I��l�y��e��eپXI3�ڔ)Z��P�<�$=��4�\A�r5�k�D��'�urSa��ϒ��O!X�ѴSP�\�s��p$��4��,&'u��h��4eW�_��-tM�-� 7�bƅ��\�?��3N,� N��W��R��]��M��cl+�$Zz��i]�ۖ�6 ԲsvP�^K>l_&�@��e�>�zn�ک5��D*w��R)��\'��8�T�B�l��Ƀx��1��8��ۗ�U7z� �� Z�UN˚Z$�AbdC��1 �n�M�ǝ��ah}�+��Mj_�J?&��.Q�jҼNaL�F:�k9�A��^�%�\KC�STgXt��N� ^ �m�8X7��q9�G�o��ט�LS^��7�ʗ�!��Cg�7��CF��ZOԤ��ݡ3z��!�|��B�o-��K�D{�6�>^�D��A�>�� vml,9�I�Th�;%u�D��^�N�t⌝+�tx�/�1��zl�z�0�g"lg��q��Q|bQX��ӆ�{�CgDʴ��=��=u�s��O��_I��`��:]$+�h��^��Ú��=!�{D�Ŏ�aO%�;!��VB�78�z��x�P>K��ܒH��#1/�d��IJ� V��¾<=2:{�~P��SH�iM��G2�R�9��2FJ��Ƨ��[ 7ƃ��2��\x��k�(:zaX�~�l�� XZ�Ɵ��}%�M�8,��$�F��<c�Y-��*��z��a�[۸��ozH�g�+��NRI� ��b��g��r��-��5b��@B@H�n?8�Z:��'��\�V�)�d�>��\C��F�K� �ւ$�S1/��w��Ǖ��q�Skk��O3 X�Y�0Uj��KK�u��3��vP��o�f�YT��ӧZ�Kd��Ӊ�?ä�� IC`8��dm�'lX�ĕ <:��S��X��+�9@n�T�O��3��K��L0�s~P3$Wy��L�A 9<;~5�ܢ��Lx%�1>�^��YE��׋��?@m��/zcY��W1��&C3��U{ޣ}TE��)xf��Mވ��-v�=ֲX��,3SxF��\pX2U�ŝ�67u!#�-x��U;�J?q�x��}�p��S7��w�ۏf��edZ��A�'%FPg>��2�j�-_��g1�Lq��ts�� u��m�L�.�N��7�z@g"b��*�Or`Y,��w$�ѩ��@"�`�v�r/�l�ejH�1��D�`��|��X��D��Oz`Mu��>��4H�R��#�&��k".��B��6��T��d��^q��<q��$b.(�ؒv ��%N��#��d�L($7��h��5U��M� ��ǹ�狶��,h�Muӌ�9%f�; �zp�#Sq�~4#&r��y��um��S�+Z�h�q]C"��J2f��"B/}��U8�z�rm�:�d��W�K�>$��u7�^&��Eb� ��9Y�tO6p�Մtd�Pp� vx+��IvX�tt�hJ�#��|+E�xc��bY��-՘��W�x>�`�H�t;�b��O�FI��G��<��q>4�G�si� 5/��n��d�, ��o��&��W��71��Q��

Sections

Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo0
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 390KB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.7MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo7
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo1
Size: 18.6MB - Virtual size: 18.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/CODMPathfinder_Week.exe
.exe windows:5 windows x86 arch:x86

ead364a9564def7dbab3c2916879f461

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

ole32

CreateStreamOnHGlobal

msvcrt

isxdigit

comctl32

InitializeFlatSB

wininet

InternetGetConnectedState

comdlg32

PageSetupDlgW

winmm

timeGetTime

winspool.drv

SetPrinterW

d3d9

Direct3DCreate9

winhttp

WinHttpWriteData

wtsapi32

WTSSendMessageW

Exports

Exports

��yU� P��@%e�K�F��8n��<�ˈ�IUé`ΩP�WG��Ы��]�(�l��B7��I]��~t��[�}-�|)�Syu�q𧸲 ��T�G�^^�=�a�Uj,lN�#@H{�d�,�&�� ܤ�W�MZ/="� ��9��̓�4A��?u��>[Ѽ�f��X�H��`�(��3��+�~A<䰄��~��6��$]��+ �o�� aEZ�t.�U�u��wE��!Я��=ӥ�^p��S��#��s�1��.��w5�!��p^� ��gs�ȫ��0O�lb ��*�:�1+-�y��͋{|e Xs�S~��L� p��ۨ��_QV}��+f��)t:�l��=��;��#C�'�܂LUnɶp�a��5��/_��<��H� ��GH��'/�ޏ��'||�e�_D�M�8hwԏY+�'�$}o�7��q"$Gd(Pv��ܟE蘿�]d $C�TH孕x=!.�C#�-��g*�E��(t��ڲ�~d�!�w�z12*W�op��C��jάL��X�Q��&�n��g�R��7�L�[��e�1`R οi��u�i<Z#jT�$ZZ��ew].z�ǁ��$��O_z��((�*�� )T��o �D�Q^�`@q�M��hã\^�[��#OnF�� -#�{d1H��Y �u�uB>� @�3��s;c ( �� a)j��3�c��#��' E��Ŀ��`U)rd6Dis��1��:�Cቩn� �~^�v��'PuP�4��զ��%�m3��*�;ڱb��(�B��&��A��(�Z��+_�W��M7�3i��]�x#��C��b��ܵ��r#��Q1g��G ��&o��ǜ��t@;��C+�@t3��)Xآ��L�o7��X�u��R��Hڥ<i�_��!��3�e��1�u��aq��9��7��*�?��l,�J�֒��L�/(5h2(�-c�_�8�oU6�}��}�K��é��g!�5��6F�`6��#�KI+�&=^��h��oU{��X��t7?�40�2�m)��f5o��C�� c�Rt�@?��DM�Xd#f]��8��҆��E|]{��;$�{q��Z��O%��0��E�"��=5��V��o��+�_A�`p��0��lR��l?y#��_�NwuA�3 ��bJ��!J�٫\p��R��\bY@��V��(��G��F(\Y��d��q{�<"a|�i[��:^&��"��)]��[�C�YM�j�)��ӂޔ�<��f��[��0��\_�X�>^��+��7�Z��~�pim4� �D7��0��K.4�V�Kc�@��(4'��w_O��}_�N�1XU0nʞ��|��򨽜0�S�$|��Qb��PƗ�-�ivp�&��i�۴ZXC,cS�C��T8��`�ՑT�UF��ռ�d|��nm0e��Z ��Sd$O�E��?�� 'Y�0�`��e��W�^��J��X ��(2{�,��ޔI=M��u44{�uP��c4��~�.��L�4Tt��*U�1s��A��ٌ��h|�9��Z᪢%"4%��nhE7U�B�Ͽ)0O1Ӂ;t��,x-��f�w>[�Xs\��U4�H@;��:�MO��a^��&��M�3>hpɔe�Y�*(!e~��q�L�Pd}g5��őr��Q6Z�Uĕb�+.�m��^)�w��(��~�(f ��+�� s�؟��G��=��P!��ԄN!��wH�ʍ5T��cP�*�u��1�7�]�e��V�S�q��3�{��Gb�d�� 84Y��xqI��Rv^�} "ͤ� a]��D�*�,�\J��9(��nŅ�14=q�*�l��Sjmc�фc��,��IA�Z ��o�� q�ҵ��g��L��X��BN��~-��hb�o��S_֝��1�%�x�Ť�r;�0�-~�9^��#��/��z��v6�M"��s�<m��9x'Y�Dx�us9#R�j�Gdq)�� *��A�n��X�VA�#�ʧ� <��n��]]`z��jL�KC^�rs��@Tz�,˴�6��_��I7bv\eZ>��W�\K��Tb�E/��w)��0N��E�X9�p ��7��-�t�cxK!a��g":�>0v��6�0mG�X�)M�D��8˨<�ۣ��v@<��w^�n<��:�߳ �Y��7�t�z�k�9`O��hk�TiZ�Q'�kTA�S֓�� ! 2� ��b�(�K�&��>�&l9��&r�&�_�ֶx��ECJ�I�ݴxϾ�Q�>xF�r�E��E�l��:F�H�r]�꺽P7��5v�2p��sů ?��w��fz�Sw��ϔ�q�}�b6T��L��'�6��x��,�F��E�"d�-�k�_�1�q�[��1��Q��.4�ɇ��e��vn}}��DU4פl��6aþ? b��(�L<��\C��*,�Q��l�*��덁%�� J)��~-��'8\3;B��a�E=�wӻ�ʾ�u��,�dC��u�S��c �3�C��Z��qI6�[|D`ڋ'{:��B��t�� g�>9�J]$��% ��&,��+�?錄O�U��S��{�0��ڀ��ݧ��* 2\�L��C,{�qZ��E*>C��xJK�e6�ib��#�F,�k&��+Z��&D�U.�� #��]�CJ�w��ڝ��dp|�8Ka(��N��v��eU|�x&�öX��?УZ]t��9Sq/Ù�=��;�8k�h��ԧ|p�j��𛨈��2Yv]E�*n?G��T�$��m��]�#�Hd�g��#Zw�s��jt,�4�A��7��1's�3
TMethodImplementationIntercept

Sections

Size: 8.3MB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 145KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo0
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 390KB - Virtual size: 8.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo7
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo1
Size: 18.6MB - Virtual size: 18.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/Fonts.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 456KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 367KB - Virtual size: 368KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/adb.exe
.exe windows:4 windows x86 arch:x86

caa032ebd77577ef7b19d90ec9abfca3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject

kernel32

CloseHandle
CreateEventA
CreateFileA
CreatePipe
CreateProcessA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
ResetEvent
SetConsoleCtrlHandler
SetEvent
SetFilePointer
SetHandleInformation
SetLastError
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

_access
_chmod
_getcwd
_getpid
_read
_stat
_strdup
_stricmp
_umask
_unlink
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthread
_beginthreadex
_cexit
_endthreadex
_errno
_exit
_findclose
_findfirst
_findnext
_fullpath
_getch
_iob
_isctype
_mkdir
_onexit
_pctype
_setmode
_stricmp
_strnicmp
_vsnprintf
_wfopen
abort
atexit
atoi
calloc
exit
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
localeconv
localtime
malloc
memchr
memcpy
memmove
memset
perror
qsort
raise
realloc
setvbuf
signal
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strtol
strtoul
time
tolower
vfprintf
wcslen
wcsstr

shell32

SHGetFolderPathA

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

ws2_32

WSACleanup
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
htonl
htons
listen
recv
send
setsockopt
shutdown
socket

adbpath64

AdbCloseHandle
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetEndpointInformation
AdbGetInterfaceName
AdbGetSerialNumber
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbReadEndpointSync
AdbWriteEndpointSync

Sections

.text
Size: 617KB - Virtual size: 616KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/api-ms-win-core-checktime-l1-0-86.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:90:3e:83:56:9d:f3:ba:ae:e8:00:00:00:00:00:90
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:15:22:4c:06:66:ab:4f:6c:6a:20:27:bf:ba:50:bb:53:0a:b5:14:91:ba:c3:f2:9c:19:69:67:c8:b1:a0:e5
Signer

Actual PE Digest

d0:15:22:4c:06:66:ab:4f:6c:6a:20:27:bf:ba:50:bb:53:0a:b5:14:91:ba:c3:f2:9c:19:69:67:c8:b1:a0:e5

Digest Algorithm

sha256

PE Digest Matches

true

1b:fa:73:61:47:d7:d3:b3:49:2c:98:7f:b0:99:c8:a0:2f:ac:5f:ad
Signer

Actual PE Digest

1b:fa:73:61:47:d7:d3:b3:49:2c:98:7f:b0:99:c8:a0:2f:ac:5f:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-datetime-l1-1-0.pdb

Exports

Exports

GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW

Sections

.text
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/api-ms-win-core-digilocked-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:fe:ce:9e:42:e6:90:6b:8a:22:cd:ab:77:fa:f1:85:39:c3:41:36:9b:02:df:a2:02:a3:11:af:ac:0d:1c:5a
Signer

Actual PE Digest

be:fe:ce:9e:42:e6:90:6b:8a:22:cd:ab:77:fa:f1:85:39:c3:41:36:9b:02:df:a2:02:a3:11:af:ac:0d:1c:5a

Digest Algorithm

sha256

PE Digest Matches

true

9e:bf:d2:0a:6e:da:ca:56:02:bb:dd:17:9b:b0:0b:8e:d0:29:59:40
Signer

Actual PE Digest

9e:bf:d2:0a:6e:da:ca:56:02:bb:dd:17:9b:b0:0b:8e:d0:29:59:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-interlocked-l1-1-0.pdb

Exports

Exports

InitializeSListHead
InterlockedCompareExchange
InterlockedCompareExchange64
InterlockedDecrement
InterlockedExchange
InterlockedExchangeAdd
InterlockedFlushSList
InterlockedIncrement
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/api-ms-win-core-errorhandler-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:aa:e1:5b:73:86:88:10:a4:c9:fc:99:d2:f4:1a:3c:29:4a:72:df:05:cc:3b:4d:4e:64:42:48:46:d5:26:7a
Signer

Actual PE Digest

72:aa:e1:5b:73:86:88:10:a4:c9:fc:99:d2:f4:1a:3c:29:4a:72:df:05:cc:3b:4d:4e:64:42:48:46:d5:26:7a

Digest Algorithm

sha256

PE Digest Matches

true

83:8f:c8:68:65:3a:5a:c2:14:50:c1:96:9d:a7:b2:7e:52:f6:e7:03
Signer

Actual PE Digest

83:8f:c8:68:65:3a:5a:c2:14:50:c1:96:9d:a7:b2:7e:52:f6:e7:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-errorhandling-l1-1-0.pdb

Exports

Exports

GetErrorMode
GetLastError
RaiseException
SetErrorMode
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Sections

.text
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/api-ms-win-core-processcores-l1-1-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e0:b8:5e:e6:93:07:19:c4:01:5f:6b:c0:2c:60:a5:d2:1d:6a:af:46:b4:a9:ef:83:f1:18:7b:fc:e6:af:31:33
Signer

Actual PE Digest

e0:b8:5e:e6:93:07:19:c4:01:5f:6b:c0:2c:60:a5:d2:1d:6a:af:46:b4:a9:ef:83:f1:18:7b:fc:e6:af:31:33

Digest Algorithm

sha256

PE Digest Matches

true

2d:78:55:8b:8d:86:66:10:fd:1d:39:0a:77:4d:43:f2:d2:3b:d9:6f
Signer

Actual PE Digest

2d:78:55:8b:8d:86:66:10:fd:1d:39:0a:77:4d:43:f2:d2:3b:d9:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-processthreads-l1-1-0.pdb

Exports

Exports

CreateProcessA
CreateProcessAsUserW
CreateProcessW
CreateRemoteThread
CreateRemoteThreadEx
CreateThread
DeleteProcThreadAttributeList
ExitProcess
ExitThread
FlushProcessWriteBuffers
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetPriorityClass
GetProcessId
GetProcessIdOfThread
GetProcessTimes
GetProcessVersion
GetStartupInfoW
GetThreadId
GetThreadPriority
GetThreadPriorityBoost
InitializeProcThreadAttributeList
OpenProcessToken
OpenThread
OpenThreadToken
ProcessIdToSessionId
QueryProcessAffinityUpdateMode
QueueUserAPC
ResumeThread
SetPriorityClass
SetProcessAffinityUpdateMode
SetProcessShutdownParameters
SetThreadPriority
SetThreadPriorityBoost
SetThreadStackGuarantee
SetThreadToken
SuspendThread
SwitchToThread
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UpdateProcThreadAttribute

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/api-ms-win-core-sync-l1-2-0.dll
.dll windows:10 windows x86 arch:x86

Code Sign

33:00:00:00:8f:d7:76:15:b9:cd:45:8a:74:00:00:00:00:00:8f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/10/2015, 18:14

Not After

07/01/2017, 18:14

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:ef:d8:87:2e:35:a3:82:8a:2f:00:00:00:00:00:ef
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:fa:68:0e:b2:c9:74:a9:2e:5a:96:16:23:09:81:97:39:f7:a6:93:05:46:18:fb:e9:ff:d2:0b:2d:bb:46:48
Signer

Actual PE Digest

d8:fa:68:0e:b2:c9:74:a9:2e:5a:96:16:23:09:81:97:39:f7:a6:93:05:46:18:fb:e9:ff:d2:0b:2d:bb:46:48

Digest Algorithm

sha256

PE Digest Matches

true

17:0b:de:6e:a4:b7:5c:e6:ea:8b:f2:4c:73:3c:48:82:3b:6f:be:44
Signer

Actual PE Digest

17:0b:de:6e:a4:b7:5c:e6:ea:8b:f2:4c:73:3c:48:82:3b:6f:be:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

api-ms-win-core-synch-l1-2-0.pdb

Exports

Exports

DeleteSynchronizationBarrier
EnterSynchronizationBarrier
InitOnceBeginInitialize
InitOnceComplete
InitOnceExecuteOnce
InitOnceInitialize
InitializeConditionVariable
InitializeSynchronizationBarrier
SignalObjectAndWait
Sleep
SleepConditionVariableCS
SleepConditionVariableSRW
WaitOnAddress
WakeAllConditionVariable
WakeByAddressAll
WakeByAddressSingle
WakeConditionVariable

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/cjzc_patch2.apx
ProximaCentauriB_Exploring_Unknown-12thMay/cjzc_patch4.apx
ProximaCentauriB_Exploring_Unknown-12thMay/english.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/explore_unknown/ProximaCentauriB.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 1.6MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 738KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 865KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 96KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 194B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 60KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 11KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RAZE
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/explore_unknown/Start.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/french.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/german.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/helper.exe
.exe windows:5 windows x86 arch:x86

a2af670719a0f32546f25d33e9c436f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
VirtualQuery
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
LoadLibraryA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
CharUpperBuffW
MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

RegCloseKey

oleaut32

SysFreeString

gdi32

CreateFontA

shell32

ShellExecuteA

version

GetFileVersionInfoA

path2.0

?IsValidCursorPosition@@YAHHH@Z

ole32

CoInitializeSecurity

wtsapi32

WTSSendMessageW

Exports

Exports

P��n,�ڨ3��7hҀu+: 9�\ ��9��=��7U�.!�^��T%^�4�� g�BM�1O�9�ڴI�Q�5C��G��~Y"��jo��8]��JU�Rq��=�ҋ��\��GR��:��(��7��;��Ŝ��q5�_;`�Mbe��_�^6��Y�(�IpKC��glvZ�q u�2ӭ<��8�߳�62ܼ�N5o�":��Ħ��z8mFJ�Q$�pGa�<��0+گ��S8Ma��k�d��#g�� O��x(>erNL (:�97�U��s= �Ҥ�ʳ2�~g|>��f�C7*n��N��ӆ�x8�lDF�� 4�fJ��\@�$�F�:P��͚P�؛ ��B��pBJIU��P�?j�e*��V�ԒFL�*�̐�~�#��:R��/��C:��c`#�C1;^3<��yl��1 ��,��=�E�l��"0B��5�� :vY�n�j��L��Ӭ^ۑ�ja��S��OZ��3C��uЯoPge�c��T�P��l��۾�YG��D��ǣ�C�>� �<f��V�{�(��*i�2֮r�tU�rs��.:��K4�}n\m�2� y6�q�H�S�3K��6��s��7U��e�v��G�]2�wߵ�Ou$��e�� W��]��HkP��Iv9�dW�Bn�%ÿ��|%B&�xœ��@v!��}�mu�:��{�0�򒝔�#�b�>�6ލ=.��m��ԝ��ԛ`�]g�M3ʹ��W|wt�5�a-`Ռ�j'H�}��I�kl a�|䨩��(�}� �Q�gp-R��T��5�Xe�(��:H��C�&4�J8��V��2d��|nݹy}.հb8?�ʑ��S}>��#�By�nB4��{��`��,[�8��Vq��[m��{��ڭ�l�U��d�I��$j)I�<R<g��A�� kR��O��r� ��i�n/��N67��f~�B��'\��Gי��B��Z��L�-��W,�FKtn��v0Xa뗼��a�S�܃�9�[�[Lk�js��E��4��\��el�f�JNUlALɐݥS��&��eD�O�ݒ��W�Xg�f�Z�y�j]�� T/J��Tۚ�M�iAo�R��C2R+A=�-�rH!�� 9!� /��59b4��gј�}WEZ��S�0��m,�M 1)��+ְ�h��I�D�r]uG��h��s֮�]\��< Q��(L��n�d^�Ο��QR#Y�Z�J4�$��c}�YDĵr�'{Cu�6*�X��T ��s^�4��#��P.��I��I�oU�y��br7Y%;�Q:�T��'��jb��厈�uy�*)�c�Ӯe��(�GC�x�񩜟�^UT��<�W-�XUH��T*gY��Oi��2 E��9�Z�`X��o��rB"�t��7IQg �>_@O�vFqF2��\L�pU��*��T崎p��m��} �-Z�`2H@H��mV^��9��Y��Ƴ �]��4?b�4�7�멧 ��Q� ߲u�"�)N�^�;��F��ҙ�.K��b׽`JxC�gN�!��(v ��rDӌ $�7��vw�C�,�� u�[��i"ŋ��괱i�'�"�`gX��0qR�LP�5��_�#��~ˉؔ�$lv��PW E��U�5�Unnr�4�� 5.#��^�?��G�q��<j=�"N�dW2��Ҩ#��E��Ӊ��&��Ԍ뉭aj$��Xdd�ڰ�&��j��c�l��2�k4ݢ�Y N�4:|r��p�{��:��w|2��-�HU�V��{��%$(3<�l:��+?�� =��+F ��d��f��0��?�v̺��1�_�� <!�y i��k��Gi��P��cN믩��i��ȞSr��=;��)�Bi-aV��R��kԅ ��#&g�<f��7CsO�6��9f�<7��r�� V<`>�SSۼ) %��!�r�L�/?ȫeb@{!J��9��v��1V|G[��Ñ��;��i�B��ߜ��=뛹m/��hc��@�?��s�N�D!�u�_�G��s��x��7SF �9� ��L�Ŧ$="}��aX��{*�Q<��k�Oa�3z��st�rSp5E#�_TU!U��_0��i9�� G��d��P�{<�K��h��6�X7G*9�BK��$3�!QBZG7��ȄƑ��fZ�$��0��J��uQ^��؇�3��,-��*3l��[��!��ԑ?%g�g�((��A�{�\�bhx��I.(o��]��44%j�^��!�#�l��9�K8�@aK��r��DM)�?lS8�?��]�_]Fik��I�_�&.��a�<��E��g�3A�4c�_�Č+�uʽ�>��5�WKS*Gw�w׹'�W�]��+��3$�� gU��D6l��p?��! ��q¥x��%P��*�p�ꑍ�Qj-�R-j.��[Z��A��ʎ��@��;�ke�U�^u�/Y�]��}=k�\�Lb��p��*A|�$�!7�� _Oӫ�"�O62��W�'��] ��(��W��b��Fu�M��Bi� ��S|6��ٯ�t��7��tfr<�+5^�AgTzhMa,w��#�i��_�!�;�^� ��V�KXM�e��d��p,uR&��xOX�0fT1�)ڼ4/:xc�<�W]�*��P^��%�&�g� M�=�?��K�/��I�b�3�zP|�9+��N�Lp�a�bqv��k��ߺ.k��c�È��':��L��Uu�RqAL�mn9��Pg,�,3CkFS��7��

Sections

Size: 60KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 25KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo0
Size: 190KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 193KB - Virtual size: 8.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.exports
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imports
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.denuvo7
Size: - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo1
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/path.dll
.dll .ps1 windows:5 windows x86 arch:x86 polyglot

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

OnigDefaultCaseFoldFlag
OnigDefaultSyntax
OnigEncAsciiCtypeTable
OnigEncAsciiToLowerCaseTable
OnigEncDefaultCharEncoding
OnigEncISO_8859_1_ToLowerCaseTable
OnigEncodingASCII
OnigEncodingBIG5
OnigEncodingCP1251
OnigEncodingEUC_CN
OnigEncodingEUC_JP
OnigEncodingEUC_KR
OnigEncodingEUC_TW
OnigEncodingGB18030
OnigEncodingISO_8859_1
OnigEncodingISO_8859_10
OnigEncodingISO_8859_11
OnigEncodingISO_8859_13
OnigEncodingISO_8859_14
OnigEncodingISO_8859_15
OnigEncodingISO_8859_16
OnigEncodingISO_8859_2
OnigEncodingISO_8859_3
OnigEncodingISO_8859_4
OnigEncodingISO_8859_5
OnigEncodingISO_8859_6
OnigEncodingISO_8859_7
OnigEncodingISO_8859_8
OnigEncodingISO_8859_9
OnigEncodingKOI8_R
OnigEncodingSJIS
OnigEncodingUTF16_BE
OnigEncodingUTF16_LE
OnigEncodingUTF32_BE
OnigEncodingUTF32_LE
OnigEncodingUTF8
OnigSyntaxASIS
OnigSyntaxEmacs
OnigSyntaxGnuRegex
OnigSyntaxGrep
OnigSyntaxJava
OnigSyntaxPerl
OnigSyntaxPerl_NG
OnigSyntaxPosixBasic
OnigSyntaxPosixExtended
OnigSyntaxRuby
onig_capture_tree_traverse
onig_copy_encoding
onig_copy_syntax
onig_copyright
onig_end
onig_error_code_to_str
onig_foreach_name
onig_free
onig_free_body
onig_get_capture_tree
onig_get_case_fold_flag
onig_get_default_case_fold_flag
onig_get_encoding
onig_get_match_stack_limit_size
onig_get_options
onig_get_syntax
onig_get_syntax_behavior
onig_get_syntax_op
onig_get_syntax_op2
onig_get_syntax_options
onig_init
onig_match
onig_name_to_backref_number
onig_name_to_group_numbers
onig_new
onig_new_deluxe
onig_noname_group_capture_is_active
onig_number_of_capture_histories
onig_number_of_captures
onig_number_of_names
onig_reg_init
onig_region_clear
onig_region_copy
onig_region_free
onig_region_init
onig_region_new
onig_region_resize
onig_region_set
onig_search
onig_set_default_case_fold_flag
onig_set_default_syntax
onig_set_match_stack_limit_size
onig_set_meta_char
onig_set_syntax_behavior
onig_set_syntax_op
onig_set_syntax_op2
onig_set_syntax_options
onig_set_verb_warn_func
onig_set_warn_func
onig_version
onigenc_always_false_is_allowed_reverse_match
onigenc_always_true_is_allowed_reverse_match
onigenc_apply_all_case_fold_with_map
onigenc_ascii_apply_all_case_fold
onigenc_ascii_get_case_fold_codes_by_str
onigenc_ascii_mbc_case_fold
onigenc_get_case_fold_codes_by_str_with_map
onigenc_get_default_encoding
onigenc_get_left_adjust_char_head
onigenc_get_prev_char_head
onigenc_get_right_adjust_char_head
onigenc_get_right_adjust_char_head_with_prev
onigenc_init
onigenc_is_mbc_newline_0x0a
onigenc_mb2_code_to_mbc
onigenc_mb2_code_to_mbclen
onigenc_mb2_is_code_ctype
onigenc_mb4_code_to_mbc
onigenc_mb4_code_to_mbclen
onigenc_mb4_is_code_ctype
onigenc_mbn_mbc_case_fold
onigenc_mbn_mbc_to_code
onigenc_minimum_property_name_to_ctype
onigenc_not_support_get_ctype_code_range
onigenc_set_default_caseconv_table
onigenc_set_default_encoding
onigenc_single_byte_code_to_mbc
onigenc_single_byte_code_to_mbclen
onigenc_single_byte_left_adjust_char_head
onigenc_single_byte_mbc_enc_len
onigenc_single_byte_mbc_to_code
onigenc_step
onigenc_step_back
onigenc_str_bytelen_null
onigenc_strlen
onigenc_strlen_null
onigenc_unicode_apply_all_case_fold
onigenc_unicode_ctype_code_range
onigenc_unicode_get_case_fold_codes_by_str
onigenc_unicode_is_code_ctype
onigenc_unicode_mbc_case_fold
onigenc_unicode_property_name_to_ctype
onigenc_utf16_32_get_ctype_code_range
onigenc_with_ascii_strncmp
re_adjust_startpos
re_alloc_pattern
re_compile_pattern
re_free_pattern
re_free_registers
re_match
re_mbcinit
re_search
re_set_casetable
reg_foreach_name
reg_name_to_group_numbers
reg_number_of_names
reg_set_encoding
regcomp
regerror
regexec
regfree

Sections

Size: - Virtual size: 216KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 89KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/path2.0.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?AllocDup@@YGPA_WPA_W@Z
?BreakOut@@YAXH@Z
?CallocMem@@YGPAXII@Z
?ClearEditLine@@YGXPA_W@Z
?CloseBatchFile@@YAXXZ
?CloseDirSearchHandles@@YAXHPAUFILESEARCH@@@Z
?CompressNTFS@@YAHPA_WH@Z
?ConsoleBreakHandler@@YGHK@Z
?ConsoleScreenBuffer@@YAPAXPAX@Z
?CutEgets@@YAXXZ
?DateTimeDlgProc@@YGHPAUHWND__@@IIJ@Z
?DefaultINI@@YAXPA_W@Z
?DefineStrings@@YGXXZ
?DeleteFromHistory@@YGXPA_W@Z
?DirHistoryStart@@YGPA_WXZ
?DisableInternalCommand@@YAHPA_W@Z
?DisplayPluginNames@@YGHPA_W@Z
?DoRunUpdater@@YGXPA_W@Z
?EnableWow64FsRedirection@@YGXH@Z
?Executables@@3PAPA_WA
?ExitBatchFile@@YAHXZ
?ExpandFunctionsInFileName@@YGHPA_W0@Z
?FFindDlgProc@@YGHPAUHWND__@@IIJ@Z
?GetClipboardLines@@YGHXZ
?GetFilesAndFoldersDialog@@YAHPAUHWND__@@PA_W111I@Z
?GetListSize@@YGHPA_W@Z
?GetProcessNameFromPID@@YGHKPA_W@Z
?GetRange@@YAHPA_WPAURANGES@@H@Z
?GetSearchAttributes@@YAPA_WPA_WPAUFILESEARCH@@@Z
?GetSwitches@@YAHPA_W0PAJHPAUFILESEARCH@@@Z
?HistoryStart@@YGPA_WXZ
?HtmlDecode@@YAPA_WPA_W0@Z
?HtmlEncode@@YAPA_WPA_W0@Z
?IDE_Cmd@@YGHPA_W@Z
?IniClear@@YAXPAUINIFILE@@@Z
?IniLine@@YAHPA_WPAUINIFILE@@HHPAPA_W@Z
?IniParse@@YAHPA_WPAUINIFILE@@I@Z
?IniReset@@YAHPA_WPAUINIFILE@@PAPA_W@Z
?InitListArray@@YAXH@Z
?InitializeGlobalVariables@@YGXXZ
?InitializeIniFile@@YAXXZ
?IsDirectory@@YGHPA_W@Z
?IsValidCursorPosition@@YAHHH@Z
?LCS@@YAPA_WPA_W0@Z
?ListSaveFile@@YAXXZ
?LoadWindowsFunctions@@YGXXZ
?Mklink_Cmd@@YGHPA_W@Z
?MonthCalDlgProc@@YGHPAUHWND__@@IIJ@Z
?MoveExecutionPointer@@YAHH@Z
?NTInternalHelp@@YAHPA_W@Z
?NthArgumentEx@@YGPA_WPA_WH0PAPA_WH@Z
?OpenBatchFile@@YAHXZ
?PluginHelp@@YGHPA_W@Z
?PluginUsage@@YGHPA_W0@Z
?ProcessINI@@YAHPA_W@Z
?QueryCountryInfo@@YAXXZ
?QueryDirectoryTree@@YGHPA_WH@Z
?QueryDiskInfo@@YAHPA_WPAUQDISKINFO@@H@Z
?QueryEnvironmentVariable@@YGHPA_W@Z
?QueryInternalCommandFlags@@YAHPA_W@Z
?QueryIsFileUTF8@@YGHPAX@Z
?QueryIsPipeHandle@@YAHPAX@Z
?QueryIsStreamUTF8@@YGHPAU_iobuf@@@Z
?QueryIsSymbolicLink@@YGHPA_WH@Z
?QueryNTFSInfo@@YAEHPAUQDISKINFO@@@Z
?QueryOSVersion@@YAXPAU_OSVERSIONINFOEXW@@@Z
?QueryPIDCommandLine@@YAHHPA_W@Z
?QueryParentWindow@@YAPAUHWND__@@XZ
?QueryPluginPathname@@YGPA_WPA_W@Z
?QueryPluginVersion@@YGHPA_W0@Z
?QueryUTCTime@@YGPA_WPA_WH@Z
?QueryViewWindow@@YAPAUHWND__@@XZ
?QueryVirtualMemSize@@YGKPAX@Z
?RecorderDlgProc@@YGHPAUHWND__@@IIJ@Z
?RegexReplace@@YAHPA_W00@Z
?RegisterApplicationRestartStub@@YAJPB_WK@Z
?ResetEGets@@YAXHH@Z
?RestoreFromTray@@YAXXZ
?RestoreVDMDirectory@@YAXXZ
?SaveBatchArguments@@YAPA_WPA_W@Z
?SaveIniData@@YAXXZ
?SendDialogWindow@@YAXPAUHWND__@@@Z
?SetDriveString@@YAXPA_W@Z
?SetInternalCommandFlags@@YAHPA_WH@Z
?SetMousePositionFromTCMD@@YGXHH@Z
?SetOSVersion@@YAXXZ
?ShowPrompt@@YAXPA_W@Z
?ShutdownCommandProcessor@@YAXXZ
?Similar@@YAHPA_W0@Z
?SkipWhiteSpace@@YAPA_WPA_W@Z
?StripLeadingCharacters@@YAXPA_W0@Z
?StripQuotes@@YAXPA_W@Z
?StripTrailingCharacters@@YAXPA_W0@Z
?TabComplete@@YAHPA_W0H@Z
?TakeCommandIPC@@YAHPA_W0@Z
?TestCondition@@YAHPA_WH@Z
?TrimCharacters@@YAXPA_W0@Z
?URLDecode@@YAPA_WPA_W0@Z
?URLEncode@@YAPA_WPA_W0@Z
?UTF8ToUnicode@@YGXPADPA_WH@Z
?UnicodeToUTF8@@YGXPA_WPADH@Z
?UnregisterApplicationRestartStub@@YAJXZ
?UpdateEnvironment@@YAXXZ
?UpdaterOptions@@YGHPAUHWND__@@@Z
?UsageStr@@YAHPA_W0@Z
?VBeep_Cmd@@YGHPA_W@Z
?View_Cmd@@YGHPA_W@Z
?VirtualAllocMem@@YGPAXPAI@Z
?VirtualFreeMem@@YGXPAX@Z
?VirtualReallocMem@@YGPAXPAXK@Z
?WrongOS@@YAXXZ
?__Unset@@YAHPA_W0@Z
?_ctoupper@@YAHH@Z
?_is_signed_digit@@YAHH@Z
?_isdigit@@YAH_W@Z
?_isxdigit@@YAH_W@Z
?aColors@@3PAUANSI_COLORS@@A
?aGlobals@@3UGLOBAL_VARIABLES@@A
?aIniFile@@3UINIFILE@@A
?find_file@@YAPA_WHPA_WKPAUFILESEARCH@@0@Z
?scan@@YAPA_WPA_W00@Z
?strend@@YAPA_WPA_W@Z
?wPopSelect@@YAPA_WPAUHWND__@@PAH111PAPA_WHHPA_W33H3@Z
?wcmemset@@YAXPA_W_WH@Z
ASCIIToUnicode
Activate_Cmd
AddCommas
AddQuotes
AddToHistory
AddVariableToList
AddWildcardIfDirectory
Alias_Cmd
AllocMem
AnsiString
AsciiToDouble
Assoc_Cmd
Attrib_Cmd
BDebugger_Cmd
Battext_Cmd
Beep_Cmd
BreakHandler
Break_Cmd
CPUUsage
CallHtmlHelp
Call_Cmd
Cancel_Cmd
Case_Cmd
Cd_Cmd
Cdd_Cmd
CenterWindow
ChangeDirectory
ChangeIcon
Chcp_Cmd
Cls_Cmd
Cmds_Cmd
ColorPrintf
Color_Cmd
Command
CompareFiles
CompareStrings
CopyDescriptions
CopyFilename
CopyFromClipboard
CopyTextToClipboard
CopyToClipboard
Copy_Cmd
CrLf
CreateLink
Date_Cmd
Del_Cmd
Delay_Cmd
Describe_Cmd
DestroyFolder
DirHistory_Cmd
Dir_Cmd
Dirs_Cmd
DoPropertySheet
Do_Cmd
DrawHline_Cmd
DrawVline_Cmd
Drawbox_Cmd
EatKeystrokes
EchoErr_Cmd
Echo_Cmd
EchosErr_Cmd
Echos_Cmd
EjectMedia_Cmd
EnableSignals
EndOfList
Endlocal_Cmd
ErrorMsgBox
EscapeLine
Eset_Cmd
Evaluate
Except_Cmd
Exit_Cmd
ExpandAliases
ExpandVariables
ExtensionPart
External
ExtractFileSummary
Ffind_Cmd
FilenamePart
FindProcess
FindWindowFromPID
FmtMsgBox
For_Cmd
ForceForegroundWindow
FormatDate
FreeMem
Free_Cmd
Ftype_Cmd
FuzzyFindWindow
GetAbsCursorPosition
GetAbsScrRows
GetAlias
GetAttribute
GetClipboardLine
GetColors
GetCursorPosition
GetCursorRange
GetDriveTypeEx
GetExeType
GetFileDialog
GetFileLine
GetFileSize64
GetFolderDialog
GetFolderSize
GetFuzzyDir
GetKeystroke
GetLine
GetLongName
GetMousePosition
GetParentPID
GetParentProcessName
GetRandom
GetRowOffset
GetScrCols
GetScrRows
GetServerNames
GetShareNames
GetShortName
GetTempDirectory
GetToken
GetVariableList
GetWOW64
Global_Cmd
Gosub_Cmd
GotoURL
Goto_Cmd
Help_Cmd
History_Cmd
HoldSignals
If_Cmd
Iff_Cmd
InitPopupFont
InitializeDLL
Inkey_Cmd
Input_Cmd
InsertPathInFilename
IntToAscii
Keybd_Cmd
Keys_Cmd
Keystack_Cmd
LastArgument
List_Cmd
LoadAllPlugins
LoadMedia_Cmd
LoadOnePlugin
Log_Cmd
MakeDirectoryName
MakeFolder
MakeFullName
MakeVLFN
MakeWildcardName
Md_Cmd
Memory_Cmd
Mklnk_Cmd
MouseCursorOff
MouseCursorOn
Msgbox_Cmd
Mv_Cmd
MyFindExecutable
NextArgument
NextHistoryEntry
NextListEntry
NthArgument
OffOn
On_Cmd
Option_Cmd
PDir_Cmd
ParseColors
PathLength
PathPart
Path_Cmd
PauseKeys
Pause_Cmd
Plugin_Cmd
Popd_Cmd
PreviousHistoryEntry
Printf
Priority_Cmd
PromptAliases
Prompt_Cmd
Pushd_Cmd
QPutc
QPuts
Qprintf
QueryCodePage
QueryCurrentDate
QueryCurrentDirectory
QueryCurrentDrive
QueryCurrentTime
QueryDiskLabel
QueryDriveExists
QueryDriveReady
QueryDriveRemote
QueryDriveRemovable
QueryFileOwner
QueryFileSize
QueryFileStreams
QueryIFSType
QueryInputChar
QueryIsANSI
QueryIsAdministrator
QueryIsCDROM
QueryIsCON
QueryIsConsole
QueryIsDelimiter
QueryIsDevice
QueryIsDirectory
QueryIsFile
QueryIsFileOrDirectory
QueryIsFileUnicode
QueryIsGUI
QueryIsJunction
QueryIsLFN
QueryIsNetworkDrive
QueryIsNumeric
QueryIsPluginCommand
QueryIsPluginFeature
QueryIsStreamUnicode
QueryIsTCMD
QueryIsTTY
QueryIsURL
QueryIsVMWare
QueryIsVirtualPC
QueryIsWhiteSpace
QueryKeyWaiting
QueryMemSize
QueryMouseClickWaiting
QueryOptionValue
QueryPluginInfo
QuerySeekSize
QueryTrueName
QueryUnicodeOutput
QueryVolumeInfo
Querybox_Cmd
QuitSendKeys
Quit_Cmd
Rd_Cmd
ReadCellStr
ReadDescriptions
ReallocMem
Reboot_Cmd
RegularExpression
Remark_Cmd
Ren_Cmd
ResolveLink
Ret_Cmd
RewindFile
RunKeystrokePlugin
RunPlugin
RunStartupFiles
SaveDirectory
Scr_Cmd
Scroll
Scrput_Cmd
SearchPaths
SelectFolder
Select_Cmd
SendKeys
SetAbsCursorPosition
SetCodePage
SetColors
SetCursorPosition
SetCursorSize
SetEVariable
SetError_Cmd
SetINIDirective
SetLineColor
SetMousePosition
SetSessionTitle
SetTransparency
Set_Cmd
Setdos_Cmd
Setlocal_Cmd
Shift_Cmd
Shralias_Cmd
Sprintf
Sscanf
Start_Cmd
StripEnclosingQuotes
Switch_Cmd
SysBeep
SysWait
TCFilter_Cmd
TCToolbar_Cmd
Tee_Cmd
Time_Cmd
Timer_Cmd
Title_Cmd
Touch_Cmd
Tree_Cmd
Truename_Cmd
Type_Cmd
Unalias_Cmd
UnicodeToASCII
UniqueFileName
UnloadAllPlugins
UnloadOnePlugin
Unset_Cmd
UpdateTitleAndIcon
VScrput_Cmd
Ver_Cmd
Verify_Cmd
Volume_Cmd
Which_Cmd
WildcardComparison
WindowToClipboard
Window_Cmd
WriteCellStr
WriteChrAtt
WriteDescriptions
WritePrivateProfileInt
WriteStrAtt
WriteTTY
WriteVStrAtt
Y_Cmd
_HashFile
_stristr
egets
error
honk
strins
strlast
tty_yield
wwriteXP

Sections

Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 425KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 203KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/path3.0.dll
.exe windows:5 windows x86 arch:x86

fcf1390e9ce472c7270447fc5c61a0c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
DecodePointer

gdiplus

GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc

Sections

.text
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/prompt1.exe
.exe windows:4 windows x86 arch:x86

768d2a1c9fec6851632cce17641ec571

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
wcscmp
memmove
wcslen
wcscpy
wcscat
sprintf
malloc
free
_wstat
_wcsdup
strcmp
floor
ceil
wcsncmp
fabs
fseek
ftell
fread
memcpy
fclose
pow
??3@YAXPAX@Z
wcsncpy
_wcsicmp
tolower
calloc
_lseeki64
_errno
realloc
abort
_close
_wopen
_setmode
exit
_open_osfhandle
strchr
_strdup
_snprintf
setlocale
strrchr
strncmp
wctomb
_get_osfhandle
_open
toupper
wcschr
mbstowcs
_vsnwprintf

kernel32

GetModuleHandleW
HeapCreate
HeapDestroy
ExitProcess
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
RemoveDirectoryW
FindResourceW
LoadResource
SizeofResource
GetCommandLineW
GetTempFileNameW
EnterCriticalSection
CloseHandle
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateThread
TerminateThread
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessW
HeapFree
TerminateProcess
CreateFileW
GetFileSize
ReadFile
DeleteFileW
WriteFile
SetUnhandledExceptionFilter
Sleep
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
HeapReAlloc
TlsAlloc
MulDiv
SetFileAttributesW
MoveFileW
GetCurrentDirectoryW
GetDriveTypeW
FindFirstFileW
FindClose
GetFileAttributesW
GetTempPathW
CreateDirectoryW
SetFilePointer
SetEndOfFile
TlsFree
TlsGetValue
TlsSetValue
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetLastError
VirtualAlloc
VirtualFree
WideCharToMultiByte
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
GetFileType
PeekNamedPipe
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetExitCodeProcess
GetFullPathNameW
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY

user32

FindWindowW
GetWindowThreadProcessId
ShowWindow
SetWindowPos
SetForegroundWindow
LoadIconW
SendMessageW
IsWindow
GetWindowRect
ClientToScreen
GetSystemMetrics
MoveWindow
MessageBoxW
GetForegroundWindow
IsWindowVisible
GetWindowLongW
IsWindowEnabled
EnableWindow
EnumWindows
DestroyWindow
CreateWindowExW
SetWindowLongW
CallWindowProcW
RemovePropW
DefWindowProcW
GetPropW
GetParent
SetPropW
GetWindow
SetActiveWindow
DestroyIcon
LoadCursorW
RegisterClassW
AdjustWindowRectEx
CreateAcceleratorTableW
UnregisterClassW
SetTimer
PeekMessageW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
GetAncestor
IsDialogMessageW
TranslateMessage
DispatchMessageW
IsZoomed
IsIconic
KillTimer
SetWindowTextW
DefFrameProcW
SetFocus
GetFocus
GetClientRect
FillRect
DestroyAcceleratorTable
SetRect
EnumChildWindows
PostMessageW
GetDC
ReleaseDC
GetKeyState
GetClassNameW
IsChild
RegisterWindowMessageW

gdi32

GetStockObject
DeleteObject
GetDeviceCaps
GetObjectW
CreateBitmap
CreateCompatibleDC
SelectObject
SetPixel
DeleteDC
CreateDIBSection
GetDIBits
BitBlt
GetObjectType
CreateDCW
CreateFontW

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

comctl32

InitCommonControlsEx

ole32

CoInitialize
RevokeDragDrop

shell32

ShellExecuteExW

winmm

timeBeginPeriod

shlwapi

PathQuoteSpacesW
PathRemoveExtensionW
PathAddBackslashW

Sections

.code
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22.6MB - Virtual size: 22.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/prompt10.dll
.7z
AdbWinApi.dll
.dll windows:6 windows x86 arch:x86

c64cac39044626770353879245ea25e4

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13/01/2020, 00:00

Not After

20/01/2021, 12:00

Subject

CN=Tencent Technology(Shenzhen) Company Limited,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:b3:93:7a:e9:e1:74:ed:0b:54:a5:68:30:9e:ba:a4:df:ba:81:b0:f2:e8:b4:8b:35:30:e1:67:e0:81:2b:ef
Signer

Actual PE Digest

88:b3:93:7a:e9:e1:74:ed:0b:54:a5:68:30:9e:ba:a4:df:ba:81:b0:f2:e8:b4:8b:35:30:e1:67:e0:81:2b:ef

Digest Algorithm

sha256

PE Digest Matches

true

ab:68:37:5b:2e:31:25:5a:35:c9:c7:22:48:ea:f9:a7:81:af:cc:41
Signer

Actual PE Digest

ab:68:37:5b:2e:31:25:5a:35:c9:c7:22:48:ea:f9:a7:81:af:cc:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\code\android\donut\development\host\windows\usb\api\objfre_wxp_x86\i386\AdbWinApi.pdb

Imports

ole32

CoCreateInstance

kernel32

GetACP
SetLastError
CloseHandle
GetLastError
DeviceIoControl
WriteFile
ReadFile
GetOverlappedResult
CreateFileW
WideCharToMultiByte
Sleep
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryW
GetFileAttributesW
GetSystemDirectoryW
RaiseException
FreeLibrary
InterlockedExchange
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetVersionExA
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
OutputDebugStringA
VirtualAlloc
HeapReAlloc
HeapSize
LoadLibraryA
GetModuleHandleW
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
VirtualProtect
GetSystemInfo
VirtualQuery
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers

setupapi

SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PBG@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SGPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SG?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SG?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SG?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameLoader.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GameSuccess.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 1.3MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 21KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 917KB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 316KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 186KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
adb.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

Size: 286KB - Virtual size: 620KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 71KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 186KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 946KB - Virtual size: 948KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bypass.dat
conf.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mosem32.dll
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 359KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 139KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.2MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.8MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 21.8MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mosem64.dll
.exe windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 712KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 359KB - Virtual size: 796KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 139KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2.2MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1.8MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 21.8MB - Virtual size: 8.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prom5.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prom5a.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prom5b.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prom5bs.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prom5s.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt10.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt11.dll
.elf linux aarch64
prompt1132.dll
.elf linux arm
prompt1132x.dll
.elf linux arm
prompt15.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt15b32.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 262KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 52KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 290KB - Virtual size: 13.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt1632.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 262KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 52KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 290KB - Virtual size: 13.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt17.exe
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 262KB - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 22KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 52KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 290KB - Virtual size: 13.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt1x.dll
.elf linux arm
prompt20.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt2x.dll
prompt3x.dll
prompt4x.dll
prompt932.dll
.elf linux arm
prompt96.dat
prompt_patch4.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
prompt_patch5.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
pssuspend.exe
.exe windows:5 windows x86 arch:x86

6e9a261f58f47d82fb85893416a0d9b3

Code Sign

33:00:00:00:9a:9a:9b:16:c2:83:da:d5:c2:00:00:00:00:00:9a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:9b:b4:27:10:db:50:26:47:20:1a:2a:cd:c0:52:33:f0:7c:40:48:45:db:63:e5:a2:89:88:e0:0d:f2:5c:c0
Signer

Actual PE Digest

f3:9b:b4:27:10:db:50:26:47:20:1a:2a:cd:c0:52:33:f0:7c:40:48:45:db:63:e5:a2:89:88:e0:0d:f2:5c:c0

Digest Algorithm

sha256

PE Digest Matches

true

da:ff:95:2f:b3:6e:60:f3:34:52:1e:11:8f:3a:29:98:d8:ab:9c:2d
Signer

Actual PE Digest

da:ff:95:2f:b3:6e:60:f3:34:52:1e:11:8f:3a:29:98:d8:ab:9c:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

mpr

WNetCancelConnection2A
WNetAddConnection2A

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
VerQueryValueA

kernel32

GetCommandLineW
GetModuleFileNameA
GetModuleFileNameW
LockResource
FreeLibrary
GetCurrentProcess
GetLastError
SetLastError
WaitForSingleObject
Sleep
LoadResource
SizeofResource
WriteFile
CloseHandle
GetModuleHandleA
GetStdHandle
LoadLibraryExA
FindResourceA
GetSystemDirectoryA
CreateFileA
DeleteFileA
GetComputerNameA
WideCharToMultiByte
GetConsoleScreenBufferInfo
GetVersion
OpenProcess
ReadFile
GetCommandLineA
GetFullPathNameA
GetTickCount
LoadLibraryA
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
OutputDebugStringW
SetEndOfFile
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
FormatMessageA
RaiseException
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
CreateThread
GetCurrentThreadId
ExitThread
LoadLibraryExW
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
CreateFileW
FlushFileBuffers
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

comdlg32

PrintDlgA

advapi32

CreateServiceA
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shpch.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
SelectObject
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

Size: 302KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 59KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 1024B - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 202KB - Virtual size: 8.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sqlite64.apx
unify1a.apx
unify2.apx
.elf linux arm
unify2a.apx
unify3.apx
.elf linux arm
unify3a.apx
unify5.apx
.elf linux arm
unify6.apx
unify7.apx
unify8.apx
ProximaCentauriB_Exploring_Unknown-12thMay/prompt8.dll
.exe windows:5 windows x86 arch:x86

12e12319f1029ec4f8fcbed7e82df162

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
LocalFree
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProximaCentauriB_Exploring_Unknown-12thMay/prompt9.exe
.exe windows:4 windows x64 arch:x64

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/spanish.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 204KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProximaCentauriB_Exploring_Unknown-12thMay/sqlite64.apx

Sharing

General

Malware Config

Signatures

Files

c64cac39044626770353879245ea25e4

Code Sign

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8eCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0b:4b:a8:7a:a5:0c:b9:b1:99:5e:36:94:4b:f9:b3:cf:b5:ba:0b:02:61:7e:07:c2:80:1f:94:c8:92:f9:63:42Signer

e7:3f:26:8f:5a:37:f3:81:9d:dd:0f:24:04:a3:03:5b:f1:84:d1:c2Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

kernel32

setupapi

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

ead364a9564def7dbab3c2916879f461

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

shell32

version

ole32

msvcrt

comctl32

wininet

comdlg32

winmm

winspool.drv

d3d9

winhttp

wtsapi32

Exports

Exports

Sections

Size: 8.3MB - Virtual size: 8.3MB

Size: 22KB - Virtual size: 24KB

Size: 145KB - Virtual size: 148KB

Size: - Virtual size: 108KB

Size: 5KB - Virtual size: 20KB

Size: 26KB - Virtual size: 28KB

Size: - Virtual size: 4KB

Size: - Virtual size: 4KB

01:ea:62:e4:43:cb:22:50:c8:70:ff:6b:b1:3b:a9:8e
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:6e:de:36:46:25:fc:c0:ef:95:5e:52:d2:f2:d2:b2
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0b:4b:a8:7a:a5:0c:b9:b1:99:5e:36:94:4b:f9:b3:cf:b5:ba:0b:02:61:7e:07:c2:80:1f:94:c8:92:f9:63:42
Signer

e7:3f:26:8f:5a:37:f3:81:9d:dd:0f:24:04:a3:03:5b:f1:84:d1:c2
Signer

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB

.denuvo0
Size: 185KB - Virtual size: 188KB

.data
Size: 2.7MB - Virtual size: 2.8MB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.denuvo7
Size: - Virtual size: 3.7MB

.boot
Size: 2.2MB - Virtual size: 2.2MB

.denuvo1
Size: 18.6MB - Virtual size: 18.6MB

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 127KB - Virtual size: 127KB

.denuvo0
Size: 185KB - Virtual size: 188KB

.data
Size: 2.7MB - Virtual size: 2.7MB

.exports
Size: 512B - Virtual size: 4KB

.imports
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.denuvo7
Size: - Virtual size: 3.9MB

.boot
Size: 2.3MB - Virtual size: 2.3MB

.denuvo1
Size: 18.6MB - Virtual size: 18.6MB

.denuvo2
Size: 2.2MB - Virtual size: 2.2MB

.rsrc
Size: 127KB - Virtual size: 127KB

UPX0
Size: - Virtual size: 456KB

UPX1
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 367KB - Virtual size: 368KB