parsec-windows — копия[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

parsec-windows — копия.exe
Size

3.9MB
MD5

b4dc57cd5d7152c8f6d0e10b9964addb
SHA1

19b2bcd830e1daef34139819c0d1998948bc4384
SHA256

049929edaa4a57735c91fcf38871f1ef51db2f398ff891cbd3761d0e022204dc
SHA512

9e530e0b402fcb182aa41c62d40d033cff03798ed52aadf047250920a9699e4002ade45d749678be8c7c4247d34d751b9b19c8a3b117f760395164dbad57c732
SSDEEP

98304:osSoMQnPLeMNCvYa59QKS7XnqSsAVlsX4pIDmjjcrhm2NGbUUI:osSByeMj04VlslQsm2NKe

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
parsec-windows — копия.exe
unpack001/$PLUGINSDIR/ApplicationID.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/vusb/parsec-vud.exe

Files

parsec-windows — копия.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 188KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ApplicationID.dll
.dll windows:6 windows x86 arch:x86

9b38d46d6882ee63437c721734be794c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\src\NSIS-ApplicationID\Release\ApplicationID.pdb

Imports

kernel32

MultiByteToWideChar
GlobalAlloc
GlobalFree
lstrcpynA
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
GetLastError
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
HeapSize
CreateFileW

shell32

SHCreateItemFromParsingName
SHGetPropertyStoreFromParsingName

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shlwapi

SHStrDupW

Exports

Exports

Set
UninstallJumpLists
UninstallPinnedItem

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
parsecd.exe
.exe windows:6 windows x64 arch:x64

43e208612bb1b7bf9a2d6ef93d7ffeec

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:f6:23:f1:9a:9f:e8:f4:0b:27:a0:a4:bb:06:37:be:a8:33:17:3a:d2:cf:7d:54:b0:04:f9:e0:b8:d1:5b:bb
Signer

Actual PE Digest

b8:f6:23:f1:9a:9f:e8:f4:0b:27:a0:a4:bb:06:37:be:a8:33:17:3a:d2:cf:7d:54:b0:04:f9:e0:b8:d1:5b:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetConsoleMode
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WriteFile
SetLastError
GetCommandLineA
GetFullPathNameW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
LoadLibraryW
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
GetStartupInfoW
HeapReAlloc
ReadFile
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
SetStdHandle
HeapSize
GetProcessHeap
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
RaiseException
InitializeSListHead
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwindEx
FreeLibrary
SetUnhandledExceptionFilter
GetStdHandle
CopyFileW
FindNextFileW
FindFirstFileW
FindClose
GetEnvironmentStringsW
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileExW
GetLastError
FreeEnvironmentStringsW
GetSystemDirectoryW
SetEnvironmentVariableW
GetCurrentProcess
GetCommandLineW
CloseHandle
GetFileInformationByHandle
CreateFileW
DeviceIoControl
RtlCaptureContext
GetModuleFileNameW

shlwapi

PathIsNetworkPathW

shell32

SHGetKnownFolderPath
ord165

user32

MessageBoxW

bcrypt

BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptHashData
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptFinishHash

crypt32

CertFreeCertificateContext
CryptBinaryToStringW

msi

ord224

ole32

CoTaskMemFree

Sections

.text
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pservice.exe
.exe windows:6 windows x64 arch:x64

60e699a86ace77c1e6146e859c5513ec

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:84:b4:80:7a:9a:17:ce:31:d0:e4:38:41:6e:24:46:fa:3d:a3:43:2c:8d:63:21:9e:71:cd:44:13:a5:7c:e8
Signer

Actual PE Digest

cd:84:b4:80:7a:9a:17:ce:31:d0:e4:38:41:6e:24:46:fa:3d:a3:43:2c:8d:63:21:9e:71:cd:44:13:a5:7c:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileW
FindClose
FindNextFileW
CopyFileW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
SleepConditionVariableCS
WaitForSingleObject
CreateThread
GetCurrentThreadId
QueryPerformanceCounter
SetWaitableTimerEx
CreateWaitableTimerW
SetLastError
GetFileType
ExitProcess
TerminateProcess
GetModuleHandleExW
HeapAlloc
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
GetStartupInfoW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
GetFileAttributesExW
HeapReAlloc
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
HeapSize
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
FlushFileBuffers
WriteConsoleW
RaiseException
InitializeSListHead
GetCommandLineA
RtlPcToFileHeader
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlUnwindEx
GetConsoleMode
FreeLibrary
CreateProcessW
SetUnhandledExceptionFilter
GetStdHandle
GetEnvironmentStringsW
GetModuleHandleW
GetCurrentProcessId
GetProcAddress
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetCurrentProcess
FindFirstFileExW
GetCommandLineW
GetExitCodeProcess
ConnectNamedPipe
QueryFullProcessImageNameW
WTSGetActiveConsoleSessionId
Process32FirstW
Process32NextW
GetLastError
ProcessIdToSessionId
CreateToolhelp32Snapshot
OpenProcess
DisconnectNamedPipe
GetNamedPipeClientProcessId
CreateNamedPipeW
WriteFile
CallNamedPipeW
ReadFile
CloseHandle
CreateFileW
RtlLookupFunctionEntry
GetModuleFileNameW

shlwapi

PathFileExistsW

shell32

SHGetKnownFolderPath

advapi32

RegQueryValueExW
ReportEventW
RegisterEventSourceW
DuplicateTokenEx
StartServiceCtrlDispatcherW
CreateProcessAsUserW
RegOpenKeyExW
InitializeSecurityDescriptor
OpenProcessToken
RegSetValueExW
SetServiceStatus
SetTokenInformation
RegCloseKey
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
DeregisterEventSource
RegDeleteValueW

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsW
WTSFreeMemory

crypt32

CryptBinaryToStringW
CertFreeCertificateContext

msi

ord224

ole32

CoTaskMemFree

sas

SendSAS

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup.json
skel/appdata.json
skel/parsecd-150-93b.dll
.dll windows:6 windows x64 arch:x64

6894944ad194630e505136c343c64375

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

26-04-2023 00:00

Not After

03-01-2025 23:59

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:90:c3:65:57:f4:0e:d8:c5:ed:56:88:8f:f1:ee:da:ff:9d:a7:2a:28:43:52:97:b7:cf:c2:42:ff:1a:06:12
Signer

Actual PE Digest

33:90:c3:65:57:f4:0e:d8:c5:ed:56:88:8f:f1:ee:da:ff:9d:a7:2a:28:43:52:97:b7:cf:c2:42:ff:1a:06:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
GetThreadId
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TryAcquireSRWLockShared
GlobalSize
ResetEvent
WaitForSingleObjectEx
LoadLibraryExW
SetThreadErrorMode
SwitchToThread
GetFileAttributesW
GetModuleHandleExW
GetSystemTimeAsFileTime
GetOverlappedResultEx
ResumeThread
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
GlobalFree
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedFlushSList
GetFileType
WriteConsoleW
GetFullPathNameW
ExitProcess
TerminateProcess
GetDriveTypeW
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SetConsoleCtrlHandler
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
HeapFree
HeapAlloc
GetStartupInfoW
FlsAlloc
CreateWaitableTimerW
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
OutputDebugStringW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
ReadConsoleW
SetStdHandle
HeapSize
GetFileAttributesExW
FlushFileBuffers
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
SetEndOfFile
SleepConditionVariableSRW
InitializeSListHead
FindFirstFileExW
GetThreadTimes
InitializeCriticalSectionEx
GetConsoleMode
AttachConsole
DeleteFileW
SetWaitableTimerEx
QueryPerformanceFrequency
QueryPerformanceCounter
GetConsoleWindow
SetConsoleTitleW
SetConsoleMode
AllocConsole
CreateProcessW
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStringsW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
FreeEnvironmentStringsW
GetSystemDirectoryW
SetProcessShutdownParameters
SetEnvironmentVariableW
GetCommandLineW
SetPriorityClass
CallNamedPipeW
lstrlenW
OpenThread
TerminateThread
GetComputerNameW
GetExitCodeProcess
SetEvent
CreateThread
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
lstrlenA
Sleep
ConnectNamedPipe
QueryFullProcessImageNameW
GetNamedPipeServerProcessId
GetOverlappedResult
FormatMessageW
DisconnectNamedPipe
GetNamedPipeClientProcessId
CreateNamedPipeW
GetModuleFileNameW
WriteFile
SetLastError
SetNamedPipeHandleState
ReadFile
AcquireSRWLockExclusive
GetCurrentThread
ReleaseSRWLockExclusive
VerifyVersionInfoW
VerSetConditionMask
SetUnhandledExceptionFilter
GetCurrentThreadId
LocalAlloc
GetTempPathW
GetCurrentProcess
GlobalUnlock
GetModuleHandleW
GlobalLock
GlobalAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
SetThreadExecutionState
GetCurrentProcessId
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
CreateEventW
GetCommandLineA
LocalFree
GetProcessHeap
GetLastError
OpenProcess
WaitForSingleObject
CloseHandle
SetConsoleOutputCP
GetFileInformationByHandle
CreateFileW
FlsGetValue
DeviceIoControl

shlwapi

StrStrIW
PathFileExistsW
StrStrIA
StrStrW
PathIsNetworkPathW
ord12

shell32

SetCurrentProcessExplicitAppUserModelID
Shell_NotifyIconGetRect
Shell_NotifyIconW
DragAcceptFiles
SHCreateDirectoryExW
SHGetKnownFolderPath
ExtractIconExW
DragQueryFileW
DragFinish

user32

MapVirtualKeyW
GetPointerPenInfo
GetPointerType
GetKeyNameTextW
IsZoomed
IsIconic
IsWindowVisible
MonitorFromPoint
CloseClipboard
SetTimer
OpenClipboard
RegisterClassExW
UnregisterClassW
CreateWindowExW
DestroyWindow
DefWindowProcW
EnumDisplaySettingsW
PostMessageW
ChangeDisplaySettingsExW
InsertMenuItemW
GetMonitorInfoW
EnumDisplayMonitors
GetRawInputData
GetWindowPlacement
CreatePopupMenu
GetDoubleClickTime
PostQuitMessage
UnregisterHotKey
RegisterHotKey
RegisterRawInputDevices
GetMenuItemInfoW
GetRawInputDeviceInfoW
EmptyClipboard
GetClipboardData
RemoveClipboardFormatListener
GetClipboardSequenceNumber
SetClipboardData
AddClipboardFormatListener
IsClipboardFormatAvailable
KillTimer
SetThreadDesktop
CloseDesktop
OpenInputDesktop
GetSystemMetrics
GetCursorInfo
LockWorkStation
DestroyMenu
InsertMenuW
TrackPopupMenu
SetWindowPos
DispatchMessageW
PeekMessageW
TranslateMessage
RegisterWindowMessageW
GetIconInfo
DestroyIcon
ShowWindow
SendMessageW
ClientToScreen
GetAncestor
GetWindowLongW
EnumDisplayDevicesW
SetForegroundWindow
GetDC
ReleaseDC
GetWindowRect
AdjustWindowRect
SetCursorPos
SetCursor
GetCursor
ScreenToClient
ClipCursor
EndMenu
MonitorFromWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetClassLongPtrW
LoadCursorW
MessageBoxW
CreateIconIndirect
SetWindowPlacement
GetClientRect
WindowFromDC
AllowSetForegroundWindow
EnumWindows
PostThreadMessageW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetMessageW
SendInput
GetKeyboardLayout
GetAsyncKeyState
wsprintfW
GetWindowTextW
QueryDisplayConfig
DisplayConfigGetDeviceInfo
SetDisplayConfig
GetWindowThreadProcessId
WindowFromPoint
GetForegroundWindow
GetCursorPos
GetLayeredWindowAttributes
SetLayeredWindowAttributes
GetKeyState
GetMessageExtraInfo

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

ws2_32

sendto
WSAPoll
htons
htonl
recvfrom
socket
closesocket
inet_ntop
WSAGetLastError
setsockopt
ioctlsocket
WSAStartup
inet_pton
getaddrinfo
freeaddrinfo
WSASendMsg
WSASetLastError
select
bind
WSAIoctl
recv
WSACleanup
connect
getnameinfo
send
ntohl
ntohs
inet_addr
getsockname
shutdown

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

imm32

ImmReleaseContext
ImmDisableIME
ImmSetCompositionWindow
ImmGetContext

advapi32

RegQueryInfoKeyW
RegGetValueW
RegQueryValueExW
GetUserNameW
RegOpenKeyExW
RegCloseKey
InitializeSecurityDescriptor
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegEnumKeyW
GetTokenInformation
QueryServiceStatusEx
OpenServiceW
ChangeServiceConfigW
StartServiceW
OpenProcessToken
ControlService
ChangeServiceConfig2W
OpenSCManagerW
CloseServiceHandle
OpenThreadToken
DuplicateTokenEx
SetThreadToken
LogonUserW
IsWellKnownSid
SetTokenInformation
RegDeleteValueW
RegSetValueExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
RegOpenCurrentUser
GetEffectiveRightsFromAclW
CreateProcessAsUserW
RegEnumKeyExW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSLogoffSession
WTSQueryUserToken
WTSConnectSessionW
WTSQuerySessionInformationW

dxgi

CreateDXGIFactory2
CreateDXGIFactory1

winmm

timeEndPeriod
timeBeginPeriod

dwmapi

DwmGetWindowAttribute

gdi32

GetObjectW
CreateBitmap
DeleteObject
CreateDIBSection
GetBitmapBits

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptDestroyKey
BCryptGenRandom
BCryptSetProperty
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptEncrypt
BCryptGenerateSymmetricKey

schannel

FreeCredentialsHandle
InitializeSecurityContextW
DeleteSecurityContext
QueryContextAttributesW
FreeContextBuffer
AcquireCredentialsHandleW

secur32

EncryptMessage
SetContextAttributesW
DecryptMessage

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor
GetScaleFactorForMonitor

crypt32

CertCreateSelfSignCertificate
CryptUnprotectData
CertStrToNameW
CryptBinaryToStringA
CertFreeCertificateContext
CryptProtectData
CryptBinaryToStringW

opengl32

wglGetCurrentDC
glBindTexture
glGenTextures
glGetTexLevelParameteriv
wglMakeCurrent
wglDeleteContext
wglCreateContext
wglShareLists
glDisable
glTexImage2D
glGetBooleanv
wglGetProcAddress
glEnable
wglGetCurrentContext
glGetIntegerv
glFlush
glDeleteTextures

xinput1_4

ord2
ord3

windowscodecs

WICConvertBitmapSource

d3d11

D3D11CreateDevice

d3d12

D3D12SerializeRootSignature
ord101

hid

HidP_GetUsageValue
HidP_GetButtonCaps
HidP_GetCaps
HidP_GetValueCaps
HidP_GetUsages

cfgmgr32

SwDeviceCreate
SwDeviceClose
CM_Get_Device_Interface_PropertyW
CM_Locate_DevNodeW
CM_Get_DevNode_PropertyW
CM_Get_DevNode_Status

msi

ord224

iphlpapi

FreeMibTable
GetIfTable2Ex
GetBestInterfaceEx
GetIpAddrTable
GetBestRoute
GetAdaptersAddresses

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
PropVariantClear
CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitializeEx

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDevicePropertyW
SetupDiDestroyDeviceInfoList

winhttp

WinHttpWebSocketQueryCloseStatus
WinHttpWebSocketClose
WinHttpWebSocketReceive
WinHttpWebSocketSend
WinHttpWebSocketCompleteUpgrade
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpCrackUrl
WinHttpSetStatusCallback

Exports

Exports

console_main
wx_main

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
teams.exe
.exe windows:6 windows x64 arch:x64

ca031310eb12b349b9b999ebbe0436d0

Code Sign

0f:f5:0e:15:d1:d2:93:3d:fe:2a:27:b8:df:b2:5e:5e
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

13-05-2020 00:00

Not After

26-04-2023 12:00

Subject

SERIALNUMBER=6033210,CN=Parsec Cloud\, Inc.,O=Parsec Cloud\, Inc.,L=New York,ST=New York,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18-04-2012 12:00

Not After

18-04-2027 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29-03-2022 00:00

Not After

14-03-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:b5:9b:6e:bc:29:7b:91:a1:a0:a2:cf:43:ff:50:7a:7f:37:f2:e0:ec:6c:a3:e4:2c:ea:f4:cd:42:fe:f2:ca
Signer

Actual PE Digest

67:b5:9b:6e:bc:29:7b:91:a1:a0:a2:cf:43:ff:50:7a:7f:37:f2:e0:ec:6c:a3:e4:2c:ea:f4:cd:42:fe:f2:ca

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsProcessorFeaturePresent
GetCurrentThreadId
ExitProcess
FreeLibrary
GetModuleHandleW
GetModuleHandleExW
GetProcAddress
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
CompareStringW
LCMapStringW
MultiByteToWideChar
GetProcessHeap
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
GetCurrentProcess
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentDirectoryW
CreateFileW
FindClose
FindNextFileW
CloseHandle
GetStdHandle
GetModuleFileNameW
UnhandledExceptionFilter
GetConsoleMode
WaitForSingleObject
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetWaitableTimer
CreateWaitableTimerW
RtlUnwindEx
EncodePointer
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlPcToFileHeader
WriteFile
GetFileType
WriteConsoleW
OutputDebugStringW
FindFirstFileExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
ReadFile
ReadConsoleW
GetConsoleOutputCP
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
SetEndOfFile
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineW
GetCommandLineA
SetLastError
GetLastError
GetComputerNameW
LocalFree

crypt32

CryptProtectData

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

winhttp

WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpOpen
WinHttpConnect

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vusb/parsec-vud.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 164KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/DIALOG/105
.rsrc/DIALOG/106
.rsrc/DIALOG/111
.rsrc/GROUP_ICON/103
.rsrc/ICON/1
.png
.rsrc/MANIFEST/1
.xml
.rsrc/version.txt
.text
[0]
wscripts/firewall-add.vbs
.vbs
wscripts/firewall-remove.vbs
.vbs
wscripts/legacy-cleanup.vbs
.vbs
wscripts/service-install.vbs
.vbs
wscripts/service-kill-parsec.vbs
.vbs
wscripts/service-remove.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 188KB

.rsrc Size: 114KB - Virtual size: 113KB

9b38d46d6882ee63437c721734be794c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

ole32

shlwapi

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 6KB

.gfids Size: 1024B - Virtual size: 536B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 638B

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 188KB

.rsrc
Size: 114KB - Virtual size: 113KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 6KB

.gfids
Size: 1024B - Virtual size: 536B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b8:f6:23:f1:9a:9f:e8:f4:0b:27:a0:a4:bb:06:37:be:a8:33:17:3a:d2:cf:7d:54:b0:04:f9:e0:b8:d1:5b:bb
Signer

.text
Size: 146KB - Virtual size: 146KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 3KB - Virtual size: 12KB

.pdata
Size: 7KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 220KB - Virtual size: 219KB

.reloc
Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

09:68:12:e8:33:50:f1:ad:f4:e9:d5:67:f3:cf:82:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cd:84:b4:80:7a:9a:17:ce:31:d0:e4:38:41:6e:24:46:fa:3d:a3:43:2c:8d:63:21:9e:71:cd:44:13:a5:7c:e8
Signer