a409c55d5717993158b4477ffd9c19af85b69dbc877e298c85c65bfbd6e905ae_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

a409c55d5717993158b4477ffd9c19af85b69dbc877e298c85c65bfbd6e905ae_NeikiAnalytics.exe
Size

1.1MB
MD5

5ba4c8802111679142fee2e890663810
SHA1

610c1f75c215eff5f0f58eab9a6e0979bd18056c
SHA256

a409c55d5717993158b4477ffd9c19af85b69dbc877e298c85c65bfbd6e905ae
SHA512

75381430293ff221a6d4d017fedb1c8d1092b307b4318bae4bf6b999fb0017799ac9924adb16223d6acc36731ec2e548c01d3e9fa0e69e19f11b5959d341c4a8
SSDEEP

24576:A2JKiJHX1buPBb4pbZCPYTbGwEs8wL5aDl72Ms:rnvngfw44

Score

1^/10

Malware Config

Signatures

Files

a409c55d5717993158b4477ffd9c19af85b69dbc877e298c85c65bfbd6e905ae_NeikiAnalytics.exe
.exe windows:6 windows x64 arch:x64

365888fc4cd6afc328cb588e85ee2d9a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:44:ac:14:e6:af:24:8f:c9:0c:49:95:78:28:ce:24
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/04/2023, 00:00

Not After

24/04/2026, 23:59

Subject

CN=Bitdefender SRL,OU=DEVSUP CL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8f:40:37:ce:a9:e6:a3:45:e3:b2:b6:d2:12:81:b9:16:33:0c:4c:80:33:e6:e6:6d:b7:59:98:f2:a1:19:4b:28
Signer

Actual PE Digest

8f:40:37:ce:a9:e6:a3:45:e3:b2:b6:d2:12:81:b9:16:33:0c:4c:80:33:e6:e6:6d:b7:59:98:f2:a1:19:4b:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\xml-data\build-dir\CODRU-CL23M-SOURCES\bin\x64\Release\SupportTool.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
CreateEventW
SetEvent
DeleteFileW
InitializeCriticalSectionEx
RaiseException
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
GetCommandLineW
CreateFileW
GetSystemDirectoryW
SetEnvironmentVariableW
WaitForMultipleObjects
GetFileAttributesW
OpenProcess
GlobalAlloc
GlobalFree
GlobalLock
LocalFree
GlobalUnlock
CreateDirectoryW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
SetEndOfFile
SetFileAttributesW
ExpandEnvironmentStringsW
DeviceIoControl
GetModuleHandleExW
GetFileInformationByHandleEx
IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetLastError
GetCurrentThreadId
GetVersionExW
GetEnvironmentVariableW
GetCurrentProcess
GetModuleHandleW
CreateMutexW
FreeLibrary
QueryDosDeviceW
GetLongPathNameW
VirtualFree
VirtualAlloc
FlushInstructionCache
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
VirtualQuery
VirtualProtect
GetSystemInfo
K32GetMappedFileNameW
FileTimeToSystemTime
SetSearchPathMode
FormatMessageW
LoadLibraryA
LoadLibraryExA
GetModuleFileNameA
GetWindowsDirectoryW
GetTickCount64
GetLocalTime
GetModuleFileNameW
GetProcAddress
LoadLibraryW
WaitForSingleObject
CreateThread
Sleep
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
AreFileApisANSI
HeapDestroy
GetCurrentThread
GetProcessTimes
QueryPerformanceFrequency
SetLastError
OutputDebugStringA
DebugBreak
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
GetFileSizeEx
SetFilePointer

user32

SetWindowPos
FindWindowW
PostMessageW
CopyRect
OffsetRect
GetWindowLongW
GetAncestor
GetCursorPos
MonitorFromRect
MonitorFromPoint
IsWindow
GetParent
RegisterWindowMessageW
ShowScrollBar
SendMessageW
LoadIconW
SetClassLongPtrW
SetWindowTextW
GetActiveWindow
EnumThreadWindows
EnableWindow
ReleaseDC
CreateDialogIndirectParamW
GetDesktopWindow
SetClipboardData
SetParent
ChangeWindowMessageFilterEx
TranslateMessage
MoveWindow
EmptyClipboard
CloseClipboard
DefDlgProcW
IsDialogMessageW
OpenClipboard
RegisterClassExW
GetWindowLongPtrW
GetShellWindow
SetWindowLongPtrW
EnumChildWindows
SetActiveWindow
GetPropW
GetDC
DestroyWindow
GetMessageW
GetMonitorInfoW
GetWindowRect
SystemParametersInfoW
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
SetForegroundWindow
MonitorFromWindow
ShowWindow
IsIconic
DispatchMessageW
GetForegroundWindow

gdi32

GetDeviceCaps

advapi32

ConvertSidToStringSidW
RegGetValueW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW
GetAce
GetFileSecurityW
GetSecurityDescriptorDacl
GetSidIdentifierAuthority
GetSidSubAuthority
GetSidSubAuthorityCount
GetAclInformation
LookupAccountSidW
GetNamedSecurityInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree

msvcp140

??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
_Xtime_get_ticks
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_join
_Thrd_id
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?tolower@?$ctype@D@std@@QEBADD@Z
_Cnd_do_broadcast_at_thread_exit
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?is@?$ctype@_W@std@@QEBA_NF_W@Z
??1_Locinfo@std@@QEAA@XZ
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
_Wcscoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xruntime_error@std@@YAXPEBD@Z
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
_Cnd_signal
??0_Locinfo@std@@QEAA@HPEBD@Z
?_Getname@_Locinfo@std@@QEBAPEBDXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPEAV123@AEBV_Locinfo@3@HPEAV123@PEBV23@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?id@?$numpunct@D@std@@2V0locale@2@A

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

vcruntime140_1

__CxxFrameHandler4

vcruntime140

wcsrchr
_purecall
wcsstr
strchr
memmove
memset
wcschr
__current_exception
__current_exception_context
_CxxThrowException
memcmp
memcpy
memchr
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_invalid_parameter_noinfo
_errno
terminate
abort
signal
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
_exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_set_app_type
_seh_filter_exe
exit
_cexit
_crt_atexit
_register_onexit_function

api-ms-win-crt-string-l1-1-0

_wcslwr_s
iswspace
_wcsdup
strcpy_s
_strnicmp
wcscat_s
wmemcpy_s
wcsnlen
wcsncpy_s
wcscpy_s
_wcsicmp
wcstok_s
isspace
_wcsnicmp
strcmp

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
fflush
_wfsopen
__stdio_common_vfwprintf_s
setvbuf
fsetpos
_fseeki64
__stdio_common_vsnprintf_s
fgets
__stdio_common_vfprintf_s
__stdio_common_vsprintf_s
fwrite
fgetpos
ungetc
fputc
__stdio_common_vsnwprintf_s
fgetc
__stdio_common_vswprintf_s
__stdio_common_vsprintf
__stdio_common_vswprintf
fclose
_get_stream_buffer_pointers
fread

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_set_new_mode
malloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

api-ms-win-crt-environment-l1-1-0

_wdupenv_s

api-ms-win-crt-convert-l1-1-0

strtoll
strtoull
strtod
_wtoi
atoll
atol
_itoa_s

api-ms-win-crt-math-l1-1-0

_finite
_fdclass
_ldclass
_fdsign
_ldsign
_dsign
ceilf
_dclass
__setusermatherr

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 597KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 343KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

365888fc4cd6afc328cb588e85ee2d9a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0c:44:ac:14:e6:af:24:8f:c9:0c:49:95:78:28:ce:24Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

8f:40:37:ce:a9:e6:a3:45:e3:b2:b6:d2:12:81:b9:16:33:0c:4c:80:33:e6:e6:6d:b7:59:98:f2:a1:19:4b:28Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

ole32

msvcp140

ntdll

vcruntime140_1

vcruntime140

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

version

Sections

.text Size: 597KB - Virtual size: 597KB

.rdata Size: 153KB - Virtual size: 153KB

.data Size: 18KB - Virtual size: 25KB

.pdata Size: 25KB - Virtual size: 25KB

.didat Size: 512B - Virtual size: 232B

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 343KB - Virtual size: 342KB

.reloc Size: 4KB - Virtual size: 4KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0c:44:ac:14:e6:af:24:8f:c9:0c:49:95:78:28:ce:24
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

8f:40:37:ce:a9:e6:a3:45:e3:b2:b6:d2:12:81:b9:16:33:0c:4c:80:33:e6:e6:6d:b7:59:98:f2:a1:19:4b:28
Signer

.text
Size: 597KB - Virtual size: 597KB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 18KB - Virtual size: 25KB

.pdata
Size: 25KB - Virtual size: 25KB

.didat
Size: 512B - Virtual size: 232B

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 343KB - Virtual size: 342KB

.reloc
Size: 4KB - Virtual size: 4KB