6c4ec4452af55dcedfb04def3fed5852e46ce6c4dc73514f385d46e11177e0bd[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

6c4ec4452af55dcedfb04def3fed5852e46ce6c4dc73514f385d46e11177e0bd.zip
Size

12.5MB
MD5

2e51d5aca790cf9673a36b7b5b37b6fa
SHA1

c65db1b880945cb5695bca70a6ba9eba2b11e8d5
SHA256

6c4ec4452af55dcedfb04def3fed5852e46ce6c4dc73514f385d46e11177e0bd
SHA512

a5a57db7fc34617be17b03c4625e59c31e06d027b79f40c1fb6b633d4432d918c8dc2fda9152f4a6ec0cecd95067a9f3d67f54a1a5a936860214797a0f9fa7f5
SSDEEP

196608:UpAAbVYYaVoh2891HahPJPHDtX+JnVg8dFtStVMggF3TQm7jSkMtjJXRBur:UptaYaqh289QhPVBRtVjk3UQSZb/ur

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/archive/amdhip64.dll
unpack001/archive/setup.exe

Files

6c4ec4452af55dcedfb04def3fed5852e46ce6c4dc73514f385d46e11177e0bd.zip
.zip
archive/amdhip64.dll
.dll windows:6 windows x64 arch:x64

1c2f4d4b9ed7d6c726296dca5b10f60c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

opengl32

wglGetCurrentContext
wglMakeCurrent
wglGetProcAddress
wglDeleteContext
wglCreateContext

kernel32

LoadLibraryA
DebugBreak
CloseHandle
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
GetEnvironmentStrings
GetStdHandle
CreateDirectoryA
CreateFileA
GetFileAttributesA
GetFileSize
WriteFile
GetTempPathA
RaiseException
QueryPerformanceCounter
QueryPerformanceFrequency
SwitchToThread
CreateThread
GetCurrentThreadId
GetExitCodeThread
GlobalMemoryStatusEx
GetSystemInfo
GetSystemTimeAsFileTime
GetWindowsDirectoryA
VirtualAlloc
VirtualFree
VirtualQuery
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameA
CreateFileMappingA
GetFullPathNameA
Sleep
GetModuleHandleExA
VerSetConditionMask
VerifyVersionInfoA
GetModuleHandleA
SetEvent
ResetEvent
CreateEventW
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
InitOnceExecuteOnce
InitializeSRWLock
InitializeCriticalSection
DeleteCriticalSection
RtlCaptureContext
CreateFileW
FindClose
GetFinalPathNameByHandleA
IsDebuggerPresent
DeviceIoControl
GetCurrentProcess
GetCurrentProcessId
GetLogicalProcessorInformation
FreeLibrary
GetModuleFileNameW
OpenFileById
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
VerifyVersionInfoW
ReleaseMutex
CreateMutexA
OpenMutexA
lstrlenW
RegisterWaitForSingleObject
UnregisterWait
CreateFileMappingW
OpenFileMappingW
WaitForMultipleObjects
WaitForSingleObjectEx
GetSystemDirectoryA
WideCharToMultiByte
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
SetThreadPriority
ResumeThread
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
ReadFile
SetNamedPipeHandleState
GetOverlappedResult
CancelIoEx
CreateEventA
CallNamedPipeA
WaitNamedPipeA
TransactNamedPipe
GetNamedPipeServerProcessId
OutputDebugStringA
GetTickCount64
FormatMessageA
K32GetModuleFileNameExA
LocalFree
SetLastError
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
InterlockedFlushSList
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetFileAttributesExW
GetFullPathNameW
GetCurrentDirectoryW
GetTimeZoneInformation
GetFileSizeEx
DeleteFileW
GetProcAddress
GetLastError
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
LoadLibraryExW
GetDriveTypeW
GetFileInformationByHandle
WriteConsoleW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetLogicalProcessorInformationEx
RtlUnwind
HeapSize
HeapReAlloc
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
ExitProcess
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
SetEndOfFile
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetNativeSystemInfo
InitializeCriticalSectionEx
InitOnceBeginInitialize
InitOnceComplete
SleepConditionVariableSRW
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetModuleHandleW
CompareStringEx
GetCPInfo
GetStringTypeW
InitializeCriticalSectionAndSpinCount
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
FileTimeToSystemTime

user32

GetAsyncKeyState
QueryDisplayConfig
GetClientRect
IsChild
IsWindowVisible
GetForegroundWindow
GetWindowRect
ShowCursor
IntersectRect
DisplayConfigGetDeviceInfo
MonitorFromWindow
GetMonitorInfoA
EnumDisplayMonitors
GetWindowInfo
GetAncestor
IsWindow
GetWindow

gdi32

DeleteDC
CreateDCA

advapi32

RegOpenKeyExA
RegEnumValueA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegGetValueA

Exports

Exports

AMD_CPU_AFFINITY
AMD_DIRECT_DISPATCH
AMD_GPU_FORCE_SINGLE_FP_DENORM
AMD_LOG_LEVEL
AMD_LOG_LEVEL_FILE
AMD_LOG_MASK
AMD_OCL_BUILD_OPTIONS
AMD_OCL_BUILD_OPTIONS_APPEND
AMD_OCL_LINK_OPTIONS
AMD_OCL_LINK_OPTIONS_APPEND
AMD_OCL_SC_LIB
AMD_OCL_WAIT_COMMAND
AMD_OPT_FLUSH
AMD_SERIALIZE_COPY
AMD_SERIALIZE_KERNEL
AMD_THREAD_TRACE_ENABLE
CL_KHR_FP64
CQ_THREAD_STACK_SIZE
CUDA_VISIBLE_DEVICES
DISABLE_DEFERRED_ALLOC
GPU_ADD_HBCC_SIZE
GPU_ANALYZE_HANG
GPU_BLIT_ENGINE_TYPE
GPU_DEVICE_ORDINAL
GPU_DUMP_BLIT_KERNELS
GPU_DUMP_CODE_OBJECT
GPU_ENABLE_COOP_GROUPS
GPU_ENABLE_HW_P2P
GPU_ENABLE_LARGE_ALLOCATION
GPU_ENABLE_LC
GPU_ENABLE_PAL
GPU_ENABLE_WAVE32_MODE
GPU_ENABLE_WGP_MODE
GPU_FLUSH_ON_EXECUTION
GPU_FORCE_64BIT_PTR
GPU_FORCE_BLIT_COPY_SIZE
GPU_FORCE_OCL20_32BIT
GPU_IFH_MODE
GPU_IMAGE_BUFFER_WAR
GPU_IMAGE_DMA
GPU_MAX_COMMAND_BUFFERS
GPU_MAX_COMMAND_QUEUES
GPU_MAX_HEAP_SIZE
GPU_MAX_HW_QUEUES
GPU_MAX_REMOTE_MEM_SIZE
GPU_MAX_SUBALLOC_SIZE
GPU_MAX_USWC_ALLOC_SIZE
GPU_MAX_WORKGROUP_SIZE
GPU_MAX_WORKGROUP_SIZE_2D_X
GPU_MAX_WORKGROUP_SIZE_2D_Y
GPU_MAX_WORKGROUP_SIZE_3D_X
GPU_MAX_WORKGROUP_SIZE_3D_Y
GPU_MAX_WORKGROUP_SIZE_3D_Z
GPU_MIPMAP
GPU_NUM_COMPUTE_RINGS
GPU_NUM_MEM_DEPENDENCY
GPU_PINNED_MIN_XFER_SIZE
GPU_PINNED_XFER_SIZE
GPU_PRINT_CHILD_KERNEL
GPU_RAW_TIMESTAMP
GPU_RESOURCE_CACHE_SIZE
GPU_SELECT_COMPUTE_RINGS_ID
GPU_SINGLE_ALLOC_PERCENT
GPU_STAGING_BUFFER_SIZE
GPU_STREAMOPS_CP_WAIT
GPU_USE_DEVICE_QUEUE
GPU_USE_SINGLE_SCRATCH
GPU_USE_SYNC_OBJECTS
GPU_WAVES_PER_SIMD
GPU_WAVE_LIMIT_ENABLE
GPU_WORKLOAD_SPLIT
GPU_XFER_BUFFER_SIZE
HIP_FORCE_QUEUE_PROFILING
HIP_HIDDEN_FREE_MEM
HIP_HOST_COHERENT
HIP_MEM_POOL_SUPPORT
HIP_VISIBLE_DEVICES
HSA_ENABLE_COARSE_GRAIN_SVM
HSA_KERNARG_POOL_SIZE
HSA_LOCAL_MEMORY_ENABLE
OCL_CODE_CACHE_ENABLE
OCL_CODE_CACHE_RESET
OCL_SET_SVM_SIZE
OCL_STUB_PROGRAMS
OPENCL_VERSION
PAL_ALWAYS_RESIDENT
PAL_EMBED_KERNEL_MD
PAL_FORCE_ASIC_REVISION
PAL_MALL_POLICY
PAL_PREPINNED_MEMORY_SIZE
PAL_RGP_DISP_COUNT
REMOTE_ALLOC
ROC_ACTIVE_WAIT_TIMEOUT
ROC_AQL_QUEUE_SIZE
ROC_CPU_WAIT_FOR_SIGNAL
ROC_ENABLE_LARGE_BAR
ROC_ENABLE_PRE_VEGA
ROC_GLOBAL_CU_MASK
ROC_HMM_FLAGS
ROC_P2P_SDMA_SIZE
ROC_SKIP_COPY_SYNC
ROC_SKIP_KERNEL_ARG_COPY
ROC_SYSTEM_SCOPE_SIGNAL
ROC_USE_FGS_KERNARG
__gnu_f2h_ieee
__gnu_h2f_ieee
__hipPopCallConfiguration
__hipPushCallConfiguration
__hipRegisterFatBinary
__hipRegisterFunction
__hipRegisterManagedVar
__hipRegisterSurface
__hipRegisterTexture
__hipRegisterVar
__hipUnregisterFatBinary
amd_dbgapi_get_build_id
amd_dbgapi_get_build_name
amd_dbgapi_get_git_hash
hipApiName
hipArray3DCreate
hipArrayCreate
hipArrayDestroy
hipBindTexture
hipBindTexture2D
hipBindTextureToArray
hipBindTextureToMipmappedArray
hipChooseDevice
hipConfigureCall
hipCreateChannelDesc
hipCreateSurfaceObject
hipCreateTextureObject
hipCtxCreate
hipCtxDestroy
hipCtxDisablePeerAccess
hipCtxEnablePeerAccess
hipCtxGetApiVersion
hipCtxGetCacheConfig
hipCtxGetCurrent
hipCtxGetDevice
hipCtxGetFlags
hipCtxGetSharedMemConfig
hipCtxPopCurrent
hipCtxPushCurrent
hipCtxSetCacheConfig
hipCtxSetCurrent
hipCtxSetSharedMemConfig
hipCtxSynchronize
hipDestroyExternalMemory
hipDestroyExternalSemaphore
hipDestroySurfaceObject
hipDestroyTextureObject
hipDeviceCanAccessPeer
hipDeviceComputeCapability
hipDeviceDisablePeerAccess
hipDeviceEnablePeerAccess
hipDeviceGet
hipDeviceGetAttribute
hipDeviceGetByPCIBusId
hipDeviceGetCacheConfig
hipDeviceGetDefaultMemPool
hipDeviceGetLimit
hipDeviceGetMemPool
hipDeviceGetName
hipDeviceGetP2PAttribute
hipDeviceGetPCIBusId
hipDeviceGetSharedMemConfig
hipDeviceGetStreamPriorityRange
hipDeviceGetUuid
hipDevicePrimaryCtxGetState
hipDevicePrimaryCtxRelease
hipDevicePrimaryCtxReset
hipDevicePrimaryCtxRetain
hipDevicePrimaryCtxSetFlags
hipDeviceReset
hipDeviceSetCacheConfig
hipDeviceSetMemPool
hipDeviceSetSharedMemConfig
hipDeviceSynchronize
hipDeviceTotalMem
hipDriverGetVersion
hipDrvMemcpy2DUnaligned
hipDrvMemcpy3D
hipDrvMemcpy3DAsync
hipDrvPointerGetAttributes
hipEnableActivityCallback
hipEventCreate
hipEventCreateWithFlags
hipEventDestroy
hipEventElapsedTime
hipEventQuery
hipEventRecord
hipEventSynchronize
hipExtGetLinkTypeAndHopCount
hipExtLaunchKernel
hipExtLaunchMultiKernelMultiDevice
hipExtMallocWithFlags
hipExtModuleLaunchKernel
hipExtStreamCreateWithCUMask
hipExtStreamGetCUMask
hipExternalMemoryGetMappedBuffer
hipFree
hipFreeArray
hipFreeAsync
hipFreeHost
hipFreeMipmappedArray
hipFuncGetAttribute
hipFuncGetAttributes
hipFuncSetAttribute
hipFuncSetCacheConfig
hipFuncSetSharedMemConfig
hipGLGetDevices
hipGetChannelDesc
hipGetCmdName
hipGetDevice
hipGetDeviceCount
hipGetDeviceFlags
hipGetDeviceProperties
hipGetErrorName
hipGetErrorString
hipGetLastError
hipGetMipmappedArrayLevel
hipGetSymbolAddress
hipGetSymbolSize
hipGetTextureAlignmentOffset
hipGetTextureObjectResourceDesc
hipGetTextureObjectResourceViewDesc
hipGetTextureObjectTextureDesc
hipGetTextureReference
hipGraphAddChildGraphNode
hipGraphAddDependencies
hipGraphAddEmptyNode
hipGraphAddEventRecordNode
hipGraphAddEventWaitNode
hipGraphAddHostNode
hipGraphAddKernelNode
hipGraphAddMemcpyNode
hipGraphAddMemcpyNode1D
hipGraphAddMemcpyNodeFromSymbol
hipGraphAddMemcpyNodeToSymbol
hipGraphAddMemsetNode
hipGraphChildGraphNodeGetGraph
hipGraphClone
hipGraphCreate
hipGraphDestroy
hipGraphDestroyNode
hipGraphEventRecordNodeGetEvent
hipGraphEventRecordNodeSetEvent
hipGraphEventWaitNodeGetEvent
hipGraphEventWaitNodeSetEvent
hipGraphExecChildGraphNodeSetParams
hipGraphExecDestroy
hipGraphExecEventRecordNodeSetEvent
hipGraphExecEventWaitNodeSetEvent
hipGraphExecHostNodeSetParams
hipGraphExecKernelNodeSetParams
hipGraphExecMemcpyNodeSetParams
hipGraphExecMemcpyNodeSetParams1D
hipGraphExecMemcpyNodeSetParamsFromSymbol
hipGraphExecMemcpyNodeSetParamsToSymbol
hipGraphExecMemsetNodeSetParams
hipGraphExecUpdate
hipGraphGetEdges
hipGraphGetNodes
hipGraphGetRootNodes
hipGraphHostNodeGetParams
hipGraphHostNodeSetParams
hipGraphInstantiate
hipGraphInstantiateWithFlags
hipGraphKernelNodeGetParams
hipGraphKernelNodeSetParams
hipGraphLaunch
hipGraphMemcpyNodeGetParams
hipGraphMemcpyNodeSetParams
hipGraphMemcpyNodeSetParams1D
hipGraphMemcpyNodeSetParamsFromSymbol
hipGraphMemcpyNodeSetParamsToSymbol
hipGraphMemsetNodeGetParams
hipGraphMemsetNodeSetParams
hipGraphNodeFindInClone
hipGraphNodeGetDependencies
hipGraphNodeGetDependentNodes
hipGraphNodeGetType
hipGraphRemoveDependencies
hipGraphicsGLRegisterBuffer
hipGraphicsGLRegisterImage
hipGraphicsMapResources
hipGraphicsResourceGetMappedPointer
hipGraphicsSubResourceGetMappedArray
hipGraphicsUnmapResources
hipGraphicsUnregisterResource
hipHccModuleLaunchKernel
hipHostAlloc
hipHostFree
hipHostGetDevicePointer
hipHostGetFlags
hipHostMalloc
hipHostRegister
hipHostUnregister
hipImportExternalMemory
hipImportExternalSemaphore
hipInit
hipInitActivityCallback
hipIpcCloseMemHandle
hipIpcGetEventHandle
hipIpcGetMemHandle
hipIpcOpenEventHandle
hipIpcOpenMemHandle
hipKernelNameRef
hipLaunchByPtr
hipLaunchCooperativeKernel
hipLaunchCooperativeKernelMultiDevice
hipLaunchKernel
hipMalloc
hipMalloc3D
hipMalloc3DArray
hipMallocArray
hipMallocAsync
hipMallocFromPoolAsync
hipMallocHost
hipMallocManaged
hipMallocMipmappedArray
hipMallocPitch
hipMemAdvise
hipMemAllocHost
hipMemAllocPitch
hipMemGetAddressRange
hipMemGetInfo
hipMemPoolCreate
hipMemPoolDestroy
hipMemPoolExportPointer
hipMemPoolExportToShareableHandle
hipMemPoolGetAccess
hipMemPoolGetAttribute
hipMemPoolImportFromShareableHandle
hipMemPoolImportPointer
hipMemPoolSetAccess
hipMemPoolSetAttribute
hipMemPoolTrimTo
hipMemPrefetchAsync
hipMemPtrGetInfo
hipMemRangeGetAttribute
hipMemRangeGetAttributes
hipMemcpy
hipMemcpy2D
hipMemcpy2DAsync
hipMemcpy2DFromArray
hipMemcpy2DFromArrayAsync
hipMemcpy2DToArray
hipMemcpy2DToArrayAsync
hipMemcpy3D
hipMemcpy3DAsync
hipMemcpyAsync
hipMemcpyAtoH
hipMemcpyDtoD
hipMemcpyDtoDAsync
hipMemcpyDtoH
hipMemcpyDtoHAsync
hipMemcpyFromArray
hipMemcpyFromSymbol
hipMemcpyFromSymbolAsync
hipMemcpyHtoA
hipMemcpyHtoD
hipMemcpyHtoDAsync
hipMemcpyParam2D
hipMemcpyParam2DAsync
hipMemcpyPeer
hipMemcpyPeerAsync
hipMemcpyToArray
hipMemcpyToSymbol
hipMemcpyToSymbolAsync
hipMemcpyWithStream
hipMemset
hipMemset2D
hipMemset2DAsync
hipMemset3D
hipMemset3DAsync
hipMemsetAsync
hipMemsetD16
hipMemsetD16Async
hipMemsetD32
hipMemsetD32Async
hipMemsetD8
hipMemsetD8Async
hipMipmappedArrayCreate
hipMipmappedArrayDestroy
hipMipmappedArrayGetLevel
hipModuleGetFunction
hipModuleGetGlobal
hipModuleGetTexRef
hipModuleLaunchKernel
hipModuleLaunchKernelExt
hipModuleLoad
hipModuleLoadData
hipModuleLoadDataEx
hipModuleOccupancyMaxActiveBlocksPerMultiprocessor
hipModuleOccupancyMaxActiveBlocksPerMultiprocessorWithFlags
hipModuleOccupancyMaxPotentialBlockSize
hipModuleOccupancyMaxPotentialBlockSizeWithFlags
hipModuleUnload
hipOccupancyMaxActiveBlocksPerMultiprocessor
hipOccupancyMaxActiveBlocksPerMultiprocessorWithFlags
hipOccupancyMaxPotentialBlockSize
hipPeekAtLastError
hipPointerGetAttribute
hipPointerGetAttributes
hipProfilerStart
hipProfilerStop
hipRegisterActivityCallback
hipRegisterApiCallback
hipRemoveActivityCallback
hipRemoveApiCallback
hipRuntimeGetVersion
hipSetDevice
hipSetDeviceFlags
hipSetupArgument
hipSignalExternalSemaphoresAsync
hipStreamAddCallback
hipStreamAttachMemAsync
hipStreamBeginCapture
hipStreamCreate
hipStreamCreateWithFlags
hipStreamCreateWithPriority
hipStreamDestroy
hipStreamEndCapture
hipStreamGetCaptureInfo
hipStreamGetCaptureInfo_v2
hipStreamGetFlags
hipStreamGetPriority
hipStreamIsCapturing
hipStreamQuery
hipStreamSynchronize
hipStreamUpdateCaptureDependencies
hipStreamWaitEvent
hipTexObjectCreate
hipTexObjectDestroy
hipTexObjectGetResourceDesc
hipTexObjectGetResourceViewDesc
hipTexObjectGetTextureDesc
hipTexRefGetAddress
hipTexRefGetAddressMode
hipTexRefGetArray
hipTexRefGetBorderColor
hipTexRefGetFilterMode
hipTexRefGetFlags
hipTexRefGetFormat
hipTexRefGetMaxAnisotropy
hipTexRefGetMipmapFilterMode
hipTexRefGetMipmapLevelBias
hipTexRefGetMipmapLevelClamp
hipTexRefGetMipmappedArray
hipTexRefSetAddress
hipTexRefSetAddress2D
hipTexRefSetAddressMode
hipTexRefSetArray
hipTexRefSetBorderColor
hipTexRefSetFilterMode
hipTexRefSetFlags
hipTexRefSetFormat
hipTexRefSetMaxAnisotropy
hipTexRefSetMipmapFilterMode
hipTexRefSetMipmapLevelBias
hipTexRefSetMipmapLevelClamp
hipTexRefSetMipmappedArray
hipThreadExchangeStreamCaptureMode
hipUnbindTexture
hipWaitExternalSemaphoresAsync

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/concrt140.dll
.dll windows:6 windows x64 arch:x64

7f070c3864ce20e1b9879a9e3126cd30

Code Sign

33:00:00:01:2f:0d:ca:5a:e9:ea:70:8d:f5:00:00:00:00:01:2f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:6f:d8:fc:b6:6e:34:b9:0b:3e:64:a6:bd:98:55:dd:78:5a:47:f7:d1:50:d8:1d:14:d7:54:e1:7a:ea:fd:fc
Signer

Actual PE Digest

c8:6f:d8:fc:b6:6e:34:b9:0b:3e:64:a6:bd:98:55:dd:78:5a:47:f7:d1:50:d8:1d:14:d7:54:e1:7a:ea:fd:fc

Digest Algorithm

sha256

PE Digest Matches

true

73:7e:58:9f:d6:7e:ae:3c:cc:6b:95:f5:40:6e:57:24:52:bb:5f:4f
Signer

Actual PE Digest

73:7e:58:9f:d6:7e:ae:3c:cc:6b:95:f5:40:6e:57:24:52:bb:5f:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\agent\_work\8\s\\binaries\amd64ret\bin\amd64\\concrt140.amd64.pdb

Imports

msvcp140

__crtCloseThreadpoolWait
__crtSetThreadpoolWait
?_Xbad_function_call@std@@YAXXZ
__crtCreateThreadpoolWait
__crtCloseThreadpoolTimer
__crtWaitForThreadpoolTimerCallbacks
__crtCreateThreadpoolTimer
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
__crtSetThreadpoolTimer
__crtCreateSemaphoreExW
__crtGetCurrentProcessorNumber
__crtFlushProcessWriteBuffers
__crtGetTickCount64
__crtCreateEventExW
__crtInitializeCriticalSectionEx
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Throw_C_error@std@@YAXH@Z
_Cnd_broadcast
_Cnd_wait
_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
__crtFreeLibraryWhenCallbackReturns

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
__std_type_info_destroy_list
__current_exception_context
_purecall
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
__uncaught_exception
memcpy
__current_exception
__RTDynamicCast

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_invalid_parameter_noinfo_noreturn
_initterm
_cexit
_crt_atexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

sqrt
exp

api-ms-win-crt-string-l1-1-0

wcsncpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
__acrt_iob_func
__stdio_common_vswprintf_s
fflush

kernel32

OutputDebugStringW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
Sleep
GetCurrentThreadId
GetCurrentProcess
WaitForSingleObjectEx
SetEvent
GetLastError
DuplicateHandle
CloseHandle
GetCurrentThread
CreateTimerQueue
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
GetProcAddress
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
FreeLibrary
GetThreadTimes
GetModuleHandleW
LoadLibraryW
LoadLibraryExW
SetLastError
EncodePointer
UnregisterWaitEx
ReleaseSemaphore
InitializeSListHead
SetProcessAffinityMask
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
UnregisterWait

Exports

Exports

??0?$_SpinWait@$00@details@Concurrency@@QEAA@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QEAA@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QEAA@AEBV01@@Z
??0SchedulerPolicy@Concurrency@@QEAA@XZ
??0SchedulerPolicy@Concurrency@@QEAA@_KZZ
??0_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??0_Concurrent_queue_base_v4@details@Concurrency@@IEAA@_K@Z
??0_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@AEBV_Concurrent_queue_base_v4@12@@Z
??0_Condition_variable@details@Concurrency@@QEAA@XZ
??0_Context@details@Concurrency@@QEAA@PEAVContext@2@@Z
??0_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_ReaderWriterLock@details@Concurrency@@QEAA@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??0_ReentrantLock@details@Concurrency@@QEAA@XZ
??0_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??0_Runtime_object@details@Concurrency@@QEAA@H@Z
??0_Runtime_object@details@Concurrency@@QEAA@XZ
??0_Scheduler@details@Concurrency@@QEAA@PEAVScheduler@2@@Z
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@AEAV123@@Z
??0_SpinLock@details@Concurrency@@QEAA@AECJ@Z
??0_StructuredTaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@PEAV_CancellationTokenState@12@@Z
??0_TaskCollection@details@Concurrency@@QEAA@XZ
??0_Timer@details@Concurrency@@IEAA@I_N@Z
??0agent@Concurrency@@QEAA@AEAVScheduleGroup@1@@Z
??0agent@Concurrency@@QEAA@AEAVScheduler@1@@Z
??0agent@Concurrency@@QEAA@XZ
??0bad_target@Concurrency@@QEAA@PEBD@Z
??0bad_target@Concurrency@@QEAA@XZ
??0context_self_unblock@Concurrency@@QEAA@PEBD@Z
??0context_self_unblock@Concurrency@@QEAA@XZ
??0context_unblock_unbalanced@Concurrency@@QEAA@PEBD@Z
??0context_unblock_unbalanced@Concurrency@@QEAA@XZ
??0critical_section@Concurrency@@QEAA@XZ
??0default_scheduler_exists@Concurrency@@QEAA@PEBD@Z
??0default_scheduler_exists@Concurrency@@QEAA@XZ
??0event@Concurrency@@QEAA@XZ
??0improper_lock@Concurrency@@QEAA@PEBD@Z
??0improper_lock@Concurrency@@QEAA@XZ
??0improper_scheduler_attach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_attach@Concurrency@@QEAA@XZ
??0improper_scheduler_detach@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_detach@Concurrency@@QEAA@XZ
??0improper_scheduler_reference@Concurrency@@QEAA@PEBD@Z
??0improper_scheduler_reference@Concurrency@@QEAA@XZ
??0invalid_link_target@Concurrency@@QEAA@PEBD@Z
??0invalid_link_target@Concurrency@@QEAA@XZ
??0invalid_multiple_scheduling@Concurrency@@QEAA@PEBD@Z
??0invalid_multiple_scheduling@Concurrency@@QEAA@XZ
??0invalid_oversubscribe_operation@Concurrency@@QEAA@PEBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_key@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QEAA@XZ
??0invalid_scheduler_policy_value@Concurrency@@QEAA@PEBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QEAA@XZ
??0message_not_found@Concurrency@@QEAA@PEBD@Z
??0message_not_found@Concurrency@@QEAA@XZ
??0missing_wait@Concurrency@@QEAA@PEBD@Z
??0missing_wait@Concurrency@@QEAA@XZ
??0nested_scheduler_missing_detach@Concurrency@@QEAA@PEBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QEAA@XZ
??0operation_timed_out@Concurrency@@QEAA@PEBD@Z
??0operation_timed_out@Concurrency@@QEAA@XZ
??0reader_writer_lock@Concurrency@@QEAA@XZ
??0scheduler_not_attached@Concurrency@@QEAA@PEBD@Z
??0scheduler_not_attached@Concurrency@@QEAA@XZ
??0scheduler_resource_allocation_error@Concurrency@@QEAA@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QEAA@PEBDJ@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@J@Z
??0scheduler_worker_creation_error@Concurrency@@QEAA@PEBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@AEAV12@@Z
??0unsupported_os@Concurrency@@QEAA@PEBD@Z
??0unsupported_os@Concurrency@@QEAA@XZ
??1SchedulerPolicy@Concurrency@@QEAA@XZ
??1_Cancellation_beacon@details@Concurrency@@QEAA@XZ
??1_Concurrent_queue_base_v4@details@Concurrency@@MEAA@XZ
??1_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAA@XZ
??1_Concurrent_vector_base_v4@details@Concurrency@@IEAA@XZ
??1_Condition_variable@details@Concurrency@@QEAA@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QEAA@XZ
??1_SpinLock@details@Concurrency@@QEAA@XZ
??1_StructuredTaskCollection@details@Concurrency@@QEAA@XZ
??1_TaskCollection@details@Concurrency@@QEAA@XZ
??1_Timer@details@Concurrency@@MEAA@XZ
??1agent@Concurrency@@UEAA@XZ
??1critical_section@Concurrency@@QEAA@XZ
??1event@Concurrency@@QEAA@XZ
??1reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock@critical_section@Concurrency@@QEAA@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QEAA@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QEAA@XZ
??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z
??4?$_SpinWait@$00@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@$$QEAV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QEAAAEAV012@AEBV012@@Z
??4SchedulerPolicy@Concurrency@@QEAAAEAV01@AEBV01@@Z
??_F?$_SpinWait@$00@details@Concurrency@@QEAAXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QEAAXXZ
??_F_Context@details@Concurrency@@QEAAXXZ
??_F_Scheduler@details@Concurrency@@QEAAXXZ
?AgentEventGuid@Concurrency@@3U_GUID@@B
?Alloc@Concurrency@@YAPEAX_K@Z
?Block@Context@Concurrency@@SAXXZ
?ChoreEventGuid@Concurrency@@3U_GUID@@B
?ConcRTEventGuid@Concurrency@@3U_GUID@@B
?ConcRT_ProviderGuid@Concurrency@@3U_GUID@@B
?ContextEventGuid@Concurrency@@3U_GUID@@B
?Create@CurrentScheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPEAV12@AEBVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPEAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@AEAVlocation@2@@Z
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPEAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPEAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPEAX@Z
?Get@CurrentScheduler@Concurrency@@SAPEAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QEBAIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPEAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsAvailableLocation@CurrentScheduler@Concurrency@@SA_NAEBVlocation@2@@Z
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?LockEventGuid@Concurrency@@3U_GUID@@B
?Log2@details@Concurrency@@YAK_K@Z
?NFS_Allocate@details@Concurrency@@YAPEAX_K0PEAX@Z
?NFS_Free@details@Concurrency@@YAXPEAX@Z
?NFS_GetLineSize@details@Concurrency@@YA_KXZ
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelForeachEventGuid@Concurrency@@3U_GUID@@B
?PPLParallelInvokeEventGuid@Concurrency@@3U_GUID@@B
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPEAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ResourceManagerEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupEventGuid@Concurrency@@3U_GUID@@B
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0@Z
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPEAX@Z0AEAVlocation@2@@Z
?SchedulerEventGuid@Concurrency@@3U_GUID@@B
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QEAAXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXAEBVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QEAAIW4PolicyElementKey@2@I@Z
?VirtualProcessorEventGuid@Concurrency@@3U_GUID@@B
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QEAAXPEAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_Advance@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXXZ
?_Assign@_Concurrent_queue_iterator_base_v4@details@Concurrency@@IEAAXAEBV123@@Z
?_Byte_reverse_table@details@Concurrency@@3QBEB
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QEAAXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QEAAXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IEAAXXZ
?_CleanupToken@_StructuredTaskCollection@details@Concurrency@@AEAAXXZ
?_ConcRT_CoreAssert@details@Concurrency@@YAXPEBD0H@Z
?_ConcRT_Trace@details@Concurrency@@YAXHPEB_WZZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QEAA_NXZ
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
?_Current_node@location@Concurrency@@SA?AV12@XZ
?_Destroy@_AsyncTaskCollection@details@Concurrency@@EEAAXXZ
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_Get@_CurrentScheduler@details@Concurrency@@SA?AV_Scheduler@23@XZ
?_GetCombinableSize@details@Concurrency@@YA_KXZ
?_GetConcRTTraceInfo@Concurrency@@YAPEBU_CONCRT_TRACE_INFO@details@1@XZ
?_GetConcurrency@details@Concurrency@@YAIXZ
?_GetCurrentInlineDepth@_StackGuard@details@Concurrency@@CAAEA_KXZ
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_GetScheduler@_Scheduler@details@Concurrency@@QEAAPEAVScheduler@3@XZ
?_Id@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Internal_assign@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAX1@ZP6AX2PEBX1@Z5@Z
?_Internal_capacity@_Concurrent_vector_base_v4@details@Concurrency@@IEBA_KXZ
?_Internal_clear@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_KP6AXPEAX_K@Z@Z
?_Internal_compact@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KPEAXP6AX10@ZP6AX1PEBX0@Z@Z
?_Internal_copy@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEBV123@_KP6AXPEAXPEBX1@Z@Z
?_Internal_empty@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_NXZ
?_Internal_finish_clear@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXXZ
?_Internal_grow_by@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z
?_Internal_grow_to_at_least_with_result@_Concurrent_vector_base_v4@details@Concurrency@@IEAA_K_K0P6AXPEAXPEBX0@Z2@Z
?_Internal_move_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEAX@Z
?_Internal_pop_if_present@_Concurrent_queue_base_v4@details@Concurrency@@IEAA_NPEAX@Z
?_Internal_push@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXPEBX@Z
?_Internal_push_back@_Concurrent_vector_base_v4@details@Concurrency@@IEAAPEAX_KAEA_K@Z
?_Internal_reserve@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00@Z
?_Internal_resize@_Concurrent_vector_base_v4@details@Concurrency@@IEAAX_K00P6AXPEAX0@ZP6AX1PEBX0@Z3@Z
?_Internal_size@_Concurrent_queue_base_v4@details@Concurrency@@IEBA_KXZ
?_Internal_swap@_Concurrent_queue_base_v4@details@Concurrency@@IEAAXAEAV123@@Z
?_Internal_swap@_Concurrent_vector_base_v4@details@Concurrency@@IEAAXAEAV123@@Z
?_Internal_throw_exception@_Concurrent_queue_base_v4@details@Concurrency@@IEBAXXZ
?_Internal_throw_exception@_Concurrent_vector_base_v4@details@Concurrency@@IEBAX_K@Z
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QEAA_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QEAA_NXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QEBA_NXZ
?_NewCollection@_AsyncTaskCollection@details@Concurrency@@SAPEAV123@PEAV_CancellationTokenState@23@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IEAAKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IEAAKXZ
?_Oversubscribe@_Context@details@Concurrency@@SAX_N@Z
?_Reference@_Scheduler@details@Concurrency@@QEAAIXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QEAAXXZ
?_Release@_Scheduler@details@Concurrency@@QEAAIXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QEAAXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IEAAXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IEAAXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QEAA?AW4_TaskCollectionStatus@23@PEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QEAAXPEAV_UnrealizedChore@23@PEAVlocation@3@@Z
?_ScheduleTask@_CurrentScheduler@details@Concurrency@@SAXP6AXPEAX@Z0@Z
?_Segment_index_of@_Concurrent_vector_base_v4@details@Concurrency@@KA_K_K@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QEAAXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QEAAXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IEAA_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IEAA_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QEAA_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QEAA_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IEAAXXZ
?_Stop@_Timer@details@Concurrency@@IEAAXXZ
?_Trace_agents@Concurrency@@YAXW4Agents_EventType@1@_JZZ
?_Trace_ppl_function@Concurrency@@YAXAEBU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QEAA_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QEAA_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QEAA_NXZ
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?cancel@agent@Concurrency@@QEAA_NXZ
?current@location@Concurrency@@SA?AV12@XZ
?done@agent@Concurrency@@IEAA_NXZ
?from_numa_node@location@Concurrency@@SA?AV12@G@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QEBAJXZ
?is_current_task_group_canceling@Concurrency@@YA_NXZ
?lock@critical_section@Concurrency@@QEAAXXZ
?lock@reader_writer_lock@Concurrency@@QEAAXXZ
?lock_read@reader_writer_lock@Concurrency@@QEAAXXZ
?native_handle@critical_section@Concurrency@@QEAAAEAV12@XZ
?notify_all@_Condition_variable@details@Concurrency@@QEAAXXZ
?notify_one@_Condition_variable@details@Concurrency@@QEAAXXZ
?reset@event@Concurrency@@QEAAXXZ
?set@event@Concurrency@@QEAAXXZ
?set_task_execution_resources@Concurrency@@YAXGPEAU_GROUP_AFFINITY@@@Z
?set_task_execution_resources@Concurrency@@YAX_K@Z
?start@agent@Concurrency@@QEAA_NXZ
?status@agent@Concurrency@@QEAA?AW4agent_status@2@XZ
?status_port@agent@Concurrency@@QEAAPEAV?$ISource@W4agent_status@Concurrency@@@2@XZ
?try_lock@critical_section@Concurrency@@QEAA_NXZ
?try_lock@reader_writer_lock@Concurrency@@QEAA_NXZ
?try_lock_for@critical_section@Concurrency@@QEAA_NI@Z
?try_lock_read@reader_writer_lock@Concurrency@@QEAA_NXZ
?unlock@critical_section@Concurrency@@QEAAXXZ
?unlock@reader_writer_lock@Concurrency@@QEAAXXZ
?wait@Concurrency@@YAXI@Z
?wait@_Condition_variable@details@Concurrency@@QEAAXAEAVcritical_section@3@@Z
?wait@agent@Concurrency@@SA?AW4agent_status@2@PEAV12@I@Z
?wait@event@Concurrency@@QEAA_KI@Z
?wait_for@_Condition_variable@details@Concurrency@@QEAA_NAEAVcritical_section@3@I@Z
?wait_for_all@agent@Concurrency@@SAX_KPEAPEAV12@PEAW4agent_status@2@I@Z
?wait_for_multiple@event@Concurrency@@SA_KPEAPEAV12@_K_NI@Z
?wait_for_one@agent@Concurrency@@SAX_KPEAPEAV12@AEAW4agent_status@2@AEA_KI@Z

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
archive/res_mods/1.23.0.0/scripts/client/gui/mods/mod_a.pyc
archive/res_mods/1.23.0.0/scripts/client/gui/mods/mod_a.xml
archive/res_mods/1.24.0.0/readme.txt
archive/res_mods/1.25.0.0/readme.txt
archive/setup.exe
.exe windows:6 windows x64 arch:x64

448b6888b26145ced7ce018aab459303

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

InitializeCriticalSectionEx
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetCursorPos

advapi32

RegCloseKey

shell32

SHGetFolderPathA

ole32

CoCreateInstance

oleaut32

VariantClear

Sections

.text
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

¯Øâ��
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

¯Øâ��
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

¯Øâ��
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
archive/updates/icudtl.dat

Sharing

General

Malware Config

Signatures

Files

1c2f4d4b9ed7d6c726296dca5b10f60c

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

opengl32

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 4.2MB - Virtual size: 4.2MB

.data Size: 36KB - Virtual size: 79KB

.pdata Size: 156KB - Virtual size: 155KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 38KB - Virtual size: 37KB

7f070c3864ce20e1b9879a9e3126cd30

Code Sign

33:00:00:01:2f:0d:ca:5a:e9:ea:70:8d:f5:00:00:00:00:01:2fCertificate

Extended Key Usages

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate

Extended Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52Certificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

c8:6f:d8:fc:b6:6e:34:b9:0b:3e:64:a6:bd:98:55:dd:78:5a:47:f7:d1:50:d8:1d:14:d7:54:e1:7a:ea:fd:fcSigner

73:7e:58:9f:d6:7e:ae:3c:cc:6b:95:f5:40:6e:57:24:52:bb:5f:4fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 183KB - Virtual size: 182KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 14KB - Virtual size: 15KB

.pdata Size: 14KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 2KB

448b6888b26145ced7ce018aab459303

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: - Virtual size: 1.1MB

.rdata Size: - Virtual size: 201KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 4.2MB - Virtual size: 4.2MB

.data
Size: 36KB - Virtual size: 79KB

.pdata
Size: 156KB - Virtual size: 155KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 38KB - Virtual size: 37KB

33:00:00:01:2f:0d:ca:5a:e9:ea:70:8d:f5:00:00:00:00:01:2f
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

33:00:00:01:52:9b:40:9f:50:56:99:75:88:00:00:00:00:01:52
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

c8:6f:d8:fc:b6:6e:34:b9:0b:3e:64:a6:bd:98:55:dd:78:5a:47:f7:d1:50:d8:1d:14:d7:54:e1:7a:ea:fd:fc
Signer

73:7e:58:9f:d6:7e:ae:3c:cc:6b:95:f5:40:6e:57:24:52:bb:5f:4f
Signer

.text
Size: 183KB - Virtual size: 182KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 14KB - Virtual size: 15KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: - Virtual size: 1.1MB

.rdata
Size: - Virtual size: 201KB

.data
Size: - Virtual size: 33KB

.pdata
Size: - Virtual size: 29KB

_RDATA
Size: - Virtual size: 500B

¯Øâ��
Size: - Virtual size: 2.6MB

¯Øâ��
Size: 3KB - Virtual size: 2KB

¯Øâ��
Size: 4.3MB - Virtual size: 4.3MB

.reloc
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 254KB - Virtual size: 254KB