C:\HP-Socket-dev\Windows\Lib\HPSocket\x86\HPSocket.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Bin.7z
Resource
win7-20240508-en
windows7-x64
5 signatures
1800 seconds
Behavioral task
behavioral2
Sample
Bin.7z
Resource
win10-20240404-en
windows10-1703-x64
3 signatures
1800 seconds
Behavioral task
behavioral3
Sample
Bin.7z
Resource
win10v2004-20240611-en
windows10-2004-x64
20 signatures
1800 seconds
Behavioral task
behavioral4
Sample
Bin.7z
Resource
win11-20240611-en
windows11-21h2-x64
3 signatures
1800 seconds
General
-
Target
Bin.7z
-
Size
17.2MB
-
MD5
aafb13cb16c8d24e72eb3d0a2783fe00
-
SHA1
0c7b4d9678bf02e15050a9e9a6343bdb06886f98
-
SHA256
39f725dbe1c1589d318d87c4e76d89fd73023c7094042338536ad3fe59d47c04
-
SHA512
1e5518a3fa5bcf93d302f201435c95f5a9a01e70da31ecb0773cce76aa1e7a42c4699bf620b8bb1e6de9d4b2f3474f1ee29f75aecd0429842f7087f0528751c3
-
SSDEEP
393216:ebPMyfxpIdQR8TXgW4Kj/cG5g9K9SQLchaOlWiT1ze:IflR8TgW4OkGX9tchbZC
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/HPSocket.dll unpack001/Tools/MSTSCAX.DLL unpack001/Tools/mstsc.exe unpack001/gh0st.exe
Files
-
Bin.7z.7z
-
HPSocket.dll.dll windows:6 windows x86 arch:x86
973f80e65229906ef8411aa4c471ca67
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
HeapDestroy
HeapSize
HeapReAlloc
InitializeConditionVariable
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateTimerQueue
DeleteTimerQueueEx
CreateWaitableTimerA
GetSystemInfo
ResetEvent
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
RaiseException
SetEvent
GetQueuedCompletionStatus
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
InitializeCriticalSectionEx
CreateIoCompletionPort
UnmapViewOfFile
SetThreadPriority
ResumeThread
CreateFileA
GetProcAddress
GetModuleHandleA
GetFileSize
CreateFileMappingA
MapViewOfFileEx
lstrlenA
MultiByteToWideChar
WaitForMultipleObjects
SetWaitableTimer
CancelWaitableTimer
TryEnterCriticalSection
DeleteTimerQueueTimer
CreateTimerQueueTimer
DecodePointer
GetEnvironmentVariableA
FlsAlloc
FlsSetValue
FlsFree
GetCurrentProcess
GetCurrentProcessorNumber
VirtualAlloc
VirtualFree
GetLargePageMinimum
VirtualUnlock
FreeLibrary
LoadLibraryW
GetNumaHighestNodeNumber
GetNumaProcessorNode
GetNumaNodeProcessorMask
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcessTimes
K32GetProcessMemoryInfo
GetSystemTime
SystemTimeToFileTime
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
GetProcessHeap
FindFirstFileW
FindNextFileW
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
ConvertFiberToThread
ConvertThreadToFiber
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
SetEndOfFile
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapAlloc
Sleep
CreateEventA
GetNativeSystemInfo
SwitchToThread
ReleaseSemaphore
WaitForSingleObject
AcquireSRWLockExclusive
CloseHandle
CreateSemaphoreA
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentProcessId
GetCurrentThreadId
SetLastError
FindFirstFileExW
GetFileSizeEx
SetFilePointerEx
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
CompareStringW
GetModuleFileNameW
SetConsoleCtrlHandler
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
EncodePointer
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
OutputDebugStringW
IsDebuggerPresent
HeapFree
GetLastError
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
ReleaseSRWLockExclusive
FindClose
WriteConsoleW
user32
GetProcessWindowStation
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
GetUserObjectInformationW
MessageBoxW
TranslateMessage
advapi32
CryptDestroyKey
AdjustTokenPrivileges
LookupPrivilegeValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
OpenProcessToken
shlwapi
StrChrA
PathFileExistsA
PathIsDirectoryA
winmm
timeGetDevCaps
timeBeginPeriod
timeEndPeriod
timeGetTime
ws2_32
WSARecv
WSASend
closesocket
shutdown
sendto
send
ioctlsocket
setsockopt
htonl
ntohl
WSAGetOverlappedResult
WSARecvFrom
inet_ntop
freeaddrinfo
getaddrinfo
WSAStringToAddressA
inet_pton
getsockopt
WSAIoctl
WSASetLastError
htons
WSAGetLastError
ntohs
WSASendTo
WSAStartup
WSACleanup
socket
getsockname
connect
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
bind
recv
WSACloseEvent
listen
recvfrom
getpeername
bcrypt
BCryptGenRandom
crypt32
CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
Exports
Exports
HP_Create_BrotliCompressor
HP_Create_BrotliDecompressor
HP_Create_GZipCompressor
HP_Create_GZipDecompressor
HP_Create_HttpAgent
HP_Create_HttpClient
HP_Create_HttpServer
HP_Create_HttpSyncClient
HP_Create_HttpsAgent
HP_Create_HttpsClient
HP_Create_HttpsServer
HP_Create_HttpsSyncClient
HP_Create_SSLAgent
HP_Create_SSLClient
HP_Create_SSLPackAgent
HP_Create_SSLPackClient
HP_Create_SSLPackServer
HP_Create_SSLPullAgent
HP_Create_SSLPullClient
HP_Create_SSLPullServer
HP_Create_SSLServer
HP_Create_SocketTaskObj
HP_Create_TcpAgent
HP_Create_TcpClient
HP_Create_TcpPackAgent
HP_Create_TcpPackClient
HP_Create_TcpPackServer
HP_Create_TcpPullAgent
HP_Create_TcpPullClient
HP_Create_TcpPullServer
HP_Create_TcpServer
HP_Create_ThreadPool
HP_Create_UdpArqClient
HP_Create_UdpArqServer
HP_Create_UdpCast
HP_Create_UdpClient
HP_Create_UdpNode
HP_Create_UdpServer
HP_Create_ZLibCompressor
HP_Create_ZLibDecompressor
HP_Destroy_Compressor
HP_Destroy_Decompressor
HP_Destroy_HttpAgent
HP_Destroy_HttpClient
HP_Destroy_HttpServer
HP_Destroy_HttpSyncClient
HP_Destroy_HttpsAgent
HP_Destroy_HttpsClient
HP_Destroy_HttpsServer
HP_Destroy_HttpsSyncClient
HP_Destroy_SSLAgent
HP_Destroy_SSLClient
HP_Destroy_SSLPackAgent
HP_Destroy_SSLPackClient
HP_Destroy_SSLPackServer
HP_Destroy_SSLPullAgent
HP_Destroy_SSLPullClient
HP_Destroy_SSLPullServer
HP_Destroy_SSLServer
HP_Destroy_SocketTaskObj
HP_Destroy_TcpAgent
HP_Destroy_TcpClient
HP_Destroy_TcpPackAgent
HP_Destroy_TcpPackClient
HP_Destroy_TcpPackServer
HP_Destroy_TcpPullAgent
HP_Destroy_TcpPullClient
HP_Destroy_TcpPullServer
HP_Destroy_TcpServer
HP_Destroy_ThreadPool
HP_Destroy_UdpArqClient
HP_Destroy_UdpArqServer
HP_Destroy_UdpCast
HP_Destroy_UdpClient
HP_Destroy_UdpNode
HP_Destroy_UdpServer
HP_GetHPSocketVersion
HP_GetSocketErrorDesc
HP_HttpCookie_HLP_CurrentUTCTime
HP_HttpCookie_HLP_ExpiresToMaxAge
HP_HttpCookie_HLP_MakeExpiresStr
HP_HttpCookie_HLP_MaxAgeToExpires
HP_HttpCookie_HLP_ParseExpires
HP_HttpCookie_HLP_ToString
HP_HttpCookie_MGR_ClearCookies
HP_HttpCookie_MGR_DeleteCookie
HP_HttpCookie_MGR_IsEnableThirdPartyCookie
HP_HttpCookie_MGR_LoadFromFile
HP_HttpCookie_MGR_RemoveExpiredCookies
HP_HttpCookie_MGR_SaveToFile
HP_HttpCookie_MGR_SetCookie
HP_HttpCookie_MGR_SetEnableThirdPartyCookie
HP_SSL_RemoveThreadLocalState
SYS_Alloca
SYS_Base64Decode
SYS_Base64Encode
SYS_BrotliCompress
SYS_BrotliCompressEx
SYS_BrotliGuessCompressBound
SYS_BrotliUncompress
SYS_Calloc
SYS_CodePageToUnicode
SYS_Compress
SYS_CompressEx
SYS_EnumHostIPAddresses
SYS_Free
SYS_FreeHostIPAddresses
SYS_GZipCompress
SYS_GZipGuessUncompressBound
SYS_GZipUncompress
SYS_GbkToUnicode
SYS_GbkToUtf8
SYS_GetIPAddress
SYS_GetLastError
SYS_GetSocketLocalAddress
SYS_GetSocketOption
SYS_GetSocketRemoteAddress
SYS_GuessBase64DecodeBound
SYS_GuessBase64EncodeBound
SYS_GuessCompressBound
SYS_GuessUrlDecodeBound
SYS_GuessUrlEncodeBound
SYS_HToN64
SYS_IoctlSocket
SYS_IsIPAddress
SYS_IsLittleEndian
SYS_Malloc
SYS_NToH64
SYS_Realloc
SYS_SSO_DontLinger
SYS_SSO_ExclusiveAddressUse
SYS_SSO_Linger
SYS_SSO_NoDelay
SYS_SSO_RecvBuffSize
SYS_SSO_RecvTimeOut
SYS_SSO_ReuseAddress
SYS_SSO_SendBuffSize
SYS_SSO_SendTimeOut
SYS_SetSocketOption
SYS_SwapEndian16
SYS_SwapEndian32
SYS_Uncompress
SYS_UncompressEx
SYS_UnicodeToCodePage
SYS_UnicodeToGbk
SYS_UnicodeToUtf8
SYS_UrlDecode
SYS_UrlEncode
SYS_Utf8ToGbk
SYS_Utf8ToUnicode
SYS_WSAGetLastError
SYS_WSAIoctl
_HP_SSL_DefaultServerNameCallback@8
Sections
.text Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 942KB - Virtual size: 942KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 31KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 82KB - Virtual size: 82KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Styles/Office2007.dll.dll windows:4 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
10:9e:4d:3f:c8:83:e0:ec:75:f4:83:e4:82:3e:fe:87Certificate
IssuerCN=SecureTrust CA,O=SecureTrust Corporation,C=USNot Before01/10/2014, 19:22Not After28/09/2024, 19:22SubjectCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:b9:9b:b1:c1:fe:04:9d:ac:a8:9f:e2:c8:4f:ab:e2:30:2e:a8Certificate
IssuerCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dNot Before10/07/2017, 18:17Not After11/07/2019, 00:17SubjectCN=Codejock Technologies\, LLC,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
0f:e7:ef:1a:2a:96:e6:51:43:29:46:c5:46:1e:95:a2:ca:b8:bd:b9Signer
Actual PE Digest0f:e7:ef:1a:2a:96:e6:51:43:29:46:c5:46:1e:95:a2:ca:b8:bd:b9Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Styles/Office2010.dll.dll windows:4 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
10:9e:4d:3f:c8:83:e0:ec:75:f4:83:e4:82:3e:fe:87Certificate
IssuerCN=SecureTrust CA,O=SecureTrust Corporation,C=USNot Before01/10/2014, 19:22Not After28/09/2024, 19:22SubjectCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:b9:9b:b1:c1:fe:04:9d:ac:a8:9f:e2:c8:4f:ab:e2:30:2e:a8Certificate
IssuerCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dNot Before10/07/2017, 18:17Not After11/07/2019, 00:17SubjectCN=Codejock Technologies\, LLC,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
d9:ff:8a:1c:5d:17:53:8a:81:a9:a3:71:c8:ee:f2:6f:1b:2c:fe:c6Signer
Actual PE Digestd9:ff:8a:1c:5d:17:53:8a:81:a9:a3:71:c8:ee:f2:6f:1b:2c:fe:c6Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 1.4MB - Virtual size: 1.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Styles/Office2013.dll.dll windows:4 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
10:9e:4d:3f:c8:83:e0:ec:75:f4:83:e4:82:3e:fe:87Certificate
IssuerCN=SecureTrust CA,O=SecureTrust Corporation,C=USNot Before01/10/2014, 19:22Not After28/09/2024, 19:22SubjectCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:b9:9b:b1:c1:fe:04:9d:ac:a8:9f:e2:c8:4f:ab:e2:30:2e:a8Certificate
IssuerCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dNot Before10/07/2017, 18:17Not After11/07/2019, 00:17SubjectCN=Codejock Technologies\, LLC,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
81:5f:1f:30:ab:18:a7:c8:4d:0d:07:e2:07:1d:c6:17:8c:ad:84:14Signer
Actual PE Digest81:5f:1f:30:ab:18:a7:c8:4d:0d:07:e2:07:1d:c6:17:8c:ad:84:14Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 2.9MB - Virtual size: 2.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Styles/Office2016.dll.dll windows:4 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
10:9e:4d:3f:c8:83:e0:ec:75:f4:83:e4:82:3e:fe:87Certificate
IssuerCN=SecureTrust CA,O=SecureTrust Corporation,C=USNot Before01/10/2014, 19:22Not After28/09/2024, 19:22SubjectCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:b9:9b:b1:c1:fe:04:9d:ac:a8:9f:e2:c8:4f:ab:e2:30:2e:a8Certificate
IssuerCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dNot Before10/07/2017, 18:17Not After11/07/2019, 00:17SubjectCN=Codejock Technologies\, LLC,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3a:2b:b6:22:bb:bb:79:05:93:5b:20:83:e5:e1:8f:b1:d9:c5:c9:4eSigner
Actual PE Digest3a:2b:b6:22:bb:bb:79:05:93:5b:20:83:e5:e1:8f:b1:d9:c5:c9:4eDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 4.0MB - Virtual size: 4.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Styles/VisualStudio2012.dll.dll windows:4 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
10:9e:4d:3f:c8:83:e0:ec:75:f4:83:e4:82:3e:fe:87Certificate
IssuerCN=SecureTrust CA,O=SecureTrust Corporation,C=USNot Before01/10/2014, 19:22Not After28/09/2024, 19:22SubjectCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:b9:9b:b1:c1:fe:04:9d:ac:a8:9f:e2:c8:4f:ab:e2:30:2e:a8Certificate
IssuerCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dNot Before10/07/2017, 18:17Not After11/07/2019, 00:17SubjectCN=Codejock Technologies\, LLC,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
fd:bd:dd:f0:ae:1a:29:72:20:7b:11:ed:10:49:53:a7:41:d7:ed:21Signer
Actual PE Digestfd:bd:dd:f0:ae:1a:29:72:20:7b:11:ed:10:49:53:a7:41:d7:ed:21Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 11KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Styles/VisualStudio2015.dll.dll windows:4 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
10:9e:4d:3f:c8:83:e0:ec:75:f4:83:e4:82:3e:fe:87Certificate
IssuerCN=SecureTrust CA,O=SecureTrust Corporation,C=USNot Before01/10/2014, 19:22Not After28/09/2024, 19:22SubjectCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:b9:9b:b1:c1:fe:04:9d:ac:a8:9f:e2:c8:4f:ab:e2:30:2e:a8Certificate
IssuerCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dNot Before10/07/2017, 18:17Not After11/07/2019, 00:17SubjectCN=Codejock Technologies\, LLC,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
32:a2:99:0c:73:5c:53:a6:22:25:0f:e6:48:9c:07:c6:4b:8a:bf:7eSigner
Actual PE Digest32:a2:99:0c:73:5c:53:a6:22:25:0f:e6:48:9c:07:c6:4b:8a:bf:7eDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 130KB - Virtual size: 130KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Styles/Windows7.dll.dll windows:4 windows x86 arch:x86
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
10:9e:4d:3f:c8:83:e0:ec:75:f4:83:e4:82:3e:fe:87Certificate
IssuerCN=SecureTrust CA,O=SecureTrust Corporation,C=USNot Before01/10/2014, 19:22Not After28/09/2024, 19:22SubjectCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
06:b9:9b:b1:c1:fe:04:9d:ac:a8:9f:e2:c8:4f:ab:e2:30:2e:a8Certificate
IssuerCN=Trustwave Code Signing SHA256 CA\, Level 1,O=Trustwave Holdings\, Inc.,L=Chicago,ST=Illinois,C=US,1.2.840.113549.1.9.1=#0c106361407472757374776176652e636f6dNot Before10/07/2017, 18:17Not After11/07/2019, 00:17SubjectCN=Codejock Technologies\, LLC,O=Codejock Technologies\, LLC,L=Owosso,ST=Michigan,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
63:c3:04:27:01:65:58:76:cd:bd:25:d6:28:85:1f:20:3a:6e:d6:86Signer
Actual PE Digest63:c3:04:27:01:65:58:76:cd:bd:25:d6:28:85:1f:20:3a:6e:d6:86Digest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Sections
.rsrc Size: 495KB - Virtual size: 495KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Tools/MSTSCAX.DLL.dll regsvr32 windows:5 windows x86 arch:x86
f4f9ea2971d7855283ab7cbcf0ce7925
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
mstscax.pdb
Imports
kernel32
lstrcatA
GetProcessHeap
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
HeapSize
InterlockedExchange
RtlUnwind
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
HeapFree
GetSystemDefaultLangID
SetEvent
GetVersion
FreeResource
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetCommandLineA
IsBadReadPtr
SetFilePointer
ReadFile
DuplicateHandle
GlobalFree
GlobalHandle
Beep
lstrcmpA
GetSystemTime
GetExitCodeThread
WaitForMultipleObjects
ReleaseSemaphore
GlobalSize
ResetEvent
CreateDirectoryA
DeleteFileA
GetTempFileNameA
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathA
Sleep
QueryDosDeviceW
FindNextChangeNotification
FindCloseChangeNotification
GetFileInformationByHandle
SetFileTime
SetEndOfFile
LockFileEx
LockFile
UnlockFile
FreeLibraryAndExitThread
ResumeThread
CreateThread
GetComputerNameA
DebugBreak
WaitForMultipleObjectsEx
EscapeCommFunction
SetCommState
GetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
SetupComm
SetCommMask
PurgeComm
GetCommTimeouts
GetCommMask
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
SetErrorMode
DeviceIoControl
GetOverlappedResult
FlushFileBuffers
FindClose
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
CompareFileTime
SystemTimeToFileTime
GetSystemDefaultLCID
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
lstrcmpiA
lstrcmpiW
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetProfileStringA
GetProfileStringW
LoadLibraryExA
LoadLibraryExW
MoveFileA
MoveFileW
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
CreateSemaphoreA
CreateSemaphoreW
lstrcpyA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetVolumeInformationA
GetVolumeInformationW
GetComputerNameW
GetVersionExW
GetDefaultCommConfigA
GetDefaultCommConfigW
lstrcpynA
ExitThread
RaiseException
IsBadCodePtr
SetStdHandle
TlsSetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SizeofResource
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
LoadResource
LockResource
SetLastError
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
LocalFree
lstrlenA
lstrlenW
LocalAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
OutputDebugStringA
advapi32
RegCloseKey
RegQueryValueExA
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
GetSecurityDescriptorLength
RegOpenKeyA
user32
SetRect
GetWindowDC
DestroyCursor
CreateCursor
AttachThreadInput
GetWindowThreadProcessId
CallNextHookEx
GetAsyncKeyState
GetForegroundWindow
MessageBeep
FlashWindow
SetCapture
ReleaseCapture
GetMessageExtraInfo
UnhookWindowsHookEx
CreateIconIndirect
MsgWaitForMultipleObjects
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
GetClipboardData
SetClipboardViewer
ChangeClipboardChain
GetMessageTime
CallWindowProcA
CallWindowProcW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetClassInfoA
GetClassInfoW
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
FillRect
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
BringWindowToTop
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
UnregisterClassA
UnregisterClassW
wvsprintfA
wvsprintfW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
MapVirtualKeyA
MapVirtualKeyW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetKeyboardState
ScreenToClient
ClientToScreen
SetCursorPos
keybd_event
SetCursor
GetKeyboardType
IsWindowVisible
GetSysColor
GetCursorPos
SetScrollPos
LockWindowUpdate
ShowScrollBar
GetKeyboardLayout
DestroyWindow
InflateRect
GetSysColorBrush
SetScrollInfo
AdjustWindowRect
SystemParametersInfoA
IsIconic
SetParent
TranslateMessage
SetFocus
GetClientRect
UpdateWindow
InvalidateRect
IsWindow
MoveWindow
ShowWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetParent
SetWindowPos
GetWindowRect
GetDesktopWindow
GetSystemMetrics
GetWindowPlacement
BeginPaint
EndPaint
GetKeyState
IntersectRect
EqualRect
SetWindowRgn
UnionRect
PtInRect
GetDC
ReleaseDC
SetTimer
KillTimer
OffsetRect
wsprintfA
gdi32
CreateSolidBrush
PatBlt
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
DeleteObject
SetBkMode
SetBkColor
CreatePolygonRgn
GetRgnBox
CombineRgn
SetRectRgn
UpdateColors
BitBlt
SetBrushOrgEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
StretchBlt
RealizePalette
SelectPalette
CreateDIBitmap
CreateBrushIndirect
GetNearestPaletteIndex
GetCurrentObject
CreateBitmap
SetDIBitsToDevice
CreatePalette
SetDIBColorTable
CreateDIBPatternBrushPt
CreatePatternBrush
SetBitmapBits
SetTextAlign
GetTextAlign
SetROP2
CreateDIBSection
GetBitmapBits
GdiFlush
GetPaletteEntries
Polyline
Polygon
SetPolyFillMode
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP
SaveDC
SetTextColor
SetMapMode
CreateMetaFileW
CreateMetaFileA
GetObjectW
GetObjectA
CreateDCW
CreateDCA
GetDIBits
SetMetaFileBitsEx
PlayMetaFile
GetMetaFileBitsEx
GetDIBColorTable
GetNearestColor
Ellipse
SelectObject
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx
winspool.drv
SetPrinterW
EnumPrintersW
EnumPrintersA
GetPrinterA
GetPrinterDriverA
GetPrinterDataW
GetPrinterDataA
StartDocPrinterW
StartPagePrinter
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
EndPagePrinter
EndDocPrinter
GetPrinterW
GetPrinterDriverW
StartDocPrinterA
OpenPrinterW
OpenPrinterA
ClosePrinter
ole32
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleLoadFromStream
OleUninitialize
OleIsCurrentClipboard
OleSetClipboard
WriteClassStm
OleRegEnumVerbs
OleSaveToStream
OleInitialize
CoGetMalloc
oleaut32
VariantClear
OleCreatePropertyFrame
VariantChangeType
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi
winmm
waveOutSetVolume
waveOutGetVolume
waveOutGetPitch
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen
wsock32
ioctlsocket
inet_addr
getsockname
shutdown
setsockopt
WSACleanup
WSAAsyncSelect
WSAAsyncGetHostByName
connect
htons
socket
closesocket
send
recv
WSAStartup
bind
sendto
recvfrom
gethostbyname
gethostname
WSACancelAsyncRequest
WSAGetLastError
shell32
ExtractIconW
ExtractIconA
SHFileOperationA
ord100
Exports
Exports
DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer
Sections
.text Size: 539KB - Virtual size: 539KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 63KB - Virtual size: 62KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 26KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Tools/mstsc.exe.exe windows:5 windows x86 arch:x86
c9563dea574f58f47d86577e5a7f024c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
PDB Paths
mstsc.pdb
Imports
advapi32
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA
kernel32
FlushFileBuffers
ExitProcess
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcpynA
GetVersionExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
ReadFile
WriteFile
WideCharToMultiByte
SetLastError
GetACP
CreateThread
SetEvent
LocalAlloc
lstrlenA
LoadResource
LockResource
LocalFree
CloseHandle
GetLastError
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetStartupInfoA
DebugBreak
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetModuleHandleA
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetModuleHandleW
lstrlenW
GetProcessHeap
WaitForSingleObject
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindResourceA
FindResourceW
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LoadLibraryW
gdi32
CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetDIBColorTable
UpdateColors
StretchBlt
CreatePalette
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
SetBkMode
SetMapMode
SelectPalette
RealizePalette
TranslateCharsetInfo
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
GetDCOrgEx
GetClipBox
CombineRgn
EqualRgn
user32
TranslateMessage
GetWindowDC
MapDialogRect
GetWindow
FillRect
CheckDlgButton
IsDlgButtonChecked
BeginPaint
DrawIcon
EndPaint
EndDialog
MapWindowPoints
GetDesktopWindow
GetDC
ReleaseDC
GetDlgItem
EnableWindow
SetRect
LockWindowUpdate
SetFocus
SetWindowPlacement
SetWindowPos
GetClientRect
MoveWindow
EqualRect
CopyRect
IsWindowVisible
InvalidateRect
UpdateWindow
EnableMenuItem
ShowWindow
SetForegroundWindow
AdjustWindowRect
IsZoomed
SetCursor
GetSystemMenu
CreateMenu
IsWindow
PostQuitMessage
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessageTime
GetCursorPos
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetDlgItemTextA
GetDlgItemTextW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
InsertMenuA
InsertMenuW
IsDialogMessageA
IsDialogMessageW
LoadAcceleratorsA
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
ModifyMenuA
ModifyMenuW
PostMessageA
PostMessageW
SendMessageA
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
RegisterClassExA
RegisterClassExW
SendDlgItemMessageW
DestroyIcon
SetTimer
KillTimer
DestroyWindow
GetSystemMetrics
GetWindowRect
shell32
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
ExtractIconW
ExtractIconA
SHGetSpecialFolderLocation
ole32
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
oleaut32
SysAllocString
SysFreeString
comctl32
ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon
wsock32
inet_addr
gethostbyaddr
gethostbyname
comdlg32
GetFileTitleW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW
Sections
.text Size: 151KB - Virtual size: 151KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 221KB - Virtual size: 221KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
gh0st.exe.exe windows:6 windows x86 arch:x86
4d1397abb0dd1c0e248a008ed8b5ee0b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
C:\Users\84547\Desktop\gh0st8.19\Release\gh0st.pdb
Imports
kernel32
LCMapStringW
user32
EndDialog
gdi32
RectVisible
msimg32
TransparentBlt
winspool.drv
DocumentPropertiesA
advapi32
GetFileSecurityA
shell32
ShellExecuteA
comctl32
ImageList_GetImageInfo
shlwapi
PathRemoveFileSpecA
uxtheme
GetThemeSysColor
ole32
CoLockObjectExternal
oleaut32
VarBstrFromDec
oledlg
ord5
ws2_32
closesocket
hpsocket
HP_Destroy_TcpServer
gdiplus
GdiplusShutdown
avifil32
AVIFileInit
msvfw32
DrawDibDraw
imm32
ImmAssociateContext
oleacc
CreateStdAccessibleObject
winmm
PlaySoundA
msvcrt
strncpy
iphlpapi
GetInterfaceInfo
psapi
GetMappedFileNameW
Sections
.text Size: 9.6MB - Virtual size: 20.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 932KB - Virtual size: 936KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ