octD7D7[.]tmp[.]exe

Resubmissions

04/07/2024, 09:38

240704-lmh9hawhpg 7

02/07/2024, 14:32

240702-rwallswhpf 7

22/05/2024, 07:46

240522-jlzhzsgg31 7

Sharing

Copy URL

Twitter E-mail

General

Target

octD7D7.tmp.exe
Size

33.7MB
MD5

74101b1332fd411305ed3a74e4c7660c
SHA1

7e4719a43f71d202f4fe22d8b1ddb931666147d4
SHA256

79f1753c402633628edb67920ce50c9edf2cde5d018dbbd062be7882436302d6
SHA512

021fe376242a22721d1dabe693c1b52b7ee0363d74ffccc78b00632ff6c487f878819db6420b210c4c5628574cd82968237ed82d5d7366e2ad3144183675ed17
SSDEEP

786432:dn2H1mDiMBztKLxJAwlplv+Qqtf3J04jwKBdTe3OB+3:d2VmD7KllWQqtewwKBpWb

Score

1^/10

Malware Config

Signatures

Files

octD7D7.tmp.exe
.exe windows:4 windows x86 arch:x86

61259b55b8912888e90f516ca08dc514

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:11:6b:9f:2e:46:58:54:af:40:4e:de:fb:35:63:f0:c1:18:bd:f7:3e:23:22:b3:26:be:5e:66:b3:db:43:74
Signer

Actual PE Digest

2b:11:6b:9f:2e:46:58:54:af:40:4e:de:fb:35:63:f0:c1:18:bd:f7:3e:23:22:b3:26:be:5e:66:b3:db:43:74

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 180KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:c6:51:36:86:23:02:c1:3a:97:86:7a:fb:16:ee:4c:9e:4a:a1:f4:d9:11:49:27:cc:e9:26:f1:14:65:36:79
Signer

Actual PE Digest

2b:c6:51:36:86:23:02:c1:3a:97:86:7a:fb:16:ee:4c:9e:4a:a1:f4:d9:11:49:27:cc:e9:26:f1:14:65:36:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/aetihlp.dll
.dll windows:6 windows x86 arch:x86

a8f0b6c9f0936a5ba50fb67cdc944299

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fb:ae:81:02:c7:3a:f3:af:7f:b0:25:83:c1:db:ed:15:9f:0a:5c:cd:44:69:a6:ea:d3:f5:7c:98:64:81:ea:4b
Signer

Actual PE Digest

fb:ae:81:02:c7:3a:f3:af:7f:b0:25:83:c1:db:ed:15:9f:0a:5c:cd:44:69:a6:ea:d3:f5:7c:98:64:81:ea:4b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aetihlp.pdb

Imports

comctl32

ord413
ord410
ord412

wldap32

ord79
ord35
ord33
ord32
ord27
ord30
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord143
ord200
ord301
ord26
ord217

normaliz

IdnToUnicode
IdnToAscii

ws2_32

htons
socket
getservbyport
select
WSACleanup
WSAStartup
ntohs
WSAGetLastError
recvfrom
WSASetLastError
closesocket
WSAWaitForMultipleEvents
WSAIoctl
WSAResetEvent
shutdown
getpeername
accept
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
getservbyname
freeaddrinfo
sendto
gethostbyaddr
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
inet_ntoa
inet_addr
gethostbyname
setsockopt
gethostname
__WSAFDIsSet
ioctlsocket

netapi32

NetApiBufferFree
NetGetJoinInformation

kernel32

CreateFileW
GetFileSizeEx
ReadFile
SetFilePointer
SetEndOfFile
WriteFile
SetLastError
FindFirstFileW
GetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
CreateProcessW
GetExitCodeProcess
Sleep
DecodePointer
DeleteCriticalSection
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
MultiByteToWideChar
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableW
GetConsoleMode
WaitForSingleObject
ReadConsoleA
ReadConsoleW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
VirtualFree
GetACP
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
GetSystemTime
SystemTimeToFileTime
GetModuleHandleW
GetProcAddress
GetTickCount
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
GetCurrentProcessId
SetEvent
CloseHandle
OpenEventW
CreateEventW
CreateEventA
LocalFree
FormatMessageA
LeaveCriticalSection
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
CreateMutexW
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
UnlockFile
EnterCriticalSection
GetLastError
InitializeCriticalSectionEx
HeapDestroy
GetProcessHeap
SetConsoleMode
HeapFree
HeapReAlloc
HeapSize
FormatMessageW
WideCharToMultiByte
LockFileEx
CreateFileMappingW
MapViewOfFile
OutputDebugStringA
WriteConsoleW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetModuleFileNameA
ExitProcess
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
OpenEventA
GetCPInfo
LCMapStringEx
EncodePointer
TryAcquireSRWLockExclusive
GetStringTypeW
RaiseException
IsDebuggerPresent
LoadLibraryExW
GetExitCodeThread
TerminateThread
CreateThread
CreateMutexA
ReleaseMutex
TryEnterCriticalSection
InitializeCriticalSection
QueryFullProcessImageNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFileSize
LocalAlloc
CompareStringW
GlobalFree
ResetEvent
SetThreadLocale
GetThreadLocale
VirtualQuery
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
GetCurrentThread
OutputDebugStringW
SystemTimeToTzSpecificLocalTime
MoveFileExW
GetTempPathW
GetTempFileNameW
GetFileAttributesExW
FindFirstFileExW
CreateDirectoryW
ExpandEnvironmentStringsW
FindResourceW
SizeofResource
LockResource
LoadResource
FreeResource
GetModuleFileNameW
HeapAlloc
IsWow64Process
GetVersionExW
GetCurrentProcess
FileTimeToSystemTime
GetUserDefaultLCID
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
LCMapStringW
GetStringTypeExW
CreateHardLinkW
GetTickCount64
GetUserGeoID
GetGeoInfoW

user32

SetRect
SetWindowPos
GetDC
GetClientRect
SetWindowTextW
RedrawWindow
GetWindowTextW
SetTimer
SendMessageW
GetDlgItem
GetWindowRect
ScreenToClient
MoveWindow
SystemParametersInfoW
CopyRect
GetDesktopWindow
DestroyMenu
CreatePopupMenu
GetParent
wsprintfW
SetProcessDefaultLayout
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
FindWindowW
GetWindowThreadProcessId
AllowSetForegroundWindow
LoadStringW
UpdateWindow
ShowWindow
GetDlgItemTextW
DrawTextExW
GetClassNameW
GetSysColor
SetParent
EnumChildWindows
LoadIconW
GetSystemMetrics
PeekMessageW
DispatchMessageW
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
IsWindow

gdi32

SetBkMode
CreateSolidBrush
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC
CreateDIBSection
GetObjectW

advapi32

RegCloseKey
ReportEventW
CryptAcquireContextW
RegCreateKeyExW
GetUserNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCopyTreeW
RegFlushKey
ConvertSidToStringSidW
LookupAccountNameW
RegOpenKeyW
OpenThreadToken
GetTokenInformation
OpenProcessToken
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
CryptDestroyKey
RegDeleteValueW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
RegisterEventSourceW

ole32

PropVariantClear
CoTaskMemFree
CoInitializeEx
StringFromGUID2
CoUninitialize
CoInitializeSecurity
CoCreateInstance
CoCreateGuid

oleaut32

VariantCopy
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString

gdiplus

GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipFlush
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdiplusStartup
GdipCreateBitmapFromScan0
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdiplusShutdown

bcrypt

BCryptGenRandom

msi

ord173
ord217

rpcrt4

RpcStringFreeW
UuidToStringW

wininet

DeleteUrlCacheEntryW
InternetQueryOptionW

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust

crypt32

CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetNameStringW
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertCloseStore
CertDuplicateCertificateContext

userenv

ExpandEnvironmentStringsForUserW

version

VerQueryValueW

shlwapi

SHRegDuplicateHKey
ord487
StrRetToBufW
ord176
PathFileExistsW

secur32

GetUserNameExW

shell32

SHBindToParent
SHGetDesktopFolder
SHGetKnownFolderPath
SHGetFolderPathW
SHFileOperationW
SHGetMalloc
ShellExecuteExW
SHCreateDirectoryExW

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 812KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R7/IconCache/persistent/$SMPROGRAMS/Lenovo App Explorer.lnk
.lnk
$R7/IconCache/persistent/Lenovo App Explorer.ico
$_23_/HostAppService.exe
.exe windows:6 windows x86 arch:x86

16d8fb7351051ef908ee81c71da233e7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:62:14:db:9b:54:c8:42:60:af:c0:bf:f0:cb:9b:06:80:5c:ff:ab:31:97:ed:83:6e:0e:93:f2:7a:13:45:17
Signer

Actual PE Digest

58:62:14:db:9b:54:c8:42:60:af:c0:bf:f0:cb:9b:06:80:5c:ff:ab:31:97:ed:83:6e:0e:93:f2:7a:13:45:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HostAppService.pdb

Imports

msimg32

AlphaBlend

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdipCloneImage
GdiplusStartup
GdipSetStringFormatFlags
GdipFillRectangle
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipCreateImageAttributes
GdipSaveImageToFile
GdipDrawImageRectI
GdipSetImageAttributesWrapMode
GdipSetCompositingMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreatePath
GdipDeletePath
GdipClosePathFigures
GdipAddPathLine
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipFlush
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipSetCompositingQuality
GdipSetPixelOffsetMode
GdipSetTextRenderingHint
GdipDrawLine
GdipDrawLines
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateFromHDC
GdipDeleteGraphics
GdipTranslateWorldTransform
GdipDrawRectangle
GdipSetStringFormatTrimming
GdipRotateWorldTransform
GdipGraphicsClear
GdipDrawImageRectRect
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipFillEllipse
GdipFillPath
GdipDrawImage
GdipSetClipRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipGetImageHeight
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat

kernel32

FindResourceW
SizeofResource
LockResource
LoadResource
GetModuleHandleW
GetSystemTime
GetCurrentThreadId
SetLastError
RaiseException
SetFileTime
CreateFileW
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
GetSystemDirectoryW
CreateThread
CreateEventW
CreateEventA
WaitForSingleObjectEx
WaitForSingleObject
SetEvent
CloseHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
DeleteCriticalSection
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetErrorMode
GetLastError
GetFileAttributesW
SetConsoleMode
ReadConsoleA
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
VirtualLock
SwitchToFiber
GlobalLock
GlobalFree
GetTickCount
GetVersion
WaitForMultipleObjects
VirtualQuery
DecodePointer
MulDiv
FindResourceExW
GetUserGeoID
GetGeoInfoW
GetSystemPowerStatus
DeleteFiber
CreateFiberEx
WriteConsoleW
OutputDebugStringA
GetCommandLineA
FindNextFileA
FindFirstFileExA
SetConsoleCtrlHandler
GetOEMCP
IsValidCodePage
SetDllDirectoryW
SetDefaultDllDirectories
OpenProcess
SetProcessShutdownParameters
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
Sleep
OpenEventW
SetUnhandledExceptionFilter
CreateDirectoryW
GetCommandLineW
ResetEvent
GetUserDefaultUILanguage
GetLocaleInfoW
InitializeCriticalSectionEx
SystemTimeToFileTime
ConvertFiberToThread
ConvertThreadToFiberEx
MapViewOfFile
CreateFileMappingW
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
SetEnvironmentVariableA
GetTimeZoneInformation
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEndOfFile
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetACP
GetModuleFileNameA
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwind
CreateWaitableTimerA
GetLogicalProcessorInformation
TlsFree
ResumeThread
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
GetStartupInfoW
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
CreateSymbolicLinkW
UnmapViewOfFile
CreateMutexW
UnlockFileEx
LockFile
GetDiskFreeSpaceW
HeapCreate
AcquireSRWLockExclusive
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetTickCount64
GetCurrentProcessorNumber
FlushProcessWriteBuffers
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
SetFileInformationByHandle
GetCPInfo
CompareStringEx
LCMapStringEx
TryAcquireSRWLockExclusive
GetStringTypeW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
CreateDirectoryA
GetFileSize
TryEnterCriticalSection
InitializeCriticalSection
GetConsoleDisplayMode
AttachConsole
FreeConsole
QueryFullProcessImageNameW
LocalAlloc
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoA
FindResourceA
SetThreadLocale
GetThreadLocale
TlsSetValue
TlsGetValue
TlsAlloc
CreateMutexA
ReleaseMutex
GetFileSizeEx
ReleaseSRWLockExclusive
AreFileApisANSI
QueryPerformanceCounter
MultiByteToWideChar
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
MoveFileExA
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetSystemInfo
VirtualProtect
LoadLibraryExA
GetSystemDefaultUILanguage
GetStringTypeExW
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoEx
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
OutputDebugStringW
GetCurrentThread
GetModuleFileNameW
FileTimeToSystemTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
GetTempFileNameW
SetFilePointer
WriteFile
GetTempPathW
IsWow64Process
CopyFileW
MoveFileExW
SystemTimeToTzSpecificLocalTime
GetEnvironmentVariableW
ProcessIdToSessionId
GetVersionExW
LoadLibraryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentPackageFamilyName
FreeResource
EnumResourceNamesW
GetCurrentPackageFullName
PackageIdFromFullName
GetPackagesByPackageFamily
OpenPackageInfoByFullName
ClosePackageInfo
GetPackageInfo
GetExitCodeProcess
GetVolumeInformationW
GetComputerNameW
GlobalReAlloc
GlobalSize
GlobalUnlock
DosDateTimeToFileTime
CompareStringW
SetThreadPriority
GetThreadPriority
TerminateThread
GetExitCodeThread

wininet

FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetQueryOptionW
InternetSetOptionW

comctl32

_TrackMouseEvent
ord410
ord413

wtsapi32

WTSRegisterSessionNotification
WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize

ws2_32

WSASetEvent
WSAResetEvent
WSAEventSelect
htonl
WSACreateEvent
closesocket
send
getsockopt
WSASetLastError
WSAGetLastError
ntohs
WSAStartup
WSACleanup
gethostname
ioctlsocket
getpeername
sendto
recvfrom
setsockopt
WSAIoctl
htons
listen
recv
accept
socket
bind
connect
__WSAFDIsSet
getaddrinfo
WSACloseEvent
getsockname
WSAEnumNetworkEvents
freeaddrinfo
WSAWaitForMultipleEvents
select
shutdown
getservbyname
getservbyport
gethostbyaddr
gethostbyname
inet_addr
inet_ntoa

wldap32

ord30
ord200
ord301
ord79
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord143
ord35

normaliz

IdnToAscii
IdnToUnicode

gdi32

SetDIBColorTable
GetStockObject
SetLayout
GetObjectW
SetDIBits
SetBrushOrgEx
CreateCompatibleBitmap
CreateDIBSection
SetBkMode
SelectObject
DeleteObject
CreateFontIndirectW
CreateCompatibleDC
BitBlt
DeleteDC
GetDeviceCaps
CreateBitmap
CreateSolidBrush
GetTextExtentPoint32W
SetMapMode
CreateFontW
GetDIBits
SetTextColor
GetTextMetricsW
TextOutW
LPtoDP
AddFontMemResourceEx
SetBkColor

advapi32

DuplicateTokenEx
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CryptDestroyKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptAcquireContextW
OpenProcessToken
OpenThreadToken
RegOpenKeyW
GetSidSubAuthority
GetTokenInformation
RegEnumKeyExW
LookupAccountNameW
ConvertSidToStringSidW
RegEnumValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ConvertStringSidToSidW
RegFlushKey
RegQueryInfoKeyW
RegDeleteTreeW
RegCopyTreeW
AddAccessAllowedAceEx
AddAce
SetSecurityInfo
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorSacl
InitializeAcl
GetUserNameW
GetSecurityInfo

ole32

CoCreateGuid
StringFromGUID2
CoCreateInstance
CoInitializeSecurity
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoInitialize
CoSetProxyBlanket
PropVariantClear
OleCreate
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
OleSetContainedObject

oleaut32

CreateErrorInfo
SetErrorInfo
VariantClear
GetErrorInfo
SysStringLen
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocStringLen
VariantCopy
VariantChangeType
SysAllocString
VariantInit
SysFreeString

shlwapi

SHRegDuplicateHKey
ord176
PathGetArgsW
AssocQueryStringW
PathFileExistsW
ord487
StrRetToBufW
StrChrIW

bcrypt

BCryptGenRandom

msi

ord217
ord173

rpcrt4

UuidCreateSequential
RpcStringFreeW
UuidToStringW

winhttp

WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCloseHandle

crypt32

CertFreeCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext

userenv

GetUserProfileDirectoryW
ExpandEnvironmentStringsForUserW

version

VerQueryValueW

powrprof

GetPwrCapabilities

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString

secur32

GetUserNameExW

comdlg32

GetSaveFileNameW

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_23_/HostAppServiceInterface.exe
.exe windows:6 windows x64 arch:x64

e4d1bdcd94349badfe632f08b25de02b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:bc:42:0e:07:02:26:93:43:4d:fe:9e:db:0a:55:79:f5:4e:eb:2e:22:b8:80:e9:99:4d:0c:95:a3:14:8f:49
Signer

Actual PE Digest

4e:bc:42:0e:07:02:26:93:43:4d:fe:9e:db:0a:55:79:f5:4e:eb:2e:22:b8:80:e9:99:4d:0c:95:a3:14:8f:49

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

HostAppServiceInterface.pdb

Imports

kernel32

ReleaseSRWLockShared
AcquireSRWLockShared
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetGeoInfoW
GetUserGeoID
VerSetConditionMask
GetEnvironmentVariableW
OpenProcess
GetVersionExW
FreeLibrary
GetModuleFileNameW
LoadLibraryW
VerifyVersionInfoW
GetLocaleInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
ExpandEnvironmentStringsW
DeleteFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetLongPathNameW
ReadFile
SetFilePointer
WriteFile
GetTempPathW
CopyFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
UnregisterWaitEx
RegisterWaitForSingleObject
CancelIo
SleepEx
QueueUserAPC
lstrlenW
ReadDirectoryChangesW
SetLastError
LoadLibraryA
LCMapStringW
GetUserDefaultLCID
OutputDebugStringW
GetCurrentThread
GetPackagesByPackageFamily
OpenPackageInfoByFullName
ClosePackageInfo
GetPackageInfo
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetFileAttributesW
GetFileSizeEx
LoadLibraryExW
CreateThread
GetFileSize
ReleaseMutex
CreateMutexA
CompareStringW
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualFree
GetModuleHandleA
LocalAlloc
QueryFullProcessImageNameW
InitializeCriticalSection
TryEnterCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
MultiByteToWideChar
IsDebuggerPresent
RaiseException
GetStringTypeW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EncodePointer
LCMapStringEx
GetCPInfo
GetSystemTimeAsFileTime
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
TlsFree
GetSystemInfo
CreateWaitableTimerA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
ExitProcess
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
GetStdHandle
GetACP
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
OutputDebugStringA
SetStdHandle
WriteConsoleW
SetEndOfFile
GetFullPathNameW
HeapCreate
AreFileApisANSI
RtlUnwind
GetDriveTypeW
PeekNamedPipe
GetEnvironmentVariableA
CompareFileTime
MoveFileExA
GetSystemDirectoryA
SwitchToFiber
DeleteFiber
InitializeSRWLock
CreateFiberEx
SetConsoleMode
ReadConsoleA
ConvertFiberToThread
ConvertThreadToFiberEx
MapViewOfFile
CreateFileMappingW
GetSystemTime
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
CreateMutexW
WaitForSingleObject
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SetUnhandledExceptionFilter
SetDefaultDllDirectories
SetDllDirectoryW
FreeConsole
AttachConsole
GetCurrentThreadId
CreateFileW
CreateDirectoryW
GetCurrentProcessId
GetCurrentProcess
Sleep
GetModuleHandleW
GetProcAddress
GetLastError
WaitForMultipleObjects
GetTickCount
ResetEvent
HeapFree
GetProcessHeap
HeapAlloc
SetEvent
WaitForSingleObjectEx
CloseHandle
CreateEventW
GetCurrentDirectoryW
CreateEventA
LocalFree
WideCharToMultiByte
FormatMessageW
FormatMessageA
UnlockFileEx

gdiplus

GdiplusShutdown
GdiplusStartup

user32

PeekMessageW
TranslateMessage
DispatchMessageW
LoadStringW
LoadIconW
RegisterClassExW
CreateWindowExW
PostQuitMessage
DefWindowProcW
FindWindowW
SendMessageW
MsgWaitForMultipleObjects
GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW
wsprintfW
LoadCursorW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
CryptAcquireContextA
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegNotifyChangeKeyValue
RegCreateKeyExW
OpenThreadToken
RegOpenKeyW
LookupAccountNameW
RegDeleteValueW
RegSetValueExW
ConvertSidToStringSidW
RegEnumValueW
RegQueryInfoKeyW
CryptGetUserKey
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEnumProvidersW

shell32

SHFileOperationW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetDesktopFolder
CommandLineToArgvW
SHGetMalloc

ole32

CoCreateGuid
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoUninitialize
CoInitializeEx
StringFromGUID2

oleaut32

SysFreeString
SysAllocStringLen
VariantClear

msi

ord173
ord217

rpcrt4

UuidToStringW
RpcStringFreeW

userenv

ExpandEnvironmentStringsForUserW

shlwapi

PathFindFileNameW
ord487
StrRetToBufW
SHRegDuplicateHKey
PathFileExistsW

bcrypt

BCryptGenRandom

crypt32

CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertCloseStore
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertFreeCertificateContext

ws2_32

listen
setsockopt
socket
WSACreateEvent
shutdown
WSAEventSelect
closesocket
bind
accept
send
WSAIoctl
recv
WSASetLastError
__WSAFDIsSet
getaddrinfo
freeaddrinfo
getservbyname
getservbyport
gethostname
gethostbyaddr
inet_ntoa
inet_addr
htons
htonl
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
select
ntohs
getsockopt
getsockname
ioctlsocket
connect
recvfrom
sendto
getpeername
WSAEnumNetworkEvents
WSACloseEvent

wldap32

ord45
ord60
ord30
ord211
ord50
ord217
ord200
ord143
ord79
ord41
ord22
ord26
ord27
ord301
ord32
ord33
ord46
ord35

normaliz

IdnToUnicode
IdnToAscii

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_23_/HostAppServiceUpdateManager.exe
.exe windows:6 windows x64 arch:x64

ef5919bdaa178e77221a0da685f058b5

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ac:6e:5d:f2:70:57:e7:06:50:cd:65:8d:3c:84:d0:1f:e6:37:dc:bd:bc:23:7e:7f:11:a5:56:78:fa:33:9b:6a
Signer

Actual PE Digest

ac:6e:5d:f2:70:57:e7:06:50:cd:65:8d:3c:84:d0:1f:e6:37:dc:bd:bc:23:7e:7f:11:a5:56:78:fa:33:9b:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

HostAppServiceUpdateManager.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

GetGeoInfoW
MoveFileExA
CancelIo
QueueUserAPC
DecodePointer
GetLastError
HeapDestroy
HeapAlloc
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiberEx
VirtualQuery
LoadLibraryExA
FileTimeToSystemTime
lstrlenW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
FindFirstFileExW
GetFileInformationByHandle
HeapReAlloc
HeapFree
HeapSize
ReadDirectoryChangesW
UnregisterWaitEx
RegisterWaitForSingleObject
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
LoadLibraryW
FreeResource
GetProductInfo
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
GetUserDefaultLCID
DeleteCriticalSection
CreateDirectoryW
CreateFileW
LCMapStringW
GetStringTypeExW
LoadLibraryA
FreeLibrary
LocalAlloc
GetProcAddress
GetModuleHandleW
GetTickCount64
CloseHandle
SetUnhandledExceptionFilter
SetEvent
GlobalMemoryStatusEx
GetCurrentThread
WaitForSingleObject
GetDiskFreeSpaceExW
ResetEvent
CreateEventA
CreateEventW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetUserDefaultUILanguage
GetLocaleInfoW
GlobalFree
SetDefaultDllDirectories
LocalFree
FormatMessageA
FormatMessageW
SetDllDirectoryW
WideCharToMultiByte
WaitForMultipleObjects
GetLongPathNameW
GetTempFileNameW
WriteConsoleW
GetCommandLineW
GetCommandLineA
FindNextFileA
FindFirstFileExA
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
GetTimeZoneInformation
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
GetModuleFileNameA
ExitProcess
SetConsoleCtrlHandler
GlobalLock
GlobalAlloc
FindResourceW
SizeofResource
LockResource
LoadResource
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetDriveTypeW
InitializeCriticalSectionAndSpinCount
RtlUnwind
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
CreateWaitableTimerA
GetLogicalProcessorInformation
ResumeThread
SetWaitableTimer
OpenEventA
WaitForMultipleObjectsEx
ReleaseSemaphore
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
CreateSymbolicLinkW
GetFileInformationByHandleEx
CloseThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CreateThreadpoolTimer
FreeLibraryWhenCallbackReturns
GetCurrentProcessorNumber
FlushProcessWriteBuffers
SetLastError
RaiseException
CreateSemaphoreA
WaitForSingleObjectEx
CreateSemaphoreExW
CreateEventExW
InitOnceExecuteOnce
SetFileInformationByHandle
GetCPInfo
CompareStringEx
LCMapStringEx
TryAcquireSRWLockExclusive
GetStringTypeW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetFileTime
CreateHardLinkW
CreateDirectoryA
EnumResourceNamesW
CreateMutexA
ReleaseMutex
GetLocaleInfoEx
CompareStringW
DosDateTimeToFileTime
GetCurrentPackageFamilyName
GetSystemDefaultUILanguage
GetVersionExW
GetConsoleDisplayMode
AttachConsole
FreeConsole
MulDiv
GlobalUnlock
GlobalSize
GlobalReAlloc
GetExitCodeProcess
TerminateProcess
FindResourceExW
GetThreadPriority
SetThreadPriority
IsWow64Process
GetExitCodeThread
TerminateThread
CreateThread
GetComputerNameW
GetSystemDirectoryW
GetVolumeInformationW
LoadLibraryExW
GetFileSizeEx
SetThreadLocale
GetThreadLocale
GetModuleFileNameW
GetUserGeoID
QueryFullProcessImageNameW
OpenProcess
OpenEventW
DuplicateHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
MoveFileExW
CopyFileW
VerifyVersionInfoW

shlwapi

StrChrIW
ord487
PathFileExistsW
SHRegDuplicateHKey
ord176
PathFindFileNameW
ord437
PathGetArgsW
AssocQueryStringW
UrlEscapeW
StrRetToBufW

gdiplus

GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipSetClipRectI
GdipDrawImageRectRectI
GdipDrawImageRectRect
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipDrawImage
GdipFillPath
GdipFillEllipse
GdipSetStringFormatTrimming
GdipGetImageWidth
GdipCreateFont
GdipBitmapLockBits
GdipCreateFontFamilyFromName
GdipFillRectangle
GdipGraphicsClear
GdipDrawRectangle
GdipDrawLines
GdipDrawLine
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipGetImageHeight
GdipGetGenericFontFamilySansSerif
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC
GdipFlush
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipCloneBrush
GdipAddPathLine
GdipClosePathFigures
GdipDeletePath
GdipCreatePath
GdiplusStartup
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipGetImagePixelFormat
GdipGetImageEncodersSize
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipDeleteFontFamily
GdiplusShutdown
GdipCreateSolidFill

ws2_32

WSAResetEvent
WSAWaitForMultipleEvents
WSASetEvent
inet_pton
closesocket
WSASetLastError
WSAGetLastError
ntohs
WSAEventSelect
WSAEnumNetworkEvents
WSAStartup
WSACleanup
setsockopt
WSAIoctl
htons
socket
__WSAFDIsSet
select
accept
bind
connect
WSACreateEvent
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
gethostbyname
ioctlsocket
gethostname
shutdown
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
getsockopt
WSACloseEvent
send

wldap32

ord27
ord26
ord22
ord41
ord50
ord45
ord33
ord35
ord79
ord30
ord60
ord200
ord301
ord32
ord211
ord46
ord217
ord143

normaliz

IdnToAscii
IdnToUnicode

netapi32

NetApiBufferFree
NetGetJoinInformation

oleaut32

VariantInit
SysFreeString
VariantClear
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysStringLen

api-ms-win-core-libraryloader-l1-2-0

LoadStringW
GetModuleHandleA

api-ms-win-core-com-l1-1-1

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoInitializeSecurity
PropVariantClear
CoTaskMemAlloc
CoSetProxyBlanket
StringFromGUID2

api-ms-win-core-registry-l1-1-0

RegCopyTreeW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegDeleteTreeW
RegFlushKey
RegCreateKeyExW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegCloseKey
RegEnumValueW
RegOpenKeyExW

api-ms-win-core-processthreads-l1-1-2

OpenProcessToken
TlsGetValue
TlsSetValue
OpenThreadToken
TlsAlloc
TlsFree

api-ms-win-security-base-l1-2-0

GetAclInformation
GetAce
IsValidSid
GetLengthSid
GetTokenInformation
DuplicateTokenEx
InitializeAcl
GetSecurityDescriptorSacl
GetSidSubAuthority
AddAce
AddAccessAllowedAceEx

api-ms-win-security-lsalookup-l2-1-1

LookupAccountNameW
LookupAccountSidW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsDeleteString
WindowsCreateString

api-ms-win-core-synch-l1-2-0

AcquireSRWLockExclusive
InitializeCriticalSection
ReleaseSRWLockShared
InitializeSRWLock
CreateMutexW
AcquireSRWLockShared
SleepEx
Sleep
TryEnterCriticalSection
ReleaseSRWLockExclusive

api-ms-win-core-profile-l1-1-0

QueryPerformanceFrequency
QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-2-1

GetSystemTime
GetTickCount
GetSystemInfo
GetSystemTimeAsFileTime
VerSetConditionMask
GetSystemDirectoryA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

bcrypt

BCryptGenRandom

api-ms-win-core-file-l1-2-1

GetFullPathNameW
FlushFileBuffers
GetFileSize
FindFirstFileW
GetDiskFreeSpaceW
DeleteFileW
DeleteFileA
CreateFileA
FindClose
LockFile
UnlockFile
GetFileAttributesExW
WriteFile
ReadFile
GetFileType
SetFilePointer
GetFullPathNameA
LockFileEx
CompareFileTime
SetEndOfFile
GetFileAttributesA
GetDiskFreeSpaceA
UnlockFileEx
GetTempPathW
GetFileAttributesW
FindNextFileW

crypt32

CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFindCertificateInStore
CertOpenStore
CryptVerifyMessageSignature
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CertOpenSystemStoreA
CertEnumCertificatesInStore

api-ms-win-core-processenvironment-l1-2-0

GetEnvironmentVariableA
GetStdHandle
GetEnvironmentVariableW

api-ms-win-core-namedpipe-l1-2-0

PeekNamedPipe

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW

api-ms-win-core-memory-l1-1-2

VirtualLock
VirtualFree
VirtualProtect
CreateFileMappingW
MapViewOfFile
VirtualAlloc
FlushViewOfFile
UnmapViewOfFile

api-ms-win-core-localization-l1-2-1

GetACP

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime

api-ms-win-core-heap-l1-2-0

HeapCreate
HeapCompact
HeapValidate

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
OutputDebugStringW

api-ms-win-core-file-l1-2-2

AreFileApisANSI
GetTempPathA

propsys

VariantCompare

gdi32

CreateSolidBrush
GetDeviceCaps
GetStockObject
AddFontMemResourceEx
SetBkColor
SetBkMode
SetMapMode
CreateFontIndirectW
GetTextMetricsW
CreateCompatibleBitmap
CreateFontW
GetTextExtentPoint32W
TextOutW
LPtoDP
CreateBitmap
GetObjectW
SetTextColor
DeleteDC
CreateCompatibleDC
DeleteObject
SelectObject
CreateDIBSection
GetDIBits

advapi32

RegEnumKeyW
GetUserNameW
GetSecurityInfo
SetSecurityInfo
RegOpenKeyW
SetEntriesInAclW
GetNamedSecurityInfoW
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegDeleteKeyW
SetNamedSecurityInfoW

shell32

SHBindToParent
SHGetMalloc
SHGetFileInfoW
ShellExecuteExW
SHCreateDirectoryExW
CommandLineToArgvW
SHAppBarMessage
SHCreateItemFromParsingName
SHFileOperationW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetSettings
SHGetDesktopFolder
SHEvaluateSystemCommandTemplate
SHQueryUserNotificationState
SHGetPropertyStoreForWindow
ShellExecuteW

msi

ord217
ord173

rpcrt4

RpcStringFreeW
UuidCreateSequential
UuidToStringW

wininet

InternetQueryOptionW
DeleteUrlCacheEntryW

winhttp

WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpOpen

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW

comctl32

ord413
ord410

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

secur32

GetUserNameExW

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

api-ms-win-service-management-l1-1-0

OpenSCManagerW
OpenServiceW
CloseServiceHandle

api-ms-win-service-core-l1-1-1

EnumServicesStatusExW

api-ms-win-service-management-l2-1-0

NotifyServiceStatusChangeW

comdlg32

GetSaveFileNameW

api-ms-win-core-version-l1-1-0

VerQueryValueW

Sections

.text
Size: 8.7MB - Virtual size: 8.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_23_/HostAppServiceUpdater.exe
.exe windows:6 windows x64 arch:x64

41fd82943b92b19604041e39fdea90b4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9e:77:5b:c7:55:c1:03:79:ae:19:d6:9b:b5:af:d1:b0:33:d4:f4:e1:c4:c7:1c:64:f0:00:b5:0f:a1:e9:f4
Signer

Actual PE Digest

19:9e:77:5b:c7:55:c1:03:79:ae:19:d6:9b:b5:af:d1:b0:33:d4:f4:e1:c4:c7:1c:64:f0:00:b5:0f:a1:e9:f4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

HostAppServiceUpdater.pdb

Imports

kernel32

MapViewOfFile
CreateFileMappingW
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
LockFile
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
DecodePointer
UnregisterWaitUntilOOBECompleted
RegisterWaitUntilOOBECompleted
OOBEComplete
SetDllDirectoryW
SetDefaultDllDirectories
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
CreateWaitableTimerW
Sleep
CancelWaitableTimer
SetWaitableTimer
CreateEventW
WaitForSingleObject
ResetEvent
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
SetUnhandledExceptionFilter
CreateFileW
CreateDirectoryW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
GetProcAddress
GetModuleHandleW
ProcessIdToSessionId
GetCurrentProcessId
CreateEventA
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
CloseHandle
WriteConsoleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
MultiByteToWideChar
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
WriteFile
GetACP
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
RaiseException
VirtualQuery
LoadLibraryExA
GetTickCount64
CreateHardLinkW
DuplicateHandle
TerminateThread
CreateSemaphoreA
GetStringTypeExW
LCMapStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoEx
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
GetTempFileNameW
SetFilePointer
GetTempPathW
IsWow64Process
CopyFileW
MoveFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OpenEventW
OpenProcess
LocalAlloc
QueryFullProcessImageNameW
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetUserGeoID
GetVersionExW
GetModuleFileNameW
GetCurrentPackageFamilyName
LoadLibraryExW
EnumResourceNamesW
OutputDebugStringW
GetCurrentThread
GetThreadLocale
SetThreadLocale
GetExitCodeProcess
GetFileAttributesW
GetFileSizeEx
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
CreateThread
SetThreadPriority
GetThreadPriority
GetExitCodeThread
InitializeCriticalSection
TryEnterCriticalSection
ReleaseMutex
CreateMutexA
FindResourceExW
GetFileSize
DosDateTimeToFileTime
CompareStringW
GlobalFree
FreeConsole
AttachConsole
GetConsoleDisplayMode
CreateDirectoryA
IsDebuggerPresent
GetStringTypeW
TryAcquireSRWLockExclusive
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
SetFileInformationByHandle
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
ExitProcess
GetModuleHandleExW
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
GetModuleFileNameA
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
GetTimeZoneInformation
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
OutputDebugStringA
GetGeoInfoW

gdiplus

GdipCreateFromHWND
GdipCreateFromHDC
GdipFlush
GdipAlloc
GdiplusShutdown
GdipGraphicsClear
GdipCreateFromHWNDICM
GdipDrawLine
GdipSetImageAttributesColorMatrix
GdipDeletePen
GdipFillRectangle
GdipFillEllipse
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathLine
GdipClosePathFigures
GdipDeletePath
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipCreatePath
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDrawLines
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipSaveImageToFile
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDeleteGraphics
GdipSetImageAttributesWrapMode
GdipFillPath
GdipDrawImage
GdipDrawImageRectRect
GdipSetClipRectI
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDeleteFont
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipFree
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDrawRectangle

wldap32

ord79
ord30
ord200
ord301
ord217
ord35
ord33
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord143
ord32

normaliz

IdnToUnicode
IdnToAscii

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

secur32

GetUserNameExW

netapi32

NetGetJoinInformation
NetApiBufferFree

gdi32

SelectObject
CreateDIBSection
GetObjectW
CreateBitmap
CreateCompatibleDC
DeleteDC
DeleteObject
GetDIBits

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
InitializeAcl
GetUserNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
GetSecurityInfo
SetSecurityInfo
LookupAccountNameW
GetSidSubAuthority
OpenThreadToken
RegOpenKeyW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
OpenProcessToken
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
RegDeleteTreeW
RegCopyTreeW
AddAccessAllowedAceEx
AddAce
DuplicateTokenEx
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorSacl
GetTokenInformation
CryptDestroyKey
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
RegCloseKey

shell32

SHGetSettings
SHQueryUserNotificationState
SHGetKnownFolderPath
SHEvaluateSystemCommandTemplate
SHCreateDirectoryExW
SHGetMalloc
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
SHGetFolderPathW
SHGetDesktopFolder
SHBindToParent
CommandLineToArgvW

ole32

PropVariantClear
StringFromGUID2
CoUninitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString
VariantClear
CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SysStringLen
VariantCopy
VariantInit
SysAllocStringLen

bcrypt

BCryptGenRandom

msi

ord173
ord217

rpcrt4

UuidCreateSequential
UuidToStringW
RpcStringFreeW

wininet

DeleteUrlCacheEntryW
InternetQueryOptionW

winhttp

WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

crypt32

CryptVerifyMessageSignature
CertGetNameStringW
CryptMsgGetParam
CryptMsgClose
CryptQueryObject
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertCloseStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW

shlwapi

SHRegDuplicateHKey
StrChrIW
PathFileExistsW
ord487
StrRetToBufW
AssocQueryStringW
ord176
PathGetArgsW

ws2_32

WSACleanup
setsockopt
WSAIoctl
htons
ntohs
__WSAFDIsSet
select
accept
bind
connect
WSAGetLastError
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAStartup
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
shutdown
gethostbyname
WSASetLastError
closesocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
getsockname
socket

powrprof

GetPwrCapabilities

version

VerQueryValueW

comdlg32

GetSaveFileNameW

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 57KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 345KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_23_/HostAppServiceUpdaterMetrics.exe
.exe windows:6 windows x64 arch:x64

773688c47f24a980348d35903b105dca

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1f:21:e2:95:63:52:7f:1d:ca:2d:7d:b2:71:53:7f:3c:59:d2:df:61:a6:f0:db:5f:0e:7c:28:46:80:99:09:cb
Signer

Actual PE Digest

1f:21:e2:95:63:52:7f:1d:ca:2d:7d:b2:71:53:7f:3c:59:d2:df:61:a6:f0:db:5f:0e:7c:28:46:80:99:09:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

HostAppServiceUpdaterMetrics.pdb

Imports

kernel32

MapViewOfFile
CreateFileMappingW
LockFileEx
UnlockFile
HeapCompact
DeleteFileA
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
CreateMutexW
UnlockFileEx
LockFile
GetDiskFreeSpaceW
HeapCreate
AreFileApisANSI
GetGeoInfoW
SetDllDirectoryW
SetDefaultDllDirectories
GetCurrentThreadId
GetCurrentProcess
CreateEventW
ResetEvent
SetUnhandledExceptionFilter
CreateFileW
CreateDirectoryW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
GetModuleHandleW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
WaitForSingleObject
MultiByteToWideChar
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
LoadLibraryA
Sleep
SetLastError
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
WriteFile
GetACP
ProcessIdToSessionId
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
FindClose
FindFirstFileW
FindNextFileW
GetSystemTime
SystemTimeToFileTime
RaiseException
VirtualQuery
LoadLibraryExA
ReleaseSemaphore
GetStringTypeExW
LCMapStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoEx
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
GetExitCodeThread
FileTimeToSystemTime
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
GetTempFileNameW
SetFilePointer
GetTempPathW
IsWow64Process
CopyFileW
MoveFileExW
SystemTimeToTzSpecificLocalTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OpenEventW
OpenProcess
LocalAlloc
QueryFullProcessImageNameW
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetVersionExW
GetModuleFileNameW
GetCurrentPackageFamilyName
OutputDebugStringW
GetThreadLocale
SetThreadLocale
GetUserGeoID
GetFileAttributesW
GetFileSizeEx
FreeResource
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryExW
InitializeCriticalSection
TryEnterCriticalSection
ReleaseMutex
CreateMutexA
FindResourceExW
GetFileSize
DosDateTimeToFileTime
CompareStringW
FreeConsole
AttachConsole
GetConsoleDisplayMode
GlobalFree
CreateDirectoryA
IsDebuggerPresent
GetStringTypeW
TryAcquireSRWLockExclusive
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
SetFileInformationByHandle
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
ExitProcess
GetModuleHandleExW
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
GetModuleFileNameA
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
GetTimeZoneInformation
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
OutputDebugStringA
WriteConsoleW
GetCurrentProcessId
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
WideCharToMultiByte
FormatMessageW
FormatMessageA
LocalFree
CreateEventA
SetEvent
SwitchToFiber
CloseHandle
RtlUnwind

gdiplus

GdipFillPath
GdipFillEllipse
GdipGetImageHeight
GdiplusShutdown
GdipDeleteFont
GdipDrawImage
GdipDrawImageRectRect
GdipDrawString
GdipFillRectangle
GdipGraphicsClear
GdipMeasureString
GdipCreateStringFormat
GdipAlloc
GdipFree
GdipDrawRectangle
GdipDrawLines
GdipDrawLine
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipCloneImage
GdipDisposeImage
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFont
GdipFlush
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdiplusStartup
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatTrimming
GdipGetGenericFontFamilySansSerif
GdipDeleteBrush
GdipCloneBrush
GdipAddPathLine
GdipClosePathFigures
GdipDeletePath
GdipCreatePath
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdipGetImagePixelFormat
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipSetClipRectI
GdipCreateFromHDC
GdipDrawImageRectRectI
GdipGetImageWidth

wldap32

ord22
ord41
ord50
ord45
ord26
ord30
ord211
ord46
ord217
ord143
ord27
ord32
ord301
ord79
ord33
ord35
ord200
ord60

normaliz

IdnToUnicode
IdnToAscii

netapi32

NetApiBufferFree
NetGetJoinInformation

gdi32

DeleteObject
DeleteDC
GetDeviceCaps
GetObjectW
CreateDIBSection
SelectObject
CreateCompatibleDC
GetDIBits
CreateBitmap

advapi32

GetAce
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CloseServiceHandle
EnumServicesStatusExW
OpenSCManagerW
OpenServiceW
CryptDestroyHash
NotifyServiceStatusChangeW
OpenProcessToken
RegQueryValueExW
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegOpenKeyExW
RegCloseKey
CryptDecrypt
SetSecurityInfo
LookupAccountNameW
GetSidSubAuthority
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
RegDeleteTreeW
RegCopyTreeW
AddAccessAllowedAceEx
AddAce
DuplicateTokenEx
CryptExportKey
GetAclInformation
GetLengthSid
GetSecurityDescriptorSacl
GetTokenInformation
InitializeAcl
GetUserNameW
ConvertSidToStringSidW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
OpenThreadToken
CryptEnumProvidersW
CryptSignHashW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegOpenKeyW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetMalloc
SHCreateDirectoryExW
SHGetFolderPathW
SHGetKnownFolderPath
SHGetDesktopFolder
CommandLineToArgvW
SHFileOperationW
ShellExecuteExW
SHQueryUserNotificationState
SHAppBarMessage
SHBindToParent
SHGetSettings

ole32

StringFromGUID2
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
CoCreateGuid
PropVariantClear
CoTaskMemFree
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity

oleaut32

SysStringLen
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
VariantCopy
VariantInit
VariantChangeType
SysAllocString
SysAllocStringLen
VariantClear
GetErrorInfo
CreateErrorInfo
SysFreeString
SetErrorInfo

bcrypt

BCryptGenRandom

msi

ord173
ord217

rpcrt4

RpcStringFreeW
UuidCreateSequential
UuidToStringW

wininet

DeleteUrlCacheEntryW
InternetQueryOptionW

winhttp

WinHttpGetProxyForUrl
WinHttpOpen
WinHttpCloseHandle

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertGetEnhancedKeyUsage
CertCloseStore
CertOpenSystemStoreA
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertGetIntendedKeyUsage

userenv

GetUserProfileDirectoryW
ExpandEnvironmentStringsForUserW

shlwapi

ord176
SHRegDuplicateHKey
PathFileExistsW
StrChrIW
StrRetToBufW
ord487

ws2_32

recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
gethostbyname
inet_addr
inet_ntoa
gethostbyaddr
getservbyport
getservbyname
shutdown
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
htonl
closesocket
WSASetLastError
WSAGetLastError
ntohs
listen
WSAStartup
WSACleanup
setsockopt
WSAIoctl
getsockopt
htons
socket
__WSAFDIsSet
select
accept
bind
connect
getsockname

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

secur32

GetUserNameExW

version

VerQueryValueW

comdlg32

GetSaveFileNameW

powrprof

GetPwrCapabilities

Sections

.text
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_23_/WebAppHelper.exe
.exe windows:6 windows x64 arch:x64

e5315cb109f4041d28dcaac0d9b5052a

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/03/2022, 00:00

Not After

07/03/2025, 23:59

Subject

CN=SweetLabs Inc,O=SweetLabs Inc,L=San Diego,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b8:14:f3:47:e4:0a:13:4d:0e:eb:69:b8:84:64:b4:a3:8c:3a:16:4a:96:83:50:40:30:6f:28:4a:d6:f4:e4:82
Signer

Actual PE Digest

b8:14:f3:47:e4:0a:13:4d:0e:eb:69:b8:84:64:b4:a3:8c:3a:16:4a:96:83:50:40:30:6f:28:4a:d6:f4:e4:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

WebAppHelper.pdb

Imports

kernel32

GetCurrentProcessId
GetCurrentProcess
CreateEventA
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
LoadResource
LockResource
SizeofResource
SetDefaultDllDirectories
FindResourceW
GlobalAlloc
GlobalLock
GlobalFree
LocalFree
FormatMessageA
FormatMessageW
GetLastError
SetUnhandledExceptionFilter
RaiseException
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
QueryPerformanceCounter
GetTickCount
WaitForSingleObject
MultiByteToWideChar
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA
GetProcAddress
LoadLibraryA
Sleep
MoveFileExA
WaitForSingleObjectEx
CompareFileTime
GetSystemTimeAsFileTime
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
VirtualLock
WriteFile
GetModuleHandleW
GetACP
SwitchToFiber
DeleteFiber
CreateFiberEx
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
FindClose
FindFirstFileW
CloseHandle
GetSystemTime
SystemTimeToFileTime
VirtualQuery
LoadLibraryExA
GetGeoInfoW
GetUserGeoID
GetStringTypeExW
LCMapStringW
GetSystemDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoEx
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
DeleteFileW
FindFirstFileExW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileInformationByHandle
GetLongPathNameW
GetTempFileNameW
SetFilePointer
GetTempPathW
IsWow64Process
CopyFileW
MoveFileExW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
LoadLibraryExW
SetDllDirectoryW
OutputDebugStringW
GetCurrentThread
GetModuleFileNameW
ResetEvent
GetThreadLocale
SetThreadLocale
GetFileAttributesW
GetFileSizeEx
FreeResource
ReleaseMutex
CreateMutexA
GlobalReAlloc
GlobalSize
GlobalUnlock
MulDiv
FindResourceExW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
OpenEventW
OpenProcess
LocalAlloc
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DosDateTimeToFileTime
CompareStringW
GetVolumeInformationW
GetSystemDirectoryW
GetComputerNameW
GetFileSize
InitializeCriticalSection
TryEnterCriticalSection
ProcessIdToSessionId
GetVersionExW
GetCurrentPackageFamilyName
CreateThread
SetThreadPriority
GetThreadPriority
TerminateThread
GetExitCodeThread
FreeConsole
AttachConsole
GetConsoleDisplayMode
CreateDirectoryA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
GetStringTypeW
TryAcquireSRWLockExclusive
LCMapStringEx
CompareStringEx
GetCPInfo
SetFileInformationByHandle
InitOnceExecuteOnce
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
GetTickCount64
FreeLibraryWhenCallbackReturns
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
ReleaseSemaphore
WaitForMultipleObjectsEx
OpenEventA
SetWaitableTimer
ResumeThread
GetLogicalProcessorInformation
CreateWaitableTimerA
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
ExitProcess
GetModuleHandleExW
GetDriveTypeW
ExitThread
FreeLibraryAndExitThread
SetFilePointerEx
SetConsoleCtrlHandler
GetModuleFileNameA
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
FlushFileBuffers
SetStdHandle
SetEndOfFile
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
GetTimeZoneInformation
SetEnvironmentVariableA
IsValidCodePage
GetOEMCP
FindFirstFileExA
FindNextFileA
GetCommandLineA
GetCommandLineW
OutputDebugStringA
WriteConsoleW
DecodePointer
CreateFileW
WideCharToMultiByte
GetLocaleInfoW
GetUserDefaultUILanguage
AreFileApisANSI
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
CreateMutexW
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
GetCurrentThreadId
CreateFileA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
CreateFileMappingW
EnumResourceNamesW
MapViewOfFile
FindNextFileW
CreateDirectoryW
RtlUnwind

gdiplus

GdipDrawImageRectRectI
GdipAlloc
GdipFree
GdipCloneImage
GdipGetGenericFontFamilySansSerif
GdipSetStringFormatFlags
GdipCreateFontFamilyFromName
GdipSetClipRectI
GdipDrawImageRectRect
GdiplusShutdown
GdipDisposeImage
GdipSetStringFormatTrimming
GdipDeleteFontFamily
GdipDrawImage
GdipFillPath
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipFillEllipse
GdipFillRectangle
GdipGraphicsClear
GdipDrawRectangle
GdipDrawLines
GdipCreateBitmapFromScan0
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipDrawLine
GdipCreateStringFormat
GdipSetPixelOffsetMode
GdipSetCompositingQuality
GdipCreateFromHWNDICM
GdipCreateFromHWND
GdipCreateFromHDC
GdipFlush
GdipSetImageAttributesColorMatrix
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathLine
GdipSetImageAttributesWrapMode
GdipDeleteGraphics
GdipSetCompositingMode
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDeleteStringFormat
GdipMeasureString
GdipClosePathFigures
GdipDeletePath
GdipCreatePath
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromHICON
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFont
GdipDeleteFont
GdipSaveImageToFile

comctl32

ImageList_Create
ImageList_Destroy
ord413
ord410
ImageList_ReplaceIcon

wldap32

ord143
ord217
ord46
ord211
ord60
ord301
ord200
ord45
ord50
ord41
ord22
ord26
ord27
ord32
ord30
ord79
ord35
ord33

normaliz

IdnToUnicode
IdnToAscii

gdi32

CreateCompatibleDC
CreateDIBSection
GetDIBits
CreateCompatibleBitmap
GetObjectW
CreateFontW
GetTextExtentPoint32W
TextOutW
LPtoDP
GetTextMetricsW
SetTextColor
CreateSolidBrush
CreateBitmap
SetMapMode
SetBkMode
DeleteDC
SetBkColor
SelectObject
AddFontMemResourceEx
GetStockObject
GetDeviceCaps
DeleteObject
CreateFontIndirectW

advapi32

RegDeleteValueW
OpenProcessToken
RegOpenKeyExW
RegDeleteTreeW
RegQueryValueExW
RegEnumValueW
RegCreateKeyExW
RegEnumKeyExW
OpenThreadToken
RegOpenKeyW
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ConvertStringSidToSidW
AddAccessAllowedAceEx
AddAce
DuplicateTokenEx
GetAce
GetAclInformation
GetLengthSid
GetSecurityDescriptorSacl
GetTokenInformation
InitializeAcl
GetUserNameW
RegQueryInfoKeyW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityInfo
SetSecurityInfo
LookupAccountNameW
RegCopyTreeW
RegFlushKey
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
RegDeleteKeyW
GetSidSubAuthority
RegSetValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey

shell32

SHCreateDirectoryExW
SHGetMalloc
SHGetFileInfoW
SHFileOperationW
ShellExecuteW
SHGetKnownFolderPath
SHGetDesktopFolder
CommandLineToArgvW
SHGetPropertyStoreForWindow
SHGetFolderPathW
ShellExecuteExW
SHEvaluateSystemCommandTemplate
SHAppBarMessage
SHBindToParent
SHQueryUserNotificationState
SHGetSettings

ole32

CoUninitialize
StringFromGUID2
PropVariantClear
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
CoInitializeEx
CoInitializeSecurity

oleaut32

VariantChangeType
GetErrorInfo
SysStringLen
VariantCopy
VariantInit
VariantClear
CreateErrorInfo
SysAllocStringLen
SysAllocString
SetErrorInfo
SysFreeString

bcrypt

BCryptGenRandom

msi

ord173
ord217

rpcrt4

UuidToStringW
UuidCreateSequential
RpcStringFreeW

wininet

InternetQueryOptionW
DeleteUrlCacheEntryW

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpGetProxyForUrl

crypt32

CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertFreeCertificateContext
CertOpenStore
CertCloseStore

userenv

ExpandEnvironmentStringsForUserW
GetUserProfileDirectoryW

shlwapi

StrRetToBufW
ord487
PathGetArgsW
AssocQueryStringW
StrChrIW
PathFileExistsW
SHRegDuplicateHKey
ord176

version

VerQueryValueW

ws2_32

getpeername
ioctlsocket
gethostname
gethostbyname
inet_addr
recvfrom
gethostbyaddr
getservbyport
getservbyname
shutdown
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockopt
getsockname
connect
bind
accept
select
__WSAFDIsSet
socket
sendto
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
ntohs
WSAGetLastError
WSASetLastError
closesocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
inet_ntoa
send

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

secur32

GetUserNameExW

comdlg32

GetSaveFileNameW

powrprof

GetPwrCapabilities

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 340KB - Virtual size: 339KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

61259b55b8912888e90f516ca08dc514

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

2b:11:6b:9f:2e:46:58:54:af:40:4e:de:fb:35:63:f0:c1:18:bd:f7:3e:23:22:b3:26:be:5e:66:b3:db:43:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 180KB

.rsrc Size: 50KB - Virtual size: 50KB

fc0224e99e736751432961db63a41b76

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

2b:c6:51:36:86:23:02:c1:3a:97:86:7a:fb:16:ee:4c:9e:4a:a1:f4:d9:11:49:27:cc:e9:26:f1:14:65:36:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 662B

a8f0b6c9f0936a5ba50fb67cdc944299

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

2b:11:6b:9f:2e:46:58:54:af:40:4e:de:fb:35:63:f0:c1:18:bd:f7:3e:23:22:b3:26:be:5e:66:b3:db:43:74
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 180KB

.rsrc
Size: 50KB - Virtual size: 50KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

2b:c6:51:36:86:23:02:c1:3a:97:86:7a:fb:16:ee:4c:9e:4a:a1:f4:d9:11:49:27:cc:e9:26:f1:14:65:36:79
Signer

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

fb:ae:81:02:c7:3a:f3:af:7f:b0:25:83:c1:db:ed:15:9f:0a:5c:cd:44:69:a6:ea:d3:f5:7c:98:64:81:ea:4b
Signer

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 812KB - Virtual size: 811KB

.data
Size: 35KB - Virtual size: 55KB

.rsrc
Size: 336KB - Virtual size: 335KB

.reloc
Size: 163KB - Virtual size: 162KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0a:a2:05:d1:ff:66:99:e6:76:8d:ea:4d:de:28:2c:e6
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

58:62:14:db:9b:54:c8:42:60:af:c0:bf:f0:cb:9b:06:80:5c:ff:ab:31:97:ed:83:6e:0e:93:f2:7a:13:45:17
Signer